CipherCloud Achieves Gartner's Recommendations to Avoid Data Residency Risks in the Cloud by Encrypting Data and Giving Data Owners Encryption Keys

SAN JOSE, Calif., Jan. 30, 2013 (GLOBE NEWSWIRE) -- "Chief information security officers and chief security officers must resolve an array of complex security and regulatory data residency issues when enterprises plan to store data in the cloud or remote data centers," according to a new report published by research company Gartner Inc. The research note, "Five Cloud Data Residency Issues That Must Not Be Ignored," (1) recommends enterprises take steps to assure the privacy of sensitive information, achieve regulatory compliance and understand the implications of data disclosure laws. 

According to the authoring analysts, "even if the data is encrypted and the keys are managed in a separate jurisdiction, enterprises should be aware that requests for legal assistance, based on bilateral agreements, may be executed between those countries. However, in a well-architected system, the cloud services provider does not have direct access to the keys. In this way, if a legal request is made for access to the data, the enterprise must be involved."

Many countries have passed national laws granting authorities access to enterprise cloud data that may conflict with the legal protection rights of data in the originating jurisdiction, leaving companies wondering how secure their data is and how compliant they are with regulations. Gartner's research helps enterprises understand these risks and recommends they:

     -- Consider deploying encryption solutions if there are data residency concerns for data crossing borders

     -- Ensure that privileged users in cloud services providers are not granted access

     -- Manage the keys locally to comply with local privacy requirements

     -- Ensure that the selected vendor encryption products can provide the  level of security, and operate in the different storage environments and locations as required

     -- Use a documented key revocation and destruction process

We believe CipherCloud meets and exceeds these recommendations and the Gartner report cites a CipherCloud customer as an example of how companies are addressing the issues of data residency.

"We believe Gartner's analysts underscore the importance of cloud encryption and self-ownership of the keys as essential to confronting data residency risks no matter where the data is stored," said Pravin Kothari, CEO of CipherCloud. "CipherCloud's information protection platform ensures no one--whether it's law enforcement, cloud provider system admins, or cybercriminals--can access sensitive information under any circumstances without contacting the data owner first."

The CipherCloud technology incorporates a number of military-grade, AES 256-based format and operations-preserving encryption schemes to protect cloud information. Encryption keys are owned by the enterprise, ensuring that organizations retain control over data in-transit, in-use, and at-rest in the cloud.

CipherCloud also uses content-aware encryption, which speeds deployment and continues to break down privacy, residency, compliance and security barriers to adopting cloud applications. However, unlike previous approaches, with CipherCloud's breakthrough encryption technology users enjoy native functionality like search and sort with near zero-latency. This means that there is no change to the user experience, even when using dynamic encryption to enforce data loss prevention rules.

(1) Gartner, Inc., "Five Cloud Data Residency Issues That Must Not Be Ignored," December 26, 2012, Research report G00246143, Brian Lowans, Neil MacDonald and Carsten Casper

About CipherCloud

CipherCloud, the leader in cloud information protection, provides cloud encryption and tokenization gateways to enable organizations to securely adopt cloud applications by eliminating concerns about data privacy, residency, security, and regulatory compliance. CipherCloud's groundbreakinggateway encrypts sensitive information in real time, before it's sent to the cloud, using operations-preserving encryption and tokenization technology without impacting usability or the application in any way.

The CipherCloud product portfolio supports popular cloud applications out-of-the-box such as Salesforce,, Chatter, Google Gmail, Microsoft Office 365, and Amazon AWS. Additionally, CipherCloud Connect AnyApp and Database Gateway enable organizations to extend data protection to hundreds of third-party cloud and private cloud applications and databases.

CipherCloud is backed by premier venture capital firms including Andreessen Horowitz, Index Ventures, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit and follow us on Twitter @ciphercloud.


Contact Data