Jovanovic said the report released in May showed that only 30 percent of federal agencies use encryption to secure data and noted that data protection should be a shared responsibility between agencies and cloud service providers.
œSo I would say that enterprise key management to control the keys for the data that goes into the cloud and then also encrypting the data, depending on where you can encrypt, is going to be critical to securing data. Outside of that, you’ve got to have authentication tools to be able to make sure that the right people are accessing that data and you’re creating that zero trust environment, he said.
Jovanovic also discussed issues concerning perimeter defense, the need for agencies to enforce controls to protect data and the potential role of application layer encryption or tokenization in improving an organization™s security posture in the cloud.
