Data Gravity and Cloud Security

The world creates a massive volume of data, increasing proportions of which are being stored in the cloud due to its economic and operational advantages. As data amasses in any one place, it begins to acquire what we might think of as gravity. Data gravity, a term first coined by IT expert Dave McRory in 2010, explains how data moves in ways that that might be considered analogous to the laws that govern the physical world: As data volume grows, additional applications or services find reasons to utilize the data, which in turn increases the volume even further.

Data volume, data gravity, and data value

Data gravity boosts the value of your data, especially when analytics are applied. Larger volumes of data provide greater insight into and understanding of the sources that generate the data: customers, devices, machinery, vehicles, et cetera. Size matters: A database of ten million customers holds greater business value and potential for insight than a database of ten thousand customers.

Take an example from the world of finance: My banking information, combined with the information of thousands of other bank customers-our collective credits, debts, loans, and payments-gives my bank a high-level sense of the health of the business. That information has value at the executive, regional, departmental and even governmental levels. Analytics can be applied to any segment of that customer data to uncover trends and determine how well that segment of the business is faring. Based on the analysis, the bank might offer more competitive interest rates or a new mortgage program for first-time homeowners or modify their credit policies to improve their auto loan portfolio. The greater the volume of information the bank has regarding its customers, the greater the data gravity-and the greater the inherent value of that information.

Data gravity and cloud security

Data gravity, unfortunately, also attracts bad actors-private and state-sponsored-who recognize the value in the volumes of data stored in the cloud. The greater the data volume, the more a hacker could benefit from a data breach, particularly when that data contains personally identifiable information (PII). The methods used to breach these data sources range from straight-forward phishing schemes to the use of brute-force processing power to exploit known vulnerabilities.

One of the fastest-growing segments of the IT market is the field of data security. Organizations are strengthening their data security strategies and investing in software to proactively prevent breaches of cloud data that can be initiated in a multitude of ways, including the following:

  • Poorly protected passwords
  • Malware disguised as antivirus software
  • Local File Inclusion (LFI) vulnerability
  • Website application vulnerability
  • SQL injections that install spyware
  • Weak data encryption systems
  • Inadequate security during data transfers
  • Root privilege access to servers

However, not all organizations have proactively adopted strategies to improve their cloud data security, as you can see by viewing the UK’s National Cyber Security Center weekly report of new data breaches. Even after a breach occurs, there have been embarrassing delays from some organizations in notifying affected parties. As a result, governments are instituting regulations that severely penalize organizations for data breaches. Many of these regulations include data sovereignty requirements, meaning data must be securely managed in the country in which it originated. EU data privacy laws spelled out in the GDPR restrict organizations from transferring personal data that originated in Europe to any country with data protection laws deemed inadequate without safeguards in place.

For companies with global operations, new data regulations and sovereignty requirements bring an added layer of complexity to the task of keeping data secure in a cloud environment. As data volumes grow and data gravity increases, data must be protected and maintained in compliance with applicable rules and regulations in all countries of operation. The Second Volume of the Global Interconnection Index (the GXI), published by Equinix, explores these topics and explains how enterprises can effectively manage these and other challenges in an increasingly-connected digital economy.

A strong, consistent data encryption strategy is the best way to contend with the challenges of securing cloud data across multiple countries while staying in compliance with all regulations. At the heart of data encryption is encryption key management. A cloud-based hardware security module (HSM) approach to encryption key management-also known as HSM as a Service-makes the complexity of encryption key management in multicloud environments easier to manage.

HSM as a Service for cloud security

HSM as a Service provides a single control point that simplifies the provisioning and control of encryption keys across leading cloud service providers like Google, AWS, Azure, Oracle, and IBM. Delivered as a cloud service, it’s highly available, fault-tolerant, and horizontally scalable. You can securely generate, store and use encryption keys and certificates, along with other secrets such as passwords, API keys, and tokens.

HSM as a Service has distinct advantages for organizations with global multicloud operations that need to comply with data sovereignty regulations:

  • HSM-grade security in software: No need to be concerned with the cost, overhead, and management of procuring and provisioning hardware security modules across geographies. Encryption keys are held in an encrypted database when not in use. When in use, keys are only available inside a secure enclave to ensure the key material is never available in plaintext to any software component.
  • Reduced workload: Regardless of the number of cloud environments in which your data is stored, your data security organization has a single, centralized encryption key management service. There’s no need to have a different encryption key management service for each cloud environment.
  • Reduced latency and optimized processing: By storing encryption keys at the digital edge, i.e. closer to creators and consumers, you reduce the bandwidth demands necessary to efficiently acquire, process and store data while complying with data sovereignty requirements.
  • Added level of data security: By managing encryption keys separately from the encrypted data, a hacker won’t have access to encryption keys if the data server gets hacked. All the hacker obtains is useless ciphertext.

HSM as a Service on Platform Equinix

HSM as a Service is available as SmartKey from Equinix, whose global platform for digital business orchestrates hybrid and multicloud solutions, accessing all the major cloud platforms across multiple locations. Equinix works with service providers to enable high-scale and high-density data center and interconnection solutions, including dedicated private links to increase security and reduce exposure to data breaches. Interconnection provides a central nervous system for the Internet of Things (IoT) by enabling data to be collected, stored and transferred between multiple systems and clouds for processing while respecting data sovereignty regulations.

As your cloud data volumes grow globally, gaining both data gravity and value, you are increasingly subject to threats of a data breach. HSM as a Service can help you simplify the complexity of managing encryption keys in multicloud environments and provide a greater level of cloud security while complying with data sovereignty regulations. Take a few moments to learn more about Equinix SmartKey and how it complements the data storage and applications you already have hosted with your cloud service providers. Register for a free 30-day trial to see how quickly and easily you can implement a single, centralized method of encryption key management.