Many high-tech companies use the cloud to deliver services to clients, and for themselves. However, the customer, supplier, and employee data that they share via the cloud should be better secured. As firms don’t control a cloud provider's security policies, they need to confirm that important security requirements are being met.
For example, the firms' information should not be misused, via the cloud provider's vendors; their data--including any cloud backups--should be subject to appropriate data retention policies; and their data should only be visible to users via appropriate identity management policies. Deficiencies in all three have led to security breaches for companies hosting data in the cloud.
OptimalCipher can encrypt data on-premise before sending it to the cloud (including, therefore, to any cloud provider’s vendors)--without interfering with cloud applications' functionality. OptimalCipher's encryption also permits data retention enforcement via crypto-shredding (i.e. secure deletion) of relevant encryption keys; and permits specific data analysis and data access, via enforceable role-based or granular policies.
While hosting data in less transparent, or less-trusted, cloud environments, high-tech companies can considerably better control the data, permitting them to provide to clients, and for themselves, efficient services, via the cloud's scalable infrastructure.