editor’s question
PETER GALVIN,
CHIEF STRATEGY
OFFICER, NCIPHER
SECURITY
C
loud adoption
has been
astronomical.
According to a
forecast from
Gartner, the
worldwide public
cloud services market is projected to
grow 17.3% in 2019 to total US$206.2
billion, up from US$175.8 billion in 2018.
Organisations are pursuing the cloud
because of the multidimensional value
of these services – such as agility,
scalability, cost benefits and innovation.
For example, nCipher Security’s
2019 Middle East Encryption Trends
Study found that 84% of Middle East
organisations currently use cloud
computing services or plan to do so in
the next 12 to 24 months.
While cloud technologies unquestionably
deliver tangible business benefits,
they also increase attack surfaces
and open up fresh conduits for data
loss. Enterprises also frequently run
28
into trouble because they deploy many
disparate security solutions to protect
cloud technologies, over-simplify basic
security protocols – like using the same
password for everything – or don’t take
the notion that security can be a shared
responsibility seriously enough.
Additionally, the majority of businesses
don’t just operate in one cloud
environment in a single location, but
multiple. This typically entails working
with a number of different vendors to
source the right technical applications,
platforms and infrastructures for their
respective business needs.
Most cloud providers are aware of these
risks. That’s why they offer encryption
for data at rest – both to protect files
and archives from unwanted inspection
by authorised infrastructure managers,
and in case of data leaks from the
cloud service.
While cloud
technologies
unquestionably
deliver tangible
business benefits,
they also increase
attack surfaces
and open up fresh
conduits for
data loss.
As I mentioned earlier, organisations
often deploy a multi-cloud strategy in
order to maximise efficiency and cost
reduction. This may involve running
critical applications in one cloud and
using a different vendor for backup and
restore in another. When this occurs,
securely managing encryption keys
becomes a hurdle.
Fortunately, there are options. nCipher,
for example, provides ‘bring your
own key’ (BYOK) solutions to cloud
applications, for users of AWS, GCP and
Microsoft Azure.
nCipher’s nShield high-assurance HSMs
allow organisations to benefit from the
flexibility and economy of cloud services
while strengthening the security of key
management practices and gaining
greater control of keys.
In many ways, encryption is another
commodity feature of the cloud service
that organisations pay for. Retaining autonomy over encryption
reinforces application and cloud
services controls, because it empowers
organisations to preserve their own data
usage policies.
However, it is only effective when
encryption keys are properly protected –
and therein lies the rub. Enforcing data usage policies also
provides auditors comfort, which is a
win–win for all.
Issue 14
|
www.intelligentciso.com