all right. The next thing to talk about it are the cases for encryption. Why we want encrypt. Well, we want to protect the privacy and confidentiality of our information, and we have to think about it. This data moves to and from or in and out of the cloud we need to make sure it's protected at rest a swell
many times. This is a requirement
to be in compliance with certain regulations, whether it's P. C. I. D. S s HIPAA Aah, financial information or protecting personally identifiable information. But usually there's some sort of requirement that we have to meet, and encryption is a big piece of that.
We want to make sure that we protect our information from third party access.
Assuming that third parties not authorized, um,
we need to make sure that we have an additional boundary or barrier if you would, from one organizations data to another to make sure that you know, we were granting access to the same physical machines that even if we're on different virtual machines,
if we have access to the same physical machine we wanted, just added
extra layer off separation. And also we've talked about encryption allows us to destroy dabba when physical destruction isn't available and we talk about crypt of shredding. All right, so best practices use open and validated formats.
So rather than trying to come up with our own proprietary encryption algorithm,
it's best that we use what's available. Currently, kind of the de facto standard is eight. Yes, currently there other well recognized and open standards and algorithms for encryption. But as a general rule,
we want to go with open and validated formats. There's no need to bring anything new to the mix here. We already have numerous
algorithms and mechanisms that are tried and true
as an enterprise. We keep the keys right. We don't get the keys to the Cloud service provider. We keep the keys because ultimately, the only way that information's gonna be unlocked is through the keys. And should we entrust those keys to someone else that gives us 40 vulnerability,
identity based key assignment in protection of private keys.
So, for instance, if you work in the government, you have a cat. Well, that's your private key on the cat, and that's bound to your identity. So the same idea is that users have keys and in a big benefit of that is for confidentiality, but also for accountability as well that we can map transactions back
Ah, an individual non repudiation, if you will. Aren't you strong encryption? There are good, strong encryption mechanisms out there. And what we have to choose is based on performance versus strengths of security, which he's gonna be best
and then follow key management best practices for where and how the keys were stored and their numerous ones. But ultimately they involve protecting the key, making sure the keys are archived. Making sure that to recover a key, for instance, is not something that a single entity can do. Lots of good practices.
So data encryption across the various implementations
I I s has been in use volume storage. Remember, we talked about the storage mechanisms earlier. So means of encrypting the entire volume, or att, least the individual files that we would see with object storage. Encryption
platform is a service client application encryption database, encryption, proxy based encryption. So, ultimately,
regardless of the mechanism that we're using, whether we're using the day to pace mechanisms or however that may work, we want to make sure that we provide encryption there and then for software is the service making sure,
um, that the cloud service provider has a means for protecting our dad. And remember, we're story accessing the application, and dad is being stored within that context to making sure that they have a means to protect and gripped our dabbles well.