For most organizations, their data is or should be, one of their most valuable assets. This might be the reason they decided to migrate to a cloud solution in the first place. What if these disks containing the many Terabytes of data go missing in transport on the way to or from the cloud provider? Imagine a 50TB database of sales records including PII and credit card information, being “unaccounted for.” Even though the disks might never end up with an entity with malicious intent at all, the organization would need to assume the worst; the data has been compromised. In most cases this will be disastrous, impacting a company’s reputation, compliance to regulations and of course the bottom-line. Encryption seems to be the most logical security tool for this issue, but how would the Cloud Service Provider decrypt the data on their side, to make it accessible again once the disks have been received? This is why Cloud providers set some solid requirements. Again, the details vary. Microsoft requires the customer to use their WAImportExport tool for the transfer to disk and to encrypt that data using BitLocker. The decryption key is then placed inside an import .csv job-file inside the Azure portal. This means the decryption key does not travel the same route as the physical disks, which would, of course, defeat the entire purpose of encryption. Another option to consider is to use a secure courier service for the data transport. There are many providers of these services available, and the options range from businesses that only employ vetted staff, all the way up to the assignment of a dedicated door-to-door courier. When planning to ship encrypted data internationally physically, it is very important to keep the current export and import regulations of the involved jurisdictions around cryptography in mind. Most of these regulations cover only the encryption tools, but some countries such as China and the Russian Federation prohibit the use of encrypted devices altogether. It is best to consult a legal expert on this issue because information is only scarcely available and mostly from unreliable and out of date sources. The last situation a company wants to find itself in is trying to retrieve a shipment of disks full of PII data from a foreign customs office after unintendedly breaking the law. There are many options to get data to and from a cloud service provider via a physical carrier and most seem quite straightforward. It is important to take this serious, however. Not only could the loss or compromise of data during transport be devastating to an organization, but there are also many regulations in place that cover this type of transport and data handling. The issue is not so much around protecting the data from being compromised; it really is about guaranteeing the data has not been compromised when it arrives at its destination.
