Don't miss an insight. Subscribe to Techopedia for free.


What are some best practices for cloud encryption?

By Justin Stoltzfus | Last updated: October 5, 2022
Made Possible By Turbonomic

With so many companies moving data to the cloud in one way or another, encryption has become a major part of the overall effort of providing cloud security. Many of the biggest questions that companies have are around security, because there are so many risks and liabilities around cyberattacks.

One of the major components of improving cloud encryption involves talking to cloud providers and vendors. Because so much of the actual architecture is on the vendor side, many of the best practices that client companies can comply with involve talking in-depth with vendors and inspecting the vendor's security processes.

Companies should review a service-level agreement (SLA) very closely and ask for a security architecture plan from the vendor to actually see how the vendor's security works. Potential customers should discuss different types of security – security for the perimeter of the network, and segmentation or segregation inside the network, as well as endpoint security, where that is applicable.

In terms of actual encryption strategies, some guidelines can help to perfect how encryption secures data in the cloud. There is the principle of decentralization for the encryption mechanism, and the concept of multiple encryption processes, and there is the principle of good user authentication and the use of audit logs to track network events.

Another type of encryption best practice involves managing multiple encryption keys. This varies according to the architecture – for instance, key management is different for public, private and hybrid cloud setups. Customers should understand when encryption keys are held by the vendor, and when they are held by the client, and how this serves a particular type of security strategy.

The Confidential Computing Consortium recommends a hardware-based approach to that allows data to stay encrypted even while it is being processed in memory. This approach, which is called confidential computing, provides an additional layer of security for organizations that process sensitive or regulated data in the cloud.

By connecting with vendors and discussing the actual nuts and bolts of the provider's cybersecurity architecture, customers can be better served. Some experts recommend appointing one person to be responsible for working the back channels of communication in order to ensure both internal customers and public cloud partners prioritize security in the cloud implementation process.

Share this Q&A

  • Facebook
  • LinkedIn
  • Twitter


Cloud Computing Cybersecurity Data Management Emerging Technology Identity & Access Governance

Made Possible By

Logo for Turbonomic

Written by Justin Stoltzfus | Contributor, Reviewer

Profile Picture of Justin Stoltzfus

Justin Stoltzfus is a freelance writer for various Web and print publications. His work has appeared in online magazines including Preservation Online, a project of the National Historic Trust, and many other venues.

More Q&As from our experts

Related Terms

Related Articles

Term of the Day

Beta Test

Beta testing is the final stage of user acceptance testing (UAT) before a software product or service is released to the...
Read Full Term

Tech moves fast! Stay ahead of the curve with Techopedia!

Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.

Go back to top