L'alternative de confiance aux solutions de messagerie instantanée grand public.
Boostez la communication en invitant plusieurs milliers de membres dans des salons de discussions dédiés !
Cryptobox est la solution de travail collaboratif et de transfert de fichiers agréée Diffusion Restreinte par l’ANSSI qui chiffre vos données de bout en bout, disponible en Cloud ou On Premise.
Vos documents sont accessibles de manière totalement sécurisée depuis votre PC, smartphone et tablette.
Contrairement aux solutions grand public, Cryptobox est security by design : chaque fonctionnalité bénéficie nativement du plus haut niveau de sécurité. La solution offre diverses fonctionnalités pour vous permettre d’échanger en interne comme externe en toute confiance
La transformation numérique concerne toutes les organisations, privées ou publiques, des plus petites aux plus grandes. Les outils associés à cette transformation offrent de nombreux avantages : télétravail, partage d’informations simplifié, économies de temps et de coûts … et imposent de nouveaux défis concernant la protection des données collectées, stockées et partagées en interne et en externe.
Vos équipes pratiquent le télétravail ou travaillent à distance lors de déplacements. Vos équipes doivent avoir accès aux mêmes ressources que quand elles sont au bureau. Vos collaborateurs échangent des données sensibles. La DSI de votre entreprise doit pouvoir gérer les connexions à distance quel que soit le nombre de personnes connectées.
Vous stockez des informations professionnelles et personnelles sur votre smartphone Vous voyagez régulièrement à l’étranger et participez à des réunions téléphoniques Vous vous connectez fréquemment à des wifi publics Vous échangez des emails confidentiels via votre smartphone et votre tablette Vous accédez à des applications métier en mobilité Vous avez déjà perdu votre smartphone ou été victime d’un vol
Publié le 6 avril 2017
February 28, 2017 | By Rick Robinson from Security Intelligence
Organizations are adopting encryption at a rapid and increasingly urgent pace. Why? Because encryption helps organizations support dynamic industry regulations while also protecting sensitive data that’s placed in the cloud .
The trend of adopting public cloud solutions continues to grow, but protecting critical data in the cloud is still a major concern. It’s critical to protect data against external breaches and unauthorized access by cloud service providers. Collectively, organizations are diligently working with consultants and suppliers to implement solutions to keep their data safe.
In many specific instances, companies want to prevent their data from being accessible to cloud service providers (CSPs). However, organizations are now facing a new dilemma: What are they supposed to do when they want to permanently delete their data in the cloud?
Regulatory compliance and cloud data protection are two driving reasons for establishing encryption and encryption key management strategies. Furthermore, in the new world of cloud data security, the old concept of a “castle” has become ineffective; the concept of a curated “museum” is much more applicable to cloud data security. In this new world, organizations want to share data appropriately with many users and platforms without running the risk that it will be taken, changed, hijacked, destroyed or accessed by unauthorized users.
To complicate matters, the value of data can change quickly. As we know, information such as quarterly financial data has high value prior to its disclosure, but the necessity to keep it private significantly declines once the announcement of financial performance is released to the market. However, other data, such as pharmaceutical trial data, HR information from divested organizations and historical notes on litigation proceedings, can quickly become a liability if it is unintentionally disclosed to the wrong party after the collective work on these efforts has been completed.
When you combine the need for privacy, the desire to collaborate using shared data and the trend of leveraging cloud applications and storage, you can see the need to not only protect cloud-based data, but also to manage it throughout its entire life cycle, from creation to destruction. Furthermore, in the case of cloud deployments, this process needs to be managed and controlled in an environment that is not physically under your control. This last requirement raises the following questions:
Encryption has historically been used to protect data against unauthorized use. However, encryption can effectively erase data as well. This is called cryptographic erasure.
The National Institute of Science and Technology (NIST) released “Special Publication 800-88, Revision 1: Guidelines for Media Sanitization,” which detailed how encryption is part of media and data sanitation.
“If strong cryptography is used,” the publication stated, “sanitization of the target data is reduced to sanitization of the encryption key(s) used to encrypt the target data.” In laymen’s terms, this means that if the data is encrypted and you destroy the keys, the data is erased.
Of course, there are some qualifiers to claiming sanitization by cryptographic erasure. First, you must ensure that you have encrypted the data from the moment it was originally stored. Next, verify that you have exclusive access to all data encryption keys and ensure that all keys are wrapped under one or more wrapping keys. Finally, delete the wrapping keys to render the data encryption keys and data itself unrecoverable. Fortunately, these steps are not difficult to follow if you have the right tools.
For example, if you have a petabyte of data that has been encrypted from the moment it was placed in the cloud and control over the wrapping keys that protect the data encryption keys, then when you delete the wrapping keys, you render data encryption keys — and the petabyte of data — useless. This happens regardless of where the data is stored or whether you can even access the storage environment. In other words, you can effectively erase a petabyte of data by deleting just a few kilobytes of keys. That’s cryptographic erasure, and it’s powerful.
Naturally, you may want to recover the petabytes of bits associated with your now-useless data. Why pay to store petabytes of random bits? However, that is secondary to the erasure of the data itself.
The logistics of implementing cryptographic erasure fundamentally requires the system that stores and encrypts the data to be separate from that of encryption key management. Leveraging key life cycle management software packages helps maintain separation of these duties and functions.
Keeping your encryption engine separate from the encryption keys, as well as keeping the keys well-managed, is not just a best practice, but also keeps you on the right side of regulations and helps protect your most precious assets — your encryption keys and encrypted data — from threat actors. Remember that storage is inexpensive, but data is becoming infinitely more valuable, both as an asset and a liability. Control your data, protect it and ensure that it has a clear life cycle that you control.
The future architecture of data protection is clearly modular. We need to:
Following these practices ensures that your data, protected through encryption, will provide value through its lifetime and can be securely deleted when no longer valuable.
To protect data in a multicloud environment, organizations should still focus on implementing centralized policy management as well as centralized key management.
Guardium for Multi-Cloud Data Encryption offers the ability to encrypt cloud data across multiple clouds. It also integrates with IBM Security Key Lifecycle Manager. This combination of local but highly redundant key management, and the ability to concurrently manage tens of thousands of encrypted file systems or volumes in multiple clouds, gives organization the tools they need to protect and manage the entire life cycle of data regardless of where it resides.
Cet article vous a plu ? N'hésitez pas à le partager