Dave Asprey and Jonathan Gershater bring up good points in their blog posts about the USA PATRIOT Act (“The USA PATRIOT Act is Bad for Business” and “Patriot Act is not the first (nor likely) last law of its kind”). The U.S. might seize your data or other governments might gain access for a multitude of reasons. Even if your government doesn’t have laws that allow data access, they may work with a government that does, and may hand over your data—perhaps without your knowledge.
But governmental seizure of data is only a small component of potential data loss. It doesn’t really matter if your data is lost to one government or another, to a cybercriminal, your service provider, or a competitor. Enterprises have a vested interest in controlling *all* access to their data. The truth is that whenever a company trusts its data to a cloud provider, there is the potential for its data to be infiltrated.
How should enterprises protect their data? Encrypt! Both Dave and Jonathan mention this in their posts as well, and recommend that companies encrypt the data that they store with cloud providers using policy based key management. A government, cybercriminal, competitor, or other party may still try to access your data, but odds are that they won’t want to invest the time and resources it takes to brute force crack your encryption. Most will give up. In the case of government data seizures, officials may ask you for your encryption keys. But this will give you notice that the government is trying to seize your data and will give you the opportunity to challenge the request—or at least prepare for the consequences.
Trend Micro offers cloud encryption through SecureCloud. This encryption service with policy-based key management secures data stored in private and public clouds as well as on physical and virtual servers. It is provided as either an on-premise software solution or as a Trend Micro hosted service. You control the keys, allowing you to choose the cloud provider that’s right for you—regardless of where your data is being stored. And any entity wanting access to your data will need to ask you for the encryption keys.
Companies should insist on encrypting all of their data in the cloud. Trend Micro predicts that U.S. cloud service providers will embrace encryption in 2012 as an option for their customers. They will use this to effectively respond to the marketing FUD around the PATRIOT Act from international cloud providers. But enterprises should deploy encryption not only to secure their data against governmental seizure, but to protect against all types of data loss.