Data at rest encryption in the cloud is a powerful technology with a downside: with present- state of the art solutions the confidentiality and protection of data in the cloud ultimately remains always a trade-off between confidentiality and availability of data. Although there are application and data specific exceptions, computers can currently only process data that is not encrypted. Parts of the confidential data must always be in cleartext in RAM, – even the necessary encryption keys!
Until first April 2014 most decision makers and IT specialists had probably believed that this is a purely theoretical security gap. After Heartbleed it became finally clear to everyone that cleartext in RAM it has “unpleasant” consequences if an attacker can gain access to it. But all is not lost. My new research note “Enabling High-Risk Services in the Public Cloud With IaaS Encryption” tells you what useful things data at rest encryption in the cloud can do for you and guides you in picking the sweet spot for your data in the cloud by selecting the encryption key management strategy.
P.S. Access requires Gartner GTP subscription.