Thales Blog

Seamless Data Security Integration For Cloud Service Providers And Enterprises

February 19, 2013

Data Security Integration

When organizations build products, not just security products, they do so with a user interface that ultimately sets the tone for the overall user experience. This can range from very positive (if the organization takes an Apple-like approach to user interfaces) all the way to negative for products where the common use cases aren't thought through well enough. As customers and partners begin to realize the value of a product or service, one question that usually comes up is whether the functionality can be embedded into an existing application or service to allow for seamless integration and automation of new capabilities into an existing solution.

Specifically for data security, many cloud service providers today need to transparently provision their offering and automatically apply all of the appropriate policies so that data is locked down, only certain users can view that data, and they have the necessary security intelligence to know exactly who is accessing certain data. A set of APIs or scripts that can do this is the ideal way to tie into the user flow of an existing cloud service. For example, when a new enterprise customer signs up for a CRM or project management cloud service, data specific to that enterprise is immediately stored in the cloud. Part of the signup process should ensure that the data is secured properly in a multi-tenant environment with unique keys that are separate from those of other customers.

If you ask cloud providers today what they are doing to protect their customers' sensitive data, many will say they are encrypting. The harsh reality is that many are relying on AWS S3 encryption —which is the equivalent of disk-level encryption— and that provides precious little threat coverage. I would strongly encourage everyone who is serious about maintaining control of their data to truly understand in detail how their cloud service providers are locking down their sensitive data. Vormetric Toolkit combines the strong security desired by cloud service providers with the seamless integration necessary to enable those cloud service providers and enterprises to focus more on driving their business and less on how to secure sensitive data or respond to data breaches. More information on Vormetric Toolkit can be found at:

Photo credit: Cakes by Lynz via Flickr Commons

Derek Tumulak is Vormetric’s vice president of product management. Follow him on Twitter @Tumulak.