To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker

If Uncle Sam wants your data, make him come directly to you.

INTEROP NEW YORK -- Using cloud services allows your organization to hand off the basic blocking and tackling of securing an infrastructure, but it also allows a cloud service provider to hand your organizations data to the government, said Elad Yoran, CEO of Security Growth Partners and an advisory board member for Vaultive, at the Interop conference this week. The solution, he said, is to make sure that the only data a cloud provider can give the government is complete gibberish.
According to Yoran, organizations should encrypt data before it ever enters the cloud and keep the encryption keys themselves, stored elsewhere. (Vaultive sells an appliance for this encryption-in-use, which sits in the organizations DMZ, encrypting and decrypting data as it passes to and from the cloud server.)
Although this would not prevent the government from demanding access to an organizations data, it would force authorities to subpoena the organization directly -- not via a cloud provider -- so the companys own legal department could lead the process. Further, it would prevent the government from acquiring multiple cloud users data even if it only needed one users data.
It would also address the data residency problem. The practice of keeping data on a server in one country so it is exempt from another countrys demands may not work anymore, since a court ruling against Microsoft in July. The court ruled that because Microsoft is an American company, it must surrender customer data to the American government, even though that data resides on servers in Ireland, outside US jurisdiction.
Microsoft has appealed the decision
and refused to release the data. The government is holding Microsoft under contempt of court and may seek sanctions even though the appeal process is ongoing.
Yoran expects that, eventually, the laws will catch up and may find a way around encryption-in-use, but, he says, it is preferable to the status quo.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker