Thales Blog

Encryption Key Management – A ‘To Be Continued’ Story

July 19, 2016

Social KMaaS for Salesforce ShieldOn your weekly trip to the bank, you likely don’t even think twice about the fact that every time you hand over money that trust goes into someone else’s hands to keep your finances safe. And while you’re relinquishing control, you can very well assume necessary precautions are already in place: the building will be locked after hours and if there is a spare key – it certainly will not be stored under the front mat. It likely won’t even be stored in the same premises. But while protecting keys has become second nature in the land of physical security, the same cannot be said for protecting data in the land of cybersecurity.

Click to Tweet: Why KMaaS (for #encryption keys) for your Salesforce data?  :Blog by @tumulak

Think about data. Encrypting data is like the locks on a building. You can’t just leave the keys to unlock encrypted data around, you need to have proper management in place. But as more information moves to the cloud, data physically resides in infrastructures owned and managed by another entity. That’s like if a freelance security guard goes rogue and steals the keys to the bank.

Like the building, locks, and security cameras of banks, strong encryption is an essential defense in the battle to protect sensitive data. For data security, it’s just as essential that we think about the security of keys that unlock encrypted data (which if in the wrong hands can render encryption useless and can result in major financial and reputational harm). While at first glance, managing numerous keys across the lifecycle may seemingly introduce many obstacles, I am here to tell you it does not need to be that complicated.

Interested in why an integrated Encrypt Everything from the cloud to the data center might make sense?  Read the report from IANS  Dave Shackelford about “Encryption as an Enterprise Strategy” here.

Salesforce announced last week that they added a Bring Your Own Key (BYOK) functionality to the platform encryption service with Salesforce Shield, a set of integrated security services built natively into the Salesforce platform. Salesforce Shield Platform Encryption with Vormetric KMaaS ensures complete control and visibility over how sensitive data becomes encrypted in Salesforce. This combined solution can reduce the time and cost to meet PII, PCI, ePHI, GDPR and other compliance requirements--as well as add an important layer of security to protect an organization’s most valuable data. The result is a Salesforce environment with enhanced compliance controls that can be easily verified by regulators and auditors. KMaaS is easy to deploy, instantly scalable and enables lifecycle key management including key creation, uploading, updating, storing and deletion. To further increase privacy, the service supports multiple Salesforce instances by allowing users to create different KMaaS administrators with keys that align to each enterprise organization.

Because this Vormetric solution is deployed “as a service” with Salesforce Shield Platform Encryption, customers can leverage the benefits of the cloud while ensuring optimal control. And, with no need to deploy hardware on-premises, the solution eliminates the hassle of architecting and maintaining a high-availability key management solution.

The proliferation of data in the enterprise has created an increasing demand for cloud infrastructure. And we have every expectation to exceed that demand. No matter what solution to these problems you employ, you must be ready to secure your data in cloud environments just as you would with data stored locally.

Key management has always been a very important part of encryption. Equally as important if not more important is how and where you are using the keys to unlock data.

Salesforce is one of the leading cloud providers and with encryption becoming more prevalent in the cloud, the story does not end here. Vormetric is working with many cloud providers to provide encryption and key management solutions for their cloud environments so organizations can have control of their data. As we offer more and more encryption and key management solutions, I’d like to label this cloud/key management story as ‘to be continued’ as I can assure you for those security conscience cloud providers, the story does not end here.

As one of the most recognized names in the cybersecurity industry, organizations can trust key management in the hands of Vormetric and Thales. Want to learn more about our key management offering? Tweet us at @Vormetric.