The Cost of Inadequate Data Encryption

BY:

Mar 9, 2016

The-Cost-of-Inadequate-Data-EncryptionThere’s a 90% chance your cloud-based data is in the clear… and that’s a problem.

IT security company Skyhigh evaluated the encryption efforts of over 12,000 cloud providers. Brace yourself. Just 9.4% of these cloud providers encrypt data once it’s stored at rest in the cloud. You don’t even need a calculator for that. It means over 90% of your data at rest on the cloud is prey to unauthorized access.

This is alarming news. But before you take to Twitter or Facebook to share and repost, here’s another Skyhigh statistic. 81.8% of those cloud service providers encrypt data in transit, using SSL or TLS. Whew, it’s reassuring, but that’s not enough. Inadequate data encryption is a costly mistake.
Doing the math

18.2% of the cloud providers leave your data in the clear as it zooms around the Internet. This makes it a 1 in 5 chance that your data could be at the mercy of a man-in-the-middle attack along the way.

On the other hand, 90.6% of those providers leave your data in the clear as it sits on their storage servers. Who’s your cloud service provider? Are they one of the 10,000 or more that don’t encrypt your data at rest on their servers?

And lest you think all the big players out there are on the good side of those statistics, here are two recognizable names.

Gmail

PayPal

What about your mobile devices? Time for a few more names you know. These popular apps are among those that don’t store your data in an encrypted state.

Facebook

Twitter

YouTube

Linkedin

eBay

Data at rest = data at risk

Our focus tends to be on data in state where it’s most vulnerable. Data in motion can be captured. We encrypt it. Almost 82% of cloud service providers have our backs on that.

Unencrypted data at rest is a huge security risk. It’s estimated that the average American company uploads nearly 14 terabytes of data to the cloud each month. It’s pretty safe getting to the cloud and back. But it’s hardly safe if it’s stored on the cloud. What’s in the 167 terabytes you and your company will store on the cloud over the next year?

The cloud is a repository of sensitive data. 34% of us have uploaded sensitive data to a file-sharing service. 21% of all information uploaded contains sensitive data.
What’s at stake?

This unencrypted data at rest can be stolen, and that would be unfortunate enough. But hackers aren’t the only ones who are thrilled that your data is in the clear as it sits on the cloud. Under the USA PATRIOT Act, the U.S. Federal government can legally subpoena your data. Your cloud provider is required by law to provide it. They don’t have to tell you they’ve given your data to the government.
Not just super-sensitive stuff

If it’s health related or financial data, there are federal compliance laws that mandate encryption for sensitive personal data in any state. It’s encrypted in motion, and at rest – even when it’s in the cloud. If these laws do not regulate it, your data doesn’t have to be encrypted.

Do not store your data in the clear. The risk is too high. And if it’s stored on the cloud, it’s likely in the clear.
Time to take control

If your cloud provider doesn’t encrypt data at rest, you can do it yourself. Manage it with encryption keys you own, rather than those your cloud provider manages. It’s a slim chance. Only about 1% of the cloud providers support customer managed encryption keys.

There are 2 more strong options.

Tokenization

Encryption as a service (EaaS)

Pick one. Encrypt your data at rest in the cloud. You’re flirting with disaster without this added protection.

Related Blogs

  • amazon appstream vs citrix" alt="">
    Amazon AppStream or Citrix: Which Application-Streaming Platform Is Right for Your Business?

    When it comes to streaming workplace apps for remote users, which cloud platform offers your business the features and flexibility it needs? With more companies allowing more staff to work from home...

    Learn More
  • Amazon WorkSpaces vs. Microsoft Azure Windows Virtual Desktop" alt="">
    4 Differences Between Amazon WorkSpaces and Microsoft Azure Windows Virtual Desktop

    What are the main differences between Amazon Workspace and Azure, and what does that mean to your business? Cloud computing is not just gaining popularity, it’s exploding with the number of...

    Learn More
  • Amazon WorkSpaces vs. Citrix Managed Desktops" alt="">
    Choosing a Desktop as a Service: Amazon WorkSpaces vs. Citrix Managed Desktops

    The differences between Amazon WorkSpaces and Citrix virtual desktops could decide the success or failure of your remote work infrastructure Desktop-as-a-Service (DaaS) platforms are a means of...

    Learn More