Safeguarding Your Data in Hybrid, Multicloud Environments
- By Lance Weaver, Equinix
- April 01, 2019
Enterprises worldwide are increasingly adopting a hybrid cloud approach to capitalize on the scale and pace of innovation from cloud providers while balancing on cost and efficiency.
Research firm MarketsandMarkets predicted that the hybrid cloud market size was expected to grow from USD 38.27 billion in 2017 to USD 97.64 billion by 2023. While the benefits of hybrid cloud adoption are indisputable, the security challenges that come with it is also undeniable.
The evolving nature of cyber threats requires enterprises to address these challenges head-on as the cost of security breaches escalates. According to the Ponemon Institute’s 2018 Cost of a Data Breach Study sponsored by IBM, the average total cost of a data breach rose 6.4 percent from USD 3.62 million in 2017 to USD 3.86 million in 2018.
Businesses must also contend with the ever-widening set of data regulations and compliance requirements in the wake of the increasing sophistication and occurrence of security breaches. These regulations are designed to govern the capture and use of any personally identifiable information (PII), which is broadly defined as any information that could be used to identify an individual.
These types of data are subject to numerous industry and government regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Regulation (GDPR), Singapore’s Personal Data Privacy Act, and data sovereignty requirements. Many of these regulations also broaden the definition of PII and place additional demands on the capture and use of personal data. As an ever-increasing amount of data is identified as PII, and as an ever-increasing amount of PII is stored in the cloud, the risk of a damaging data breach grows.
Encryption Key Management: Complex in Multicloud Environments
One way to reduce the complexity of complying with regulations and enabling security is by standardizing the most fundamental aspect of data security through encryption key management. Cloud providers have offered this proven means of managing encryption keys via hardware security modules (HSM) or key management services (KMS) in their platforms and services.
However managing encryption keys across hybrid, multiple cloud platforms is inherently complex. The reasons for this include the following:
- Each cloud provider offers its solution for encryption key management
- Encryption key management tools vary by provider
- The level of encryption key security varies among the providers
This complexity, coupled with a shortage of skilled security personnel, leads many enterprises to look for methods that allow them to centrally and securely manage encryption keys; think of this as a search for a cloud-neutral approach to encryption key management.
Adopting Cloud-neutral Encryption Key Management
This complexity can be significantly reduced by adopting a cloud-neutral encryption key management service. In other words, this is a single, centralized method for managing the complete lifecycle of encryption keys that provides a security control point to give enterprises local management over globally-dispersed data among hybrid, multiple cloud platforms.
As a cloud service, it provides the flexibility to enterprises who store data in globally-distributed cloud environments. This lowers costs and no vendor lock-in. Maintaining encryption keys separate from encrypted data provides an added level of data security while enhancing performance by storing keys at the digital edge.
For encryption key management in hybrid, multicloud environments, businesses should consider the benefits of hardware security modules (HSM) as a Service. It leverages the established strengths of the cloud-wide availability, service on demand and scalability – to make encryption keys easy to implement and manage. It is designed to address these critical needs:
- Cloud Security: HSM as a Service provides support for encryption key management in AWS, Google, Azure, IBM, Oracle, Salesforce and others in private, hybrid and public cloud environments. The level of security provided by HSM as a Service is equivalent to on-premises HSM solutions, but with the ease of use of cloud services.
- Centralized management: HSM as a Service gives users a single point of management regardless of the cloud provider or providers.
- Compliance: HSM as a Service features enterprise-level access controls and audit logging.
- Scalability: HSM as a Service quickly and easily scales to meet local and global growth.
- Lifecycle management: Users control key creation, distribution, rotation, refreshment and retirement. HSM as a Service also supports Bring Your Own Key (BYOK).
Complementing Leading Cloud Providers
There’s no question of the value major cloud providers offer in terms of services, ease of software deployment, availability, scalability and economic benefit.
However, an encryption key management strategy can become complex and almost unmanageable in hybrid, multicloud environments. HSM as a Service complements the strengths of cloud providers by providing an easily deployed, secure, centralized encryption key management solution.
Lance Weaver, vice president, Platform Strategy and Emerging Services at Equinix authored this article.
The views and opinions expressed in this article are those of the author and do not necessarily reflect those of CDOTrends.