Imagine a suitcase — your suitcase. You’re just coming back from vacation, and you’re waiting at the luggage carousel for it to come around. Sometimes, it feels like your whole life is in there — your clothes, souvenirs, valuables, and even your essential medication. Your stomach drops when you realize it’s all gone — stolen by an opportunist. It’s at that moment that you really wish you had a failsafe lock on your luggage, making it impossible to open without a key or a code.
The logic supporting cloud data encryption is much the same, but of course, the stakes are even higher, implicating not just sentimental or personal value, but whole livelihoods. So, it’s surprising how weak many encryption policies are. Much like you taking a trip with your suitcase, a lot of data now is traveling back and forth between cloud storage solutions. But many businesses don’t know what they’re getting themselves into — cloud data security has many intricacies that go way deeper than typical starting-point questions such as, “How should I backup to the cloud?” or “How should I encrypt data before sending it to the cloud?”
Cloud storage encryption 101: terms to know, functionality, and best practices
Getting a grip on these intricacies is both vital and time-sensitive. As more companies are handling more data, the possibility of data loss multiplies. Moreover, as remote and hybrid work arrangements continue to expand, employees may find themselves working from places with unsecured public networks, increasing risk exposure even further.
Clearly, there’s a gap in understanding: both in terms of cloud encryption’s basic terminology and function, as well as best practices to keep your data safe. To get a better sense of how safe your company’s data is on the cloud, you need to understand both. Let’s start with the basics.
What is cloud storage encryption?
Cloud encryption is a service offered by cloud storage providers, in which the cloud storage provider converts your data into a scrambled format, which can only be understood and decoded back into its original form by someone who has the encryption key. Without the key, even if a hacker gets access to the data, they can’t make sense of it, and it is protected from harm’s way.
Plaintext and ciphertext
Before the data is converted, it is referred to as plaintext. This means the unformatted digital text. After the data is scrambled, it is called ciphertext, or text that is unreadable. Ciphertext isn’t legible without a decryption key, which then unscrambles the ciphertext and turns it back into plaintext.
At-rest and in-transit encryption
Cloud service providers mostly handle encryption in two different ways: at-rest and in-transit. At-rest encryption refers to your data being encrypted while it sits in cloud storage. And, as you might surmise, in-transit encryption is when your data gets encrypted as soon as it leaves your device. While most cloud providers provide at-rest encryption, in-transit is a little rarer. Without it, your data is more vulnerable as it moves between your devices and the cloud.
AES-256 and encryption protocols
There are also several encryption protocols — systems of algorithms that power the cryptography protecting your data. Of all these, AES is the safest — with AES-256 being the safest of all. CrashPlan, for example, uses AES-256 exclusively.
Discover more about encrypted cloud backup with CrashPlan
Part 2 of this blog series, visit: Three Reasons to Encrypt Your Business Data Before Uploading to the Cloud
Learn more about our pricing plans today. If you’re ready to get started with endpoint backup and recovery, sign up for our free trial.
About the Author
