Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Register for CSA’s free Virtual Cloud Trust Summit to tackle enterprise challenges in cloud assurance.

When It Comes To Cloud Security, Don’t Forget SSL

Home
Industry Insights
When It Comes To Cloud Security, Don’t Forget SSL

Blog Article Published: 09/30/2011

By Michael Lin, Symantec

Cloud computing appears here to stay, bringing with it new challenges and security risks on one hand, while on the other hand boasting efficiencies, cost savings and competitive advantage. With the new security risks of cloud and the mounting skill and cunning of today’s malicious players on the Web, Secure Sockets Layer (SSL) certificates are here to stand up to the risks. Using SSL encryption and authentication, SSL certificates have long been established as a primary security standard of computing and the Internet, and a no-brainer for securely transferring information between parties online.

What is SSL?

SSL Certificates encrypt private communications over the public Internet. Using public key infrastructure, SSL consists of a public key (which encrypts information) and a private key (which deciphers information), with encryption mathematically encoding data so that only the key owners can read it. Each certificate provides information about the certificate owner and issuer, as well as the certificate’s validity period.

Certificate Authorities (CAs) issue each certificate, which is a credential for the online world, to only one specific domain or server. The server sends the identification information to the browser when it connects, then sends the browser a copy of its SSL Certificate. The browser verifies the certificate, and then sends a message to the server and the server sends back a digitally signed acknowledgement to start an SSL-encrypted session, letting encrypted data transfer between the browser and the server.

How does it secure data in the cloud?

If SSL seems a little old-school in comparison to the whiz-bang novelty of cloud computing, consider this: since SSL offers encryption that prevents prying eyes from reading data traversing the cloud, as well as authentication to verify the identity of any server or endpoint receiving that data, it’s well-suited to address a host of cloud security challenges.

Where does my data reside, and who can see it? Moving to the cloud means giving up control of private and confidential data, bringing data segregation risks. Traditional on-site storage lets businesses control where data is located and exactly who can access it, but putting information in the cloud means putting location and access in the cloud provider’s hands.

This is where SSL swoops in to quell data segregation worries. By requiring cloud providers to use SSL encryption, data can securely move between servers or between servers and browsers. This prevents unauthorized interceptors from reading that data. And, don’t forget that SSL device authentication identifies and vets the identity of each device involved in the transaction, before one bit of data moves, keeping rogue devices from accessing sensitive data.

How can I maintain regulatory compliance in the cloud? In addition to surrendering control of the location of data, organizations also need to address how regulatory compliance is maintained when data lives in the cloud. SSL encryption thwarts accidental disclosure of protected or private data according to regulatory requirements. It also provides the convenience of automated due diligence.

Will my data be at risk in transit? Putting data in the cloud usually means not knowing where it physically resides, as discussed earlier. The good news is that cloud providers using SSL encryption protect data wherever it goes. This approach not only safeguards data where it lives, but also helps assure customers that data is secure while in transit.

Another point to note here is that cloud providers using a legitimate third-party SSLCAwill not issue SSL certificates to servers in interdicted countries, nor store data on servers located in those countries. SSL therefore further ensures that organizations are working with trusted partners.

Will any SSL do?

Recent breaches and hacks reinforce the fact that not all SSL is created equal, and neither are all CAs. Security is a serious matter and needs to be addressed as organizations push data to the cloud. Well-established best practices help those moving to the cloud make smart choices and protect themselves. Here are some things to keep in mind while weighing cloud providers:

  • Be certain that the cloud providers you work with use SSL from established and reliable independent CAs. Even among those trusted CAs, not all SSL is the same, so choose cloud providers that ensure that those providers have SSL certificates from certificate authorities that:
  • Ensure that the SSL your cloud provider uses supports at least AES 128-bit encryption, preferably stronger AES 256-bit encryption, based on the new 2048-bit global root
  • Require a rigorous, annual audit of the authentication process Maintain military-grade data centers and disaster recovery sites optimized for data protection and availability

Who will you trust? That’s the question with cloud computing, and with SSL. Anybody can generate and issue certificates with free software. Partnering with a trusted CA ensures that it has verified the identity information on the certificate. Therefore, organizations seeking an SSL Certificate need to partner with a trusted CA.

SSL might not be the silver bullet for cloud security, but it is a valuable tool with a strong track record for encrypting and authenticating data online. Amid new and complex cloud security solutions, with SSL, one of the most perfectly suited solutions has been here all along.

Share this content on your favorite social network today!

Latest from CSA
Join AT&T Cybersecurity in Chicago
The State of AI and Security Survey Report
CSA's STAR: The Key to Cloud Security & Compliance
Trending This Week
#1 The 5 SOC 2 Trust Services Criteria Explained
#2 What You Need to Know About the Daixin Team Ransomware Group
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 Cybersecurity 101: 10 Types of Cyber Attacks to Know
#5 Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Enhance your cloud security skills with CSA's online training options.