Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

CipherCloud Adds Encryption to SaaS, Cloud Applications

CipherCloud’s new tool allows businesses to encrypt data in-transit, in-use, and at-rest for both public and private cloud applications.

CipherCloud’s new tool allows businesses to encrypt data in-transit, in-use, and at-rest for both public and private cloud applications.

The CipherCloud Connect AnyApp offers businesses cloud encryption for all types of data, regardless of whether it’s being used with infrastructure-as-a-service, software-as-a-service, and platform-as-a-service applications, CipherCloud said Thursday. The latest software addition to the CipherCloud Platform provides a single interface to manage encryption, making it a cheaper option for enterprises interested in deploying data encryption across multiple cloud applications, even the ones behind the firewall, according to the company.

CipherCloud Deploying data encryption or tokenization policies with various SaaS, cloud and Web applications have always been a challenge for organizations. Extensive programming was often required when adding policies to databases and middlware programs, but that level of modification is generally not available for third party cloud-based applications. Desktop plugins and special tools meant mobile integration was difficult, CipherCloud noted. The CipherCloud Connect AnyApp is designed to address all these challenges and make the deployment faster, possible in a matter of hours instead of days, the company said.

“Now millions of IaaS, SaaS, and PaaS and behind-the-firewall applications can have their data-at-rest protected with point-and-click encryption and tokenization policies without any programming,” CipherCloud founder and CEO Pravin Kothari said in a statement.

Cloud encryption protects organizations who have moved their data to the cloud in case of a data breach. If the data is somehow exposed or stolen, the fact that it was already encrypted would make the data useless to the thief. Data encryption would minimize data breach liabilities, which may encourage organizations hesitant to embrace the cloud to be willing to make that move.

Encrypting data also helps organizations meet various regulatory compliance requirements, such as the Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA), and Health Information Technology for Economic and Clinical Health (HITECH). The Health and Human Services Administration (HHS) has approved encryption as a mechanism to control access and ensure compliance.

However, a recent Ponemon Institute report, sponsored by Thales Security, found that many organizations were not encrypting their data despite transferring sensitive or confidential data to the cloud. Only 38 percent of the respondents said the organization encrypt the data while in-transit, and 35 percent said the data is encrypted before it even leaves the company, and 27 percent said the encryption was applied once the data was in the cloud environment. Even more distressing, only 36 percent of the respondents said the organization retained control of the encryption keys.

Making the process simpler, cheaper, and easier to manage would help businesses retain control of their data as well as protect sensitive data regardless of whether it is in transit or at rest.

CipherCloud said the Connect AnyApp tool could be used in a variety of scenarios, including entering personal identifying information such as Social Security numbers and health data in a SaaS call center application, migrating sensitive data from in-house databases to secure Web applications, or creating a custom application online that handles highly confidential data.

The virtual appliance automatically generates the organization’s encryption keys, making key management much easier, as well. Since the keys are owned and stored within the network, the organizations retain control over the data, as opposed to various cloud-services where the key is stored outside the organization.

Businesses won’t need to change data formats or modify application functionality to get CipherCloud Connect AnyApp working, the company said. Administrators just have to install the CipherCloud virtual appliance on their network and specify the URLs of the cloud applications that need to be protected. The point-and-click interface lets the administrator select which fields need to be protected and to create encryption and tokenization policies for those fields. Once the policy is enabled, data entered in that field on that application is automatically secured.

Administrators can choose from multiple encryption and tokenization options, CipherCloud said.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...