Encryption gateways such as the eperi gateway are state of the art when it comes to protecting decentralized cloud structures, according to the German Federal Association for IT Security (TeleTrust). TeleTrust and the European Network and Information Security Agency (ENISA) have now published the document "State of the Art" for IT security.
This is an important step towards more IT security. Finally, numerous european national laws such as the IT Security Act for Critical Infrastructures, the European NIS Directive and the European Data Protection Regulation (GDPR) call for measures to ensure a high common security level in the EU. When it comes to IT security, organizations should orient themselves on the current "state of the art". So far, however, it has been largely unclear what "state of the art" actually means. On the subject of data protection in cloud environments, the TeleTrust document is now clear: the encryption of sensitive data represents the best possible protection against ever new attack scenarios.
With an encryption gateway, data can be protected as soon as it leaves a secure, internal environment and is processed or stored in a cloud application. The eperi Gateway is also an encryption gateway that acts as a proxy-based solution between end users and the cloud. It encrypts sensitive data before it leaves the enterprise, for example, and is then stored and processed in a cloud application such as Office 365 or Salesforce. The customer has sole control over the cryptographic keys required to encrypt and decrypt the data. Only in this way can they retain the greatest possible control and centrally control their access rights. After all, whoever has the cryptographic key also has access to the data. This is why a state-of-the-art encryption solution should include internal key management so that third parties - including administrators in data centers or cloud providers - do not have access to unencrypted data.
Another advantage of an encryption gateway such as the eperi Gateway is that the main functionalities of the cloud application are not restricted. The state of the art is therefore solutions that do not restrict the search or filtering of data, reporting or automated processing of encrypted data in cloud applications. This not only ensures compliance with legal requirements, but also maintains user-friendliness.