Cloud storage encryption is a service offered by cloud storage providers whereby data, or text, is transformed using encryption algorithms and is then placed on a storage cloud. These encryption algorithms create ciphertext, a coded form that cannot be understood by anyone unfamiliar with the data set or the way the data was converted. A data key is created for each set of data, and that key is used to both encrypt and decrypt that data.
Encryption can take place for data at rest or in flight. Data at rest is stored in databases on a company’s SAN, NAS or file servers, while data in flight is moving throughout a network. Encryption, regardless of whether it takes place in flight or at rest, is an absolute requirement for cloud storage.
Encryption to the cloud is almost identical to storage encryption, with one major difference. In a cloud environment, it is sometimes debated whether the customer or cloud storage provider should hold the data key. In the case of highly sensitive information, it is imperative that a cloud provider cannot access any information which they are not privy to.
This is especially applicable in the case of health industry data that is protected by HIPAA laws. The Department of Health and Human Services (HHS) has published guidance for encrypting any Personal Health Information (PHI).
When considering placing data in the cloud, regardless of whether it is a public or private cloud, it is important that organizations ask what type of in flight and rest encryption the service is using, and who will hold the key to those encryptions.