Page 75 - Cyber Warnings August 2017

P. 75

6. Have Visibility Across Systems

Knowing when and where keys are being used across environments is important for ensuring
the integrity of hybrid cloud deployments. It is even more critical for ensuring compliance.
Without solid proof of key control, access, rotation, and revocation, passing the next PCI DSS,
HIPAA, GDPR, or other audit will be difficult. This principle is especially true in light of the
increasing role that encryption plays in compliance best practices.

7. Organize Teams for Success

Finally, evaluate security team skill sets carefully before setting encryption policies. If security
teams lack the expertise needed or are too small to successfully implement and manage best-
of-breed encryption, enterprise assets are at risk. Further, teams need familiarity with relevant
regulations and standards, such as PCI DSS, FIPS, ISO 27001, and others.

Conclusion

Agile, properly implemented encryption is one of the few ways to ensure that enterprises have
logical control over assets. As IT moves into an increasingly cloudy future, security teams need
to pave the way with encryption that is agile enough to respond to breaches, flaws, and back
doors while still maintaining strong control over encryption keys. Without key ownership and
control over access, efficient rotation and rapid revocation of keys, a way to confirm the integrity
of assets from boot, and the right team with the right insights, enterprises will struggle to flexibly
manage security in a world with few guarantees. Agile encryption is the path to security
success, so teams should start architecting for it now.

About The Author

Prashant is senior product manager at Bracket Computing.

A veteran product manager from Cisco and Tintri, he has
extensive experience in virtualization, networking and
storage technologies leading products including Cisco
MDS SAN switches, hybrid and all flash storages arrays
and SaaS analytics solution.

70 71 72 73 74 75 76 77 78 79 80