Keeping Data Secure in the Digital Revolution

Kim Chen Bock

Many recent innovations in technology have been fostered by increased connectivity among those who drive the digital revolution. Decades ago, programming was an isolated activity, involving only a programmer and a mainframe. Today, developers take advantage of thousands of productivity-enhancing tools and resources and collaborate in real-time with colleagues worldwide to deliver and support software applications and solutions that improve individual lives as well as corporate performance.

The cloud has made implementation and management of these solutions operationally and economically efficient. Increasingly, organizations are moving to the cloud. Most find they need to work with multiple cloud providers to support their software, data storage and geographic coverage needs. As these organizations grow larger, become geographically distributed and rely on distributed IT services, the need for interconnection bandwidth increases. Interconnectivity among enterprises, cloud service providers and network services is now a requirement for success.

To optimize communication among these widely-distributed resources, enterprises are utilizing private data exchanges. The fastest-growing interconnection need among enterprises is private cloud connectivity, with an estimated 160 percent compound annual growth rate by 2020. These private, distributed exchanges provide access to multiple clouds, allowing companies to run complex digital business value chains and cost-effectively scale IT resources and application services.

Adoption of multicloud environments and a rapidly-growing digital economy create demand for greater bandwidth reduced latency, and stronger cybersecurity. The Global Interconnection Index Volume 2, published by Equinix, explores these challenges and explains how global enterprises can effectively meet them.

Devices, data and defense

The digital revolution has also been propelled by a proliferation of devices and the plethora of mobile applications that connect to the cloud. The processing power of these devices, combined with near-ubiquitous connectivity and the ability of these devices to easily create and capture an ever-widening spectrum of user and transactional data, have disrupted established business models and dramatically expanded enterprise business opportunities. Most global enterprises store their data with a variety of geographically-distributed cloud service providers. The stores of data have inestimable value to the enterprise-value which is closely tied to the enterprise’s ability to keep the data secure. However, securing data across various cloud environments and geographies has become increasingly complex for the following reasons:

  1. The threat of data breaches from local and remote agents is constantly growing.
  2. Data security and sovereignty regulations vary by country and are continually evolving.
  3. Various cloud service providers have different encryption key management methods.

Let’s explore the implications for each of these in greater detail:

Constant threat of data breach

If your company has so far gone unscathed by a cyber attack, you may credit that to a strong and proactive cybersecurity strategy, or-perhaps-to simple good luck. Nonetheless, the attacks are nonstop. Peruse the UK’s National Cyber Security Center for a weekly report of major global attacks to gain some sobering insight into the variety of methods of attack-malware, ransomware, botnets, misconfigured resources, phishing, zero-day exploits-and their impact.

It’s clear that a successful approach to keeping data secure involves defense on many levels. To combat attacks on data exchanged by digital businesses between insecure devices and places, real-time localized security data and automated security control management are needed-to an extent that latency-ridden long-haul networks are often incapable of delivering. Here’s where private data exchange interconnections protect against breaches: Interconnection ensures faster, private, low-latency data transfer to best protect critical digital assets.

Evolving and varying regulations

The business opportunities afforded to enterprises as a result of global expansion are accompanied not only by the challenges of keeping data secure, but also the challenges of conforming to a varied and continuously-evolving set of geo-specific regulations. These regulations are a response to the inability of many companies to protect personal data, as evidenced by weekly reports of data breaches.

Many regulations include data sovereignty requirements, in which information in digital form is subject to the laws of the country in which it is created and stored. Several countries also include regulatory directives designed to enhance national security. These directives bring an added level of complexity concerning data ownership and access rights. For enterprises operating globally, monitoring, interpreting and properly implementing data and processing security measures presents an added level of complexity.

Initiatives like the recently-implemented GDPR compel enterprises to keep data secure. Providing a standard set of data security regulations among the 28 current members of the EU makes it easier for enterprises operating in these countries. However, this still leaves a need for enterprises to conform to dozens of other country-specific laws and regulations.

Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) directs how companies collect, use and disclose personal information. PIPEDA also applies to personal information of employees of federally-regulated businesses, including airlines, banks and telecom providers. Australia’s data breach reporting laws, known as the Notifiable Data Breaches (NDB) scheme, were enacted on February 22, 2018. NDB requires notification of individuals whose personal information was involved in a data breach. The notification must also provide guidance regarding steps individuals should take regarding the breach. At the heart of each of these regulations is the protection of personal or confidential information. This is where data encryption plays a foundational role.

Encryption key management

Data encryption has long been the first and best defense against data breaches. In the event that the cybersecurity safeguards you have in place have been circumvented and your cloud data repository has been breached, the encrypted data contained therein remain meaningless ciphertext. Without access to the encryption keys, which are ideally stored separately from encrypted data, the data remain useless. Encryption key management, then, is essential to keeping data secure.

Encryption keys can be securely managed using hardware security modules (HSMs) or key management services (KMS) available from cloud service providers. However, each method works only within the domain of the specific cloud service provider. Because global enterprises typically employ several different cloud service providers to manage both data and a diverse set of software applications, encryption key management, using different management tools across multiple cloud providers, adds complexity to the already intricate data security responsibilities.

Cloud-neutral encryption key management

This complexity can be greatly reduced by adopting a cloud-neutral encryption key management service. A single, centralized method for managing the complete lifecycle of encryption keys provides a security control point to give enterprises local management over globally-dispersed data among multiple cloud platforms. Provided as a cloud service, it delivers four distinct benefits for enterprises storing data in globally-distributed cloud environments:

  1. A single key management method reduces the workload on data security personnel.
  2. It’s available globally, with native connectivity to leading cloud service providers.
  3. It scales easily as your data and processing needs grow across cloud platforms.
  4. It maintains encryption keys separate from encrypted data to provide an added level of data security.

Each of these benefits helps an enterprise reduce data security costs and keep data secure in widely-distributed multicloud environments.

Continued advances in processing speed, data storage and communication technology ensure the digital revolution will continue. Entrepreneurs will identify new business opportunities, create new applications and gather even greater volumes of customer and transaction data. Unfortunately, there will be equivalent efforts by malefactors to attack data. Encryption, along with a single, centralized approach to encryption key management for multicloud environments, will remain the best defense in securing data.

SmartKey to simplify the complexity of encryption key management

If you want to simplify the complexity of managing encryption keys in your multicloud environments, today and well into the future, we invite you to read the 451 report on key management as a service. Powered by Fortanix and secured with Intel® SGX, SmartKey is a cloud service that is highly available, fault-tolerant and horizontally scalable. It provides centralized, HSM-grade security for encryption key management for leading cloud service providers such as AWS, Azure, Oracle, IBM and Google. SmartKey will help you keep data secure in the digital revolution.

Kim Chen Bock Product Marketing - Head of Emerging Services - Data, Security, Applications