Data in the cloud needs encryption, warns Lieberman

Phil Lieberman, president and CEO of the company, which majors in privileged identity management, says that, while the economic imperative of migrating data to the cloud is clear, data encryption needs to be sorted out before making the transition. "Microsoft's research notes that 39% of SMEs expect to be paying for cloud services by the time 2014 rolls around – and there's no doubt that many other firms will be using some of the free cloud resources now available," comments Lieberman. "Our observations suggest that organisations of all sizes can overlook aspects of their data encryption needs for cloud data, as they focus on the cost savings from cloud migration. I would say that security accountability and transparency of how customer data and cloud system security are being handled by cloud vendors is also suspect." Lieberman insists that what matters is realising that firms are effectively losing direct control over their own data, so the task of compliance is inevitably more complex. "It's also important to understand that, where cloud data storage is involved, businesses need to take a centralised management approach to data encryption, in order to give IT staff maximum control, with minimal impact on operations and productivity," he says. For him, the key challenge is encryption key management and handling data in flight (point to point encryption) and data at rest (databases and other forms of storage). "For SMEs and many others, this will be a new experience," advises Lieberman.