Department of Defense Report Highlights Importance of Data Encryption

The U.S. Department of Defense recently released a report that outlined clear security regulations that would need to be established before it widely adopts cloud computing practices within its offices. The report, released in January, explains that some of the security requirements may include hypervisor attestation, data encryption software and virtual machine isolation.

In the security section of the report, one of the major goals would be "preserving confidentiality and integrity of data."  The report goes on to explain that it is important that confidential data not be "disclosed to unauthorized parties" and that it should be protected so it cannot be corrupted.

The report goes on to explain that when data is not in use, it should be stored in an encrypted form with keys protected using a hardware attestation such as a trusted platform module. Data in transit should also be encrypted so that there is a secure data exchange between the Department of Defense and other offices.

"[The recommendation is to] employ encryption and cryptographic integrity verification for all data in transmission and storage, coupled with secure access control that enables decryption only within those isolated software components that are run by authorized users under policy control enforced by cryptographically protected credentials issued by data owners," explained the report.