Thales Blog

Cloud Control To Major Tom

March 15, 2016

Creating a cloud concious futureWhether data is backed up in the cloud or stored in an on-premise environment, organizations need control over their sensitive data. But as more information moves to the cloud, data physically resides in infrastructures owned and managed by another entity. And you know that means? That means trust goes into someone else’s hands to make the important infrastructure and security policy decisions.

Let’s not forget about the T-Mobile breach, where T-Mobile’s sensitive data was housed by Experian.  Experian exposed the names, addresses, and Social Security numbers of 15 million people who applied for service in the past two years.

ClickToTweet: Cloud Control to Major Tom - A Cloud Conscious Future

So what approach can protect data and overcome these weak points? An approach where control of the keys and access policies moves back to the enterprise, ultimately addressing those weak ‘third party’ points.

Quality not quantity

Organizations are realizing that quality of security tools is far more important than the quantity of tools. Traditional tools like endpoint security aren’t always effective on their own. With threats emerging in cloud and big data environments, we suspect that investments will change as organizations implement a layered approach to defend against sophisticated threats. Drawing on conversations from our partners and customers, it’s clear that it’s not about how much you invest in security, it’s about making the right investments.

Data residency and the need for transparency

Our customers are taking advantage of our platform and offering more transparency when it comes to data location. The reality? Most organizations don’t know where their sensitive data resides. From findings in our recent Data Threat Report – Cloud/Big Data/IoT edition, most security professionals claim at least some knowledge of where their sensitive data is located and only 43 percent claim ‘complete knowledge.’

Fortunately, companies are starting to implement better practices to gain an understanding of data location. Partners like Rackspace and CenturyLink are leveraging technologies for their end customers to create their own keys, using encryption and access control. When data is inside of the service providers, they can be proactive in securing and controlling their data. This is the kind of capability we hope to see continue throughout all types of cloud services.

They’ve got the right idea

Companies like Salesforce and Box are offering customers increased flexibility and control over their data security, and we’re excited about it:

  • Salesforce came out with Salesforce Shield to bake encryption into their platform. They’ve made a strong, well thought out encryption and access control capability that enables enterprises to meet these needs, without the sacrifice of functionality that previous third party gateways and applications required.
  • Box came out with a new security protocol, Box's Enterprise Key Management service or popularly known as ‘bring your own keys.’ By offering the opportunity to bring one's own keys, and by not storing those keys in its own system in the first place, Box is hoping to knock down one of the longest-standing and toughest arguments against storing sensitive data in the cloud.

Creating a cloud conscious future

There’s something happening in cloud security. And that something has become quite the conversation.

The proliferation of data in the enterprise has created an increasing demand for cloud infrastructure. In fact, our recent Data Threat Report – Cloud/Big Data/IoT edition featured the rising use of the cloud with 85 percent of respondents noting that they store sensitive data in the cloud, up from 54 percent last year.

So how can companies gain control while still protecting data?  Ask your favorite cloud service provider how they’re protecting your data and, for those encrypting your data, ask how you can control your key.  For those service providers not encrypting and managing access to your data, you should either run away with your data or point them to me – (  I would be happy to discuss with your favorite cloud service provider options for protecting your data and giving you control and access over the keys to your data.

Defending data in the cloud with Vormetric? Have a different perspective on cloud security?  Let me know your thoughts.  I can be reached at or twitter @cjrad.