Thales Blog

A Kick-SaaS Enterprise Encryption Strategy

September 15, 2015

Reach New HeightsCloud computing has changed the way organizations approach IT by increasing agility, introducing new business models, providing more services and reducing costs. With so many obvious benefits, cloud and SaaS adoption is on the rise. In fact, according to the 2015 Vormetric Insider Threat Report, 80% of enterprises are already using SaaS, with 60% of enterprises globally also storing sensitive data within SaaS environments. However, as data moves from on premise to cloud and SaaS providers, new security concerns need to be taken into account - SaaS providers and Enterprises need a SaaS Enterprise Encryption strategy that works to offset these new threats to data.

ClickToTweet: A Kick-SaaS Strategy for Enterprise Encryption

When data is inside your four walls, so to speak, you put trust in your own employees, the infrastructure and security solutions that you select, and the policies that you create to secure it.

But as information moves to the cloud, data physically resides in infrastructures owned and managed by another entity – and that trust goes into someone else’s hands, infrastructure and security policy decisions. That is, unless you and your SaaS provider take a new approach.

Recent mega-breaches (think: Anthem, Sony) have proven that hackers are after one thing: data. By using encryption, SaaS providers can render sensitive data unusable to hackers. However, encryption alone is not enough. Access controls and key management can also prove to be weak points in a SaaS provider’s defenses.

So what new approach can protect your data and overcome these weak points?  An approach where your SaaS provider puts you in control of those weak points, where control of the keys, and access policies moves back to the enterprise.  There are two strong trust models to that can do this. In the first model, SaaS providers encrypt data for their customers, with access policies and encryption keys managed by either by the SaaS provider or the enterprise customer. In a second trust model, enterprises hold and manage their own encryption keys and access policies - whether within their own data centers or within another cloud environment. The SaaS infrastructure then uses these keys and policies to encrypt data within the SaaS application, preventing SaaS provider access to enterprise keys and ultimately enterprise data.

As an example of strong data security offered by a SaaS vendor, Salesforce recently announced Salesforce Shield, a new set of services that includes a strong set of data security features, such as auditing, encryption, access controls, event monitoring and data archiving. With this announcement, Salesforce has set very high expectations for data security – expectations that enterprises are going to be requiring as a capability from SaaS vendors.

Encryption and other cryptographic technologies are basic building blocks within a larger, layered IT security strategy. To ensure data is secure when deploying a cloud environment, there are a number of common sense strategies to employ. An effective cloud/SaaS security solution should incorporate the following capabilities:

  1. Lockdown Data – Ensure that data is not readable with encryption and other cryptographic technologies and and that the solution offers strong key management.
  1. Access Policies – Implement access policies that ensure only authorized users can gain access to the encrypted data , so that even privileged users such as cloud, storage or system administrators cannot view sensitive information.
  1. Security Intelligence – Collect information about data access patterns for those who have access to data for their work (where, when, who and how data is accessed) and use this information with a SIEM or other analytic tool to create intelligent alerts when users are performing actions outside of the norm.
  1. Security Framework – Have a security framework to measure against current or potential cloud providers. This enables you to see which providers are serious about security and offers tools to measure risks and controls.

Recently, Vormetric announced a new solution set – Vormetric for SaaS Providers – which enables SaaS providers to offer secure, compliant offerings to their customers. Vormetric makes available all the capabilities, APIs, interfaces and infrastructure that SaaS providers need to build encryption and access controls into their applications without having to fund a whole new department for these solutions. It’s a great way for SaaS providers to meet these new expectations, expand their offerings, and fully realize enterprise business.

As the adoption of cloud and SaaS continues to grow, SaaS vendors will continue implementing strong security solutions to ensure their customers’ data remains secure. Vormetric offers one of the most robust solutions to meet the needs of both SaaS providers and their end customers. Interested in learning how Vormetric can help integrate and deploy encryption, tokenization and key management to enhance SaaS service offerings? Visit the Vormetric Cloud Partner Program site or contact