How to guarantee the confidentiality of your data in third-party SaaS applications?
| by Cecile | July 18, 2024 | Security, Cloud
Opting for a Software as a Service (SaaS) solution means agreeing to lose all control over the data you store on it. With SaaS, it’s not your IT department that manages the infrastructure, the systems or even the application.
However, there is a way to regain control of your data: client-side encryption. The principle is simple: all data is encrypted by the web browser, before being sent to the operator’s cloud servers. When the SaaS application wants to access this data again, it is decrypted on the client side, by the user’s web browser.
Of course, you’ll need to deploy a KMS (Key Management System) to store encryption keys beyond the reach of SaaS solution providers. For example, a Cosmian kms, possibly deployed in cloud mode in a confidential virtual machine.
And, of course, SaaS solution providers need to include support for client-side encryption in their offerings. This is currently the case with Google Workspace (Gmail, Docs, Sheets, Slides, Meet…), but also in the heavyweight clients of the Microsoft Office suite (Word, Excel and PowerPoint).
To be adopted for your SaaS applications too?
Client-side encryption enables you to regain control of your data stored on SaaS services. It’s a model for the future, recommended by bodies such as the CNIL (French Data Protection Authority), as it is the approach that best protects the data manipulated by these applications. Under pressure from users and legislators, a growing number of SaaS solutions are expected to accept client-side encryption in the future.
This concept can also be applied to your own SaaS applications, to offer your users an optimum level of data protection, even when these applications are deployed on public cloud infrastructures. A major bank we work with has implemented client-side encryption in its SaaS applications, as well as in those it deploys at customer sites.
The specific case of e-mail
S/MIME technology can be used to ensure the confidentiality of the data in your emails, even during transit. Secure/Multipurpose Internet Mail Extensions are a simple way of encrypting and signing email content.
This technology is rather old, but it has proved its worth, particularly for electronic data interchange, used for example in electronic invoicing.
The good news is that S/MIME technology is increasingly supported by standard email clients and webmails. It is present in tools such as Google’s Gmail and Microsoft Outlook. It is also supported by Apple Mail, the Cupertino-based firm using it internally to secure its employees’ exchanges. It’s a technology that’s making a strong comeback today, and one that could rapidly gain in popularity!
Our latest news
Protect your data on Google Workspace
Protect your data stored on Google Workspace with Client-Side EncryptionBy Cosmian | November 29, 2024 |...
Secure your data in the SaaS with Client Side Encryption
Secure your data in the SaaS with Client Side EncryptionBy Cosmian | October 29, 2024 | Security,...
How to deploy applications securely in the public cloud?
How to deploy applications securely in the public cloud? By Cosmian | October 16, 2024 | Security,...