Keep Data Private: Encrypt At Rest, In Transit And In Use

This is a guest post written and contributed by Elad Yoran, CEO of Vaultive, a Rackspace Cloud Tools partner. Vaultive provides cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services.

There’s no disputing that cloud computing is transforming how IT infrastructure can be delivered, managed and consumed. Equally, cloud computing– whether delivered as infrastructure as a service, software as a service applications or email as a service – compels organizations to rethink their security model the further they advance up the cloud adoption curve.

While Rackspace customers hardly need to be convinced of the appeal and value of cloud computing, it does bear repeating: the cloud delivers operational flexibility, enhanced user experience and financial benefits. But for many risk-conscious organizations, there’s still a hurdle they need to traverse to embrace the cloud. The primary concern that these organizations wrestle with is a structural one: how to control, secure and protect data that is processed by a third-party service. Whether the need is driven by concerns about safeguarding intellectual property, meeting compliance requirements for encrypting data at rest, maintaining data residency or increasingly navigating the ambiguity of legal protections for data in the cloud, these organizations see the need to independently retain ownership and control of their data.

These concerns about data control and ownership are bubbling up more frequently both because cloud computing has become mainstream and because cloud service providers can credibly argue that they deliver more safeguards for the cloud environment than an individual customer could within their own on-premise environments. These investments address the uncertainty about the security of the cloud provider’s service and operations. But, as the not-for-profit Cloud Security Alliance (CSA) notes: it’s the customer and not the cloud service provider that should be responsible for the security and encryption protection controls necessary to retain data ownership and control.

We at Vaultive certainly encourage end users to refer to the Cloud Control Matrix issued by the CSA to evaluate the security and compliance of the cloud service provider environment – and applaud the transparent way in which Rackspace has made this information available to its customers ( The next step in the process is ensuring ownership and control of the data that is processed on third-party services.

Encryption of data-in-transit and data-at-rest has long been recognized as a best practice to enforce the security and privacy of data, regardless of where it resides. However, these two states of encryption are no longer sufficient as they do not protect data while it is being processed in the cloud.

The CSA now recommends that organizations also implement encryption of data-in-use to ensure that data is secured for the entire duration of its lifecycle (at-rest, in-transit and in-use). To prevent unauthorized access and maintain the state of encryption even when processed in a third-party environment, the organization’s IT department should retain ownership of the encryption keys. As a result, the cloud provider never has access to customer data in an unencrypted form, and an organization’s cloud data remains unreadable if an unauthorized third-party attempts access — or even if the data is disclosed in response to a government request.

At Vaultive, we have developed technology specifically to address the need for the organization to retain full ownership of data moving and processed outside of the trusted network – as well as retain the encryption keys. Vaultive’s transparent proxy provides a patent-pending form of 256-bit AES encryption that enables encrypted data to be dynamically processed, searched and sorted in the cloud, while ensuring preservation of application functionality and a seamless user experience.

With the integration of data ownership and control technology, customers now have a greater set of options for deploying cloud-based services from Rackspace – including email as a service.



Please enter your comment!
Please enter your name here