Encryption in the Corporate Cloud

by Aleksander Czarnowski
Oct. 8, 2017 0 comments INFOSEC Institute Encryption & Authentication

In theory, a cloud-based solution should provide the customer with at least the same level of security as his current, traditional IT model does. In an ideal world, a cloud service provider should be offering an even higher security level, and one of the rationales for switching into the cloud should be the low cost of security controls from the customer perspective. The same set of security controls would be more expensive to implement and support on-site for the customer than what he gets from cloud service provider. No matter what security level is offered by the cloud service, it is important to understand that security is not a “thing” but a process and therefore has to be performed by both ends of cloud service, meaning that the end-user (further called the cloud service user) is still required to take the same actions in order for his data to be secure.