Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

CipherCloud Adds Encryption to SaaS, Cloud Applications

CipherCloud’s new tool allows businesses to encrypt data in-transit, in-use, and at-rest for both public and private cloud applications.

CipherCloud’s new tool allows businesses to encrypt data in-transit, in-use, and at-rest for both public and private cloud applications.

The CipherCloud Connect AnyApp offers businesses cloud encryption for all types of data, regardless of whether it’s being used with infrastructure-as-a-service, software-as-a-service, and platform-as-a-service applications, CipherCloud said Thursday. The latest software addition to the CipherCloud Platform provides a single interface to manage encryption, making it a cheaper option for enterprises interested in deploying data encryption across multiple cloud applications, even the ones behind the firewall, according to the company.

CipherCloud Deploying data encryption or tokenization policies with various SaaS, cloud and Web applications have always been a challenge for organizations. Extensive programming was often required when adding policies to databases and middlware programs, but that level of modification is generally not available for third party cloud-based applications. Desktop plugins and special tools meant mobile integration was difficult, CipherCloud noted. The CipherCloud Connect AnyApp is designed to address all these challenges and make the deployment faster, possible in a matter of hours instead of days, the company said.

“Now millions of IaaS, SaaS, and PaaS and behind-the-firewall applications can have their data-at-rest protected with point-and-click encryption and tokenization policies without any programming,” CipherCloud founder and CEO Pravin Kothari said in a statement.

Cloud encryption protects organizations who have moved their data to the cloud in case of a data breach. If the data is somehow exposed or stolen, the fact that it was already encrypted would make the data useless to the thief. Data encryption would minimize data breach liabilities, which may encourage organizations hesitant to embrace the cloud to be willing to make that move.

Encrypting data also helps organizations meet various regulatory compliance requirements, such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Health Information Technology for Economic and Clinical Health (HITECH). The Health and Human Services Administration (HHS) has approved encryption as a mechanism to control access and ensure compliance.

However, a recent Ponemon Institute report, sponsored by Thales Security, found that many organizations were not encrypting their data despite transferring sensitive or confidential data to the cloud. Only 38 percent of the respondents said the organization encrypt the data while in-transit, and 35 percent said the data is encrypted before it even leaves the company, and 27 percent said the encryption was applied once the data was in the cloud environment. Even more distressing, only 36 percent of the respondents said the organization retained control of the encryption keys.

Making the process simpler, cheaper, and easier to manage would help businesses retain control of their data as well as protect sensitive data regardless of whether it is in transit or at rest.

CipherCloud said the Connect AnyApp tool could be used in a variety of scenarios, including entering personal identifying information such as Social Security numbers and health data in a SaaS call center application, migrating sensitive data from in-house databases to secure Web applications, or creating a custom application online that handles highly confidential data.

Advertisement. Scroll to continue reading.

The virtual appliance automatically generates the organization’s encryption keys, making key management much easier, as well. Since the keys are owned and stored within the network, the organizations retain control over the data, as opposed to various cloud-services where the key is stored outside the organization.

Businesses won’t need to change data formats or modify application functionality to get CipherCloud Connect AnyApp working, the company said. Administrators just have to install the CipherCloud virtual appliance on their network and specify the URLs of the cloud applications that need to be protected. The point-and-click interface lets the administrator select which fields need to be protected and to create encryption and tokenization policies for those fields. Once the policy is enabled, data entered in that field on that application is automatically secured.

Administrators can choose from multiple encryption and tokenization options, CipherCloud said.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.