The growth of digital services provided by banks, card issuers, as well as an increasing number of fintech startups who are redefining payment methods and convenience is accompanied by an ever-greater vigilance regarding payment security. Hardly a week goes by without a news item mentioning a data breach that disrupts commerce, damages a business’s reputation and makes consumers less trusting of digital commerce.
Based on Equinix’s experience in providing encryption and connectivity services for globally distributed enterprises, we share three best practices—cloud-neutral encryption key management services, private connections and partner ecosystems—for securely managing content and media data/assets.
Based on our experience in working with thousands of customers who’ve moved data and applications to the cloud, we’ve identified three critical pain points that impede an enterprise’s ability to effectively and efficiently manage encryption keys in the cloud.
When we talk to companies around the world, a common topic of discussion is the transformational nature of cloud technologies. In a very short time, the cloud has disrupted every aspect of how IT infrastructure, resources and software are deployed and managed. While there’s near-universal agreement on the economic benefits of this, it’s not all good news: In these discussions, the conversation invariably turns toward the growing challenges of cloud security management - in particular, the management of the encryption keys that are fundamental to cloud security.
Recent technological advances, such as the advent of the cloud and improvements in the areas of global communications, commodity storage and processing speed, give organizations the ability to store data anywhere in the world and manage it remotely. While these advances have undeniable benefits, they’ve also created drawbacks for global organizations, which must contend with an ever-widening set of data regulations. These regulations govern the acquisition, storage and processing of any personally identifiable information associated with customers and employees, as well as the critical operational data associated with utilities, urban infrastructure and transportation. For data security experts, this means increased demands and a heightened workload.
AWS CloudHSM is designed for organizations that formerly used HSMs to manage encryption keys in their own data centers and would like to continue in the same vein by using HSMs provided and maintained by AWS. With CloudHSM, HSMs purchased, provisioned and managed by an organization within their own data centers are replaced by HSMs purchased, provisioned and managed by Amazon.
The cloud strategy you adopt—private, hybrid, public or multicloud—is a key factor in the decision as to which encryption key management strategy will work best for your enterprise. For best results, your key strategy should fit your long-term cloud strategy and should be applied consistently across your enterprise.
The hybrid multicloud is the architecture of the future because it fits where business is going, and so does Equinix SmartKey™, a new as-a-service security offering we’re launching today. SmartKey delivers multicloud-ready encryption key management, which we know is a critical part of doing business in an increasingly digital world.
The 451 Research Pathfinder Advisory report, “Key Management as a Service: A Concept for Modern Encrypted Data Requirements,” cites that more and more enterprise workloads are being placed in the cloud, an estimated 60% by 2018. Given these findings, the time has come for digital businesses to leverage key management as a service for protecting and accessing their data in multiple cloud platforms.
The IOA Security Blueprint Identity and Key Management Security Design Pattern provides a step-by-step strategy for gaining greater control over security functions by deploying local, vendor-neutral identity and encryption key management services.