To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker

  /     /     /  
Publicated : 22/11/2024   Category : security


To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker


If Uncle Sam wants your data, make him come directly to you.



INTEROP NEW YORK -- Using cloud services allows your organization to hand off the basic blocking and tackling of securing an infrastructure, but it also allows a cloud service provider to hand your organizations data to the government, said Elad Yoran, CEO of Security Growth Partners and an advisory board member for Vaultive, at the Interop conference this week. The solution, he said, is to make sure that the only data a cloud provider can give the government is complete gibberish.
According to Yoran, organizations should encrypt data before it ever enters the cloud and keep the encryption keys themselves, stored elsewhere. (Vaultive sells an appliance for this encryption-in-use, which sits in the organizations DMZ, encrypting and decrypting data as it passes to and from the cloud server.)   
Although this would not prevent the government from demanding access to an organizations data, it would force authorities to subpoena the organization directly -- not via a cloud provider -- so the companys own legal department could lead the process. Further, it would prevent the government from acquiring multiple cloud users data even if it only needed one users data.
It would also address the data residency problem. The practice of keeping data on a server in one country so it is exempt from another countrys demands may not work anymore, since a court ruling against Microsoft in July. The court ruled that because Microsoft is an American company, it must surrender customer data to the American government, even though that data resides on servers in Ireland, outside US jurisdiction.
Microsoft has appealed the decision
and refused to release the data. The government is holding Microsoft under contempt of court and may seek sanctions even though the appeal process is ongoing.
Yoran expects that, eventually, the laws will catch up and may find a way around encryption-in-use, but, he says, it is preferable to the status quo.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker