Is your Cybersecurity Strategy Sufficient to Protect Your Cloud Data?

Imam Sheikh

I wish I didn’t have to write about this topic so often. It would be a much better world if cybersecurity were less of a pressing concern; instead, our efforts could be focused on value-added technology and software applications that improve quality of life and efficiency of commerce. However, current indicators all point to the need for an even greater focus on cybersecurity strategy.

Peruse SC Media’s page on data breaches, and you’ll find a rundown of recent newsworthy malevolent attacks, which occur almost daily. Gartner’s Special Report: Cybersecurity at the Speed of Digital Business predicts sixty percent of digital businesses will suffer major service failures by 2020 due to the inability of IT security teams to manage risk.To compound the problem, there’s a lack of skilled cybersecurity professionals in the market: The non-profit information security advocacy group ISACA predicts a shortage of two million cybersecurity professionals by 2019.

As a result, every member of your organization’s security team, from CSO to security analyst, is constantly operating in a defensive mode. Malicious agents, local and global, are conducting offensive campaigns around the clock to find points of weakness in your cybersecurity strategy and exploit them to the detriment of you and your customers.

The technologies that have enabled global communications, frictionless commerce and near-ubiquitous connectivity have simultaneously opened the door to increased cybersecurity threats. With the growth of interconnections between enterprises and cloud service providers and the prevalence of data storage fostered by cloud adoption, keeping data secure has become a common conversation topic in boardrooms. Everyone in your security department should be asking if the existing cybersecurity strategy is sufficient to protect your cloud data. Secure interconnections and data encryption are the critical pillars of a sound cybersecurity strategy that will help answer that question.

Private interconnections for secure data transfers

The second annual Global Interconnection Index (the GXI), a market study published by Equinix, projects interconnection between enterprises and cloud and IT service providers will increase 160% annually between 2016 and 2020. As exposure to cybersecurity risk increases, effective management requires direct and secure private interconnection of applications, data, networking and security controls to provide necessary safeguards. These private data exchanges among businesses will facilitate faster, low-latency, secure data transfer among all parties to best protect critical digital assets. As you plan your cybersecurity strategy, look for global service providers that offer high performance and high availability.

Data encryption: the foundation of cybersecurity strategy

Hackers try to steal the keys to your data kingdom by way of increasingly varied and sophisticated means, including malware, ransomware, phishing, point of sale data collection, SQL code injection and zero-day vulnerability. Interconnectivity across widely-distributed services and adoption of cloud platforms to store data and manage applications only intensify the challenges of preventing these attacks.

One critical safeguard has proven to be a foundation for effective cybersecurity: encryption. Once data is encrypted, it becomes unusable without the associated encryption key. In those instances, a data breach yields only ciphertext. Underpinning data encryption is key management, and protection of encryption keys across all of your cloud environments is a vital part of protecting your data.

A consistent method of encryption key management in multicloud environments

Encryption keys can be managed using hardware security modules (HSM) or key management services (KMS). While several cloud providers offer both options, it’s rare to find a single cloud provider that meets all of an enterprise’s data and application needs. As a result, the majority of organizations utilize multicloud and hybrid environments.

There’s a drawback to this: With each cloud provider offering their own encryption key management method, enterprises that employ multiple cloud providers to support their data and application needs are forced to use multiple methods and multiple management tools. This imposes an unnecessary burden upon your security team.

A better method is a centralized, cloud-neutral method for encryption key management, one provided as a cloud service to control encryption keys regardless of which cloud provider’s platform-AWS, Google, Azure, IBM or Oracle-the encryption keys are being used on. From a cybersecurity perspective, there are several benefits to this approach:

  • A secure control point to give enterprises local management and control over data globally dispersed among multiple cloud platforms.
  • Consistent methods and management tools to control the entire encryption key lifecycle.
  • Ability to easily accommodate growing data storage and encryption needs.
  • Better use of existing data security personnel resources.

Separate encryption keys from encrypted data

A cloud-neutral encryption key management solution provided as a cloud service enables enterprises to further improve their cybersecurity strategy to protect cloud data. This kind of cloud-neutral KMS is hosted in a cloud environment separate from the data managed by the cloud service provider. Storing encryption keys separately from encrypted data provides an added level of data protection. A breach of encrypted data yields only meaningless ciphertext. A well-designed cloud-neutral encryption key management solution virtually precludes any successful breach of data.

Cloud-neutral, centralized and secure

Equinix, a leader in global connectivity for digital business around the world, understands the importance of a sound cybersecurity strategy. In response to the need to securely protect cloud data, Equinix provides SmartKey, a cloud-neutral, scalable encryption key management service powered by Fortanix and based on Intel® Software Guard Extensions (SGX). SmartKey provides role-based access control to determine which users, groups or applications have access to which keys and what operations can be enacted on those keys.

Execute encryption processing in a secure environment

To protect application code and data from disclosure or modification, all cryptographic and key management operations as well as application logic are done inside the trust boundary of the Intel® SGX enclave. Encryption key material is never exposed in plaintext on the system memory or on any other physical interface outside the processor. This secure environment protects encryption keys and data from all external agents.

SmartKey on Platform Equinix

SmartKey, hosted on Platform Equinix, a global data center platform, manages encryption keys to protect data, with the added benefit of placing an enterprise’s encryption keys at the digital edge to minimize latency. With Platform Equinix, you can quickly establish global virtual connections and gain high-performance, low-latency interconnection between SmartKey and your cloud, network, data or security providers of choice.

SmartKey’s delivery model simplifies the provisioning and control of encryption keys. Explore the benefits of using SmartKey to protect your cloud data. Get started by registering for a free trial to see how SmartKey can strengthen your cybersecurity strategy.