Cloud architects, who are often the nexus for critical decisions regarding data, applications, services and security, need to work closely with participants in any cloud project to determine the optimum key management strategy. This decision will be particularly important as an enterprise evolves its IT resources from an on-premises model to a widely distributed, multicloud model. A brief review of cloud evolution and the possible encryption key strategies that can be employed to highlight the pros and cons of various approaches.
Encryption key management is the foundation for data security. However, the well-established methods of managing encryption keys using legacy hardware security modules (HSM) are inadequate for the growing number of applications hosted in the cloud.
Imagine knowing everything about a customer before they come through the door – name, preferences and interests, buying history, who they are connected to, where they live, and more. That kind of intelligence makes it easy to strike up a conversation with the customer and make the right recommendations that can lead to sales. The more you know, the more chances you have to win.
Data encryption is the bedrock of cybersecurity. Encrypted data remains worthless ciphertext without access to encryption keys; hardware security modules (HSM) are well-established means for securing those keys in on-premises data centers. Data security teams are well-versed in the process of purchasing, provisioning and managing those HSMs.
Residing on disks, in computer memory or transferred by wire or wireless, data increasingly drives global economies. Try going a day without internet access. How isolated do you feel when you’re out of cell-tower range? Your day is driven by data, and the value of data is defined by its context and usage.
To remedy this embarrassment and bring a greater degree of security, the payment card industry as well as real-time payment platforms are moving to tokenization—a process by which a surrogate value in the form of a series of randomly-generated numbers, known as a “token,” replaces the primary account number.
When we talk to companies around the world, a common topic of discussion is the transformational nature of cloud technologies. In a very short time, the cloud has disrupted every aspect of how IT infrastructure, resources and software are deployed and managed. While there’s near-universal agreement on the economic benefits of this, it’s not all good news: In these discussions, the conversation invariably turns toward the growing challenges of cloud security management - in particular, the management of the encryption keys that are fundamental to cloud security.
The cloud strategy you adopt—private, hybrid, public or multicloud—is a key factor in the decision as to which encryption key management strategy will work best for your enterprise. For best results, your key strategy should fit your long-term cloud strategy and should be applied consistently across your enterprise.
Enterprises should consider a vendor-neutral HSM-as-a-Service that provides the protection and a service level agreement (SLA) to effectively support the “shared-responsibility” model between cloud providers and their customers.
Stored and accessible PII, which is broadly defined as any information that could be used to identify an individual, facilitates these transactions for all consumers. However, near-weekly reports of significant data breaches have raised concerns about the ability of retailers and other organizations to keep consumer records secure.