Today, companies’ digital transformation efforts are moving more data and systems to the cloud. This transformation is also causing an ever-increasing amount of sensitive enterprise and customer data to be stored in multi-tenant, shared computing and storage environments. As more systems are moving to the cloud, cyber-attacks are also proportionally increasing. According to Gartner’s “Special Report: Cybersecurity at the Speed of Digital Business,” 60% of digital businesses will suffer major service failures, due to the inability of IT security teams to manage digital risk by 2020. This reality is forcing enterprises and service providers to re-architect their IT infrastructure security to support new digital engagement capabilities and leverage digital ecosystems in new ways.
Protecting distributed data and encryption keys in a hybrid IT world
When sensitive data and systems move to the cloud, data protection of these valuable digital assets (i.e., personal information, payment information, intellectual property etc.) is critical. Any unauthorized access or breach could lead to severe financial penalties and a loss of brand reputation. According to the recent market study published by Equinix, “The Global Interconnection Index,” private interconnection between enterprises and cloud and IT service providers is expected to grow 160% annually between 2016 – 2020. As cybersecurity risk permeates across both physical and digital platforms of digital businesses, managing it will require the direct and secure interconnection of applications, data, networking and security controls colocated across regions to create necessary safeguards. One critical safeguard, encryption, has proven to be one of the most effective data protection controls. Once the data is cryptographically processed (“encrypted”), the data becomes unusable without the encryption key. Therefore, protection of these encryption keys is paramount to the protection of sensitive data.
Traditionally, cryptographic operations and key management has been performed in on-premises data centers. However, these on-premises encryption solutions can be costly and complex to deploy, manage and are not considered “cloud friendly.” As a result, many businesses are turning to the cloud for hardware security modules (HSMs) to protect their applications and data in hybrid IT environments. A recent Global Encryption Trends Survey by Ponemon Institute shows that almost half (48%) of its enterprise respondents own and operate on-premises HSMs in support of cloud-based applications, and 36% of the organizations “lease” HSMs from a public cloud provider.
While cloud-based HSMs provide simplicity, these solutions place both the data and encryption keys together in the same place, increasing the risk of them both being breached by hackers or malicious insiders. It is also difficult to manage keys and data across multiple clouds, and update policies to match numerous changes to corporate, industry and government compliance regulations. With the increasing number of complex security threats and the amount of information moving in and out of the cloud, a new security control point must be implemented at the intersection of people, locations, clouds and data.
SmartKey, the first HSM-as-a-service based on SGX technology
Today, we are announcing the launch of the Equinix SmartKey™ public beta program for the industry’s first HSM-as-a-Service, powered by Fortanix, based on Intel® Software Guard Extensions (SGX), a technology for application developers who are seeking to protect application code and data from disclosure or modification. We collaborated with Fortanix, the innovator of the first HSM management cloud service based on SGX, to offer our customers a totally cloud-independent, programmable key management and cryptography service hosted on Platform Equinix™, our global interconnection and data center platform (see diagram below).
SmartKey Multicloud HSM as a Service Solution
As a usage-based service, you do not have to be colocated within an Equinix International Business Exchange™ (IBX®) data center to participate in our public SmartKey beta program. The Equinix SmartKey public beta is now open for registration.
Private interconnection for AWS public and hybrid clouds
Equinix will also enable private connectivity options to SmartKey for public and hybrid cloud deployments, such as Amazon Web Services (AWS). Access will be made via private, direct and secure interconnection using AWS Direct Connect and the Equinix Cloud Exchange within an Equinix IBX data center or via the internet. This will allow AWS users and managed service providers to consolidate the management of public and hybrid clouds, including support for a single, enterprise-wide key across AWS and on-premises IT data center environments.
I will be presenting a session, “Automate and Control your Keys for the (Hybrid) World – Best Practices in AWS,” at the upcoming AWS re:Invent 2017 in Las Vegas, on Thursday, 11/30 at 12:00 PM in the Venetian, Level 1, Expo Hall Theatre. You can also visit us during the conference at booth #2213.
Register for the public Equinix SmartKey beta program.
Other blogs you may be interested in reading: