Nick Jovanovic, vice president of federal business for cloud protection and licensing activity at Thales, discussed in an interview on CyberWire’s Daily Podcast about federal agencies migrating sensitive data to the cloud and the gap such a move leaves in terms of security responsibility as highlighted in the company’s 2019 Thales Data Threat Report – Federal Edition.
Jovanovic said the report released in May showed that only 30 percent of federal agencies use encryption to secure data and noted that data protection should be a shared responsibility between agencies and cloud service providers.
“So I would say that enterprise key management to control the keys for the data that goes into the cloud and then also encrypting the data, depending on where you can encrypt, is going to be critical to securing data. Outside of that, you’ve got to have authentication tools to be able to make sure that the right people are accessing that data and you’re creating that zero trust environment,” he said.
Jovanovic also discussed issues concerning perimeter defense, the need for agencies to enforce controls to protect data and the potential role of application layer encryption or tokenization in improving an organization’s security posture in the cloud.