Thales Blog

There Is A (security) Castle On A Cloud

September 9, 2016

Thales Thales | Cloud Protection & Licensing Solutions More About This Author >

At the end of last month, Google announced the debut of ‘Bring Your Own Encryption’ – the feature that will allow users to create and hold the encryption keys, preventing anyone accessing their at-rest data within the Google Cloud Platform.

Our most recent Global Encryption Trends Study revealed that for 62% of respondents, ‘support for cloud and on-premise’ deployment is the most important feature of an encryption solution. With a growing number of organisations moving increasingly sensitive data sets to the cloud – Netflix recently announced that it is on the cusp of closing the last of its datacentres – it is perhaps unsurprising that this tops the agenda for many. Of course, encryption is only part of the story. The most difficult part of the process is key management which, if implemented poorly, can be the Achilles heel of an encryption strategy.

When it comes to key management, 61% of our survey respondents rated keys for external services, including cloud or hosted services, as the most painful to manage. Why? Because it requires businesses to tread a careful line between the level of control they are willing to relinquish to the cloud provider, and the trust they must instil in this third party to be able to reap the benefits that the cloud has to offer.

However, it’s not really about ‘bring your own encryption’, it’s about ‘bring your own keys’. Almost all the major cloud providers have acknowledged this trust balance in recent years, and now offer Bring Your Own Key (BYOK) capabilities.

The big concern with any cloud service is that you’re sharing the ‘space’ with other customers. The only way to mitigate this risk is to protect the data with encryption. This raises the question – who controls the keys? Best practice dictates that the data owner should. By keeping control of the keys, organisations can control access to their encrypted data.

It is encouraging to see that enterprises are recognising the need for – and implementing – technology to enable data segregation. As organizations focus on moving more sensitive data and applications to the cloud, BYOK will become an increasingly powerful tool.