Data Protection Reading Time: 4 minutes

How Can You Develop a Secure Data Protection Architecture in Cloud?

Cloud computing is increasingly being adopted by many organizations today. It offers convenient access to a shared pool of computing resources like infrastructure, platforms, storage, data, software, and applications as a service to its users. Many organizations are moving to the cloud, as it helps in collaboration, improves scalability, availability, flexibility, and productivity, along with reduced operational costs.

Gartner has predicted that spending on public cloud services will grow by 23.1% in 2021 to a total of $332.3 billion. The COVID-19 pandemic and shift to remote working has forced companies to move their workloads from on-premises to the cloud. Apart from this, many emerging technologies such as containerization, edge computing, and analytics are driving the additional growth of cloud computing.

Cloud computing provides multiple advantages, but there are still many security issues that are of great concern to organizations. Organizations are saving their critical applications and customer’s personal data in the cloud, and securing those applications and data is critical for their business. There have been multiple security incidents in the past few years where companies failed to secure customer’s sensitive data in the cloud.

In January 2020, over 250 million Microsoft customer records were exposed online without proper protections. In 2021, a massive data leak exposed LinkedIn profiles of 700 million users. The personal data of the affected users was put up for sale on a dark web forum. The exposed data included Personally Identifiable Information (PII) of users such as Full Names, email addresses, home addresses, phone numbers etc.

Along with the organizations, the focus of hackers has also shifted from on-premises data to cloud data. According to a survey, almost every organization has experienced a cloud data breach in the past 18 months. Gartner has stated in its cloud security assessment report that by 2025 99% of the cloud security failures will be due to the security issues on the customer’s side rather than the cloud provider side.

In the current scenario, if businesses want to expand their cloud usage, they need to protect the sensitive data in the cloud and strengthen the overall cloud data security. If companies want to benefit from cloud computing, alongside securing customer’s data and trust, they need to develop a secure architecture for data protection in the cloud.

Organizations’ Concerns for cloud data security

When an organization moves its sensitive data to the cloud, it has many concerns and questions related to the storage and protection of data in the cloud. Some of these concerns are:

Does the cloud provider have sufficient security capabilities and supported technologies?

  • Does the cloud provider have sufficient security capabilities and supported technologies?
  • Is the cloud provider adhering to the needed compliance regulations and specifications?
  • What are the security protocols being used by the cloud provider?
  • How the cloud provider is storing data?
  • Is the cloud provider saving the sensitive data on the same physical host with other tenants?
  • Is the cloud provider ensuring the physical security of the servers storing the data?
  • Does the cloud provider have access to the organization’s data?
  • Does the cloud provider protect the data at rest as well as in-transit?
  • What are the different encryption technologies the cloud provider is using?
  • Does the cloud provider have access to the encrypted data?
  • How the encryption keys are stored and protected?
  • Does the cloud provider have access to the encryption keys?
  • How the encryption keys are refreshed and rotated?
  • Does the cloud provider follow breach notifications as per company’s policies and standards?
  • How to manage data across multi-cloud environments?
  • How to protect data in multi-cloud environment?
  • How to manage keys in multi-cloud environment?

Developing Architecture for Data Protection

Cloud customers need to take control of securing their sensitive data in the cloud rather than relying only on the cloud provider to protect their data. Organizations should ensure that the cloud data protection architecture satisfies the below recommendations:

  1. Sensitive data is protected at rest, in transit and in use.
  2. Sensitive data should always be encrypted at the organization side before it is transmitted to the cloud for storage.
  3. The encryption keys should be controlled by the organization and not the cloud provider.

Encryption keys are a fundamental component of any cryptographic system, and they should be always protected from unauthorized access. In data encryption, key management is the most difficult part. It becomes even more complex in cloud and multi-cloud environments. Key management refers to the management of encryption keys. It includes key generation, key storage, key rotation, key usage, key access, and key destruction.

A key management service allows the customers to manage their own keys that are used to encrypt the data in the cloud. Most of the cloud providers provide Key Management services. Organizations can use cloud-based encryption in which the cloud provider generates and manages the keys that are used to encrypt and decrypt the data.

Organization can use Bring Your Own Key (BYOK) in which they generate and manages the encryption keys, but the cloud provider has access to the keys. Organizations can also generate, manage, and store their encryption keys in their own environments and the cloud provider does not have any access to the keys.In order to take advantage of the various cloud tools and platforms, organizations need to create a data centric security strategy to protect their sensitive data in the cloud. It is impossible to develop a single data-protection solution for the cloud as it involves multiple aspects.

Security of the data needs to be analyzed from multiple aspects and a robust and secure cloud data protection architecture should be created. Organizations need to understand the built-in security provided by the cloud providers and how to use them to our advantage. Most of the cloud providers provide both at rest and in-transit encryption that can be utilized to secure data in the cloud. Strong access controls and password policies must be implemented to secure our data.


Encryption Consulting can help you identify and secure your sensitive data in the cloud, understand and utilize the data protection methods provided by the cloud providers, manage your keys in multi-cloud environments, adherence to privacy regulations and compliances, and strengthen your organizations’ cloud data security.

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.


About the Author

Anuradha is a cybersecurity expert with 15 years of experience in Cybersecurity space. She is currently working as Senior Encryption Consultant at Encryption Consulting LLC.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo