Data Protection in the Public Cloud—a look at the Good, the Bad, and the Ugly presented at ISSA 2019

by Kenneth G. Hartman,

Summary : Customers want to ensure that they can entrust their sensitive data to public cloud providers. This oftenleads to discussions with the cloud provider on various aspects of data protection, such as retention,encryption, and key management. If encryption is not implemented properly it will not provide thesecurity assurance customers expect, resulting in misplaced trust. This talk will look at encryption at restin various layers of the application stack with a focus on the risks each type of encryption mitigates. Wewill also look at various cloud-related key management schemes, including “bring your own key” (BYOK)and cloud-based Hardware Security Modules (HSMs). Lastly, we will cover potential problems withcustomer data-retention that should be explored with the cloud service provider.