Thales Blog

The Time Is Right For Multi-Cloud Key Management

October 27, 2017

Multi-cloud use – It’s here in spades

The Time is Right for Multi-Cloud Key Management

One of the things we see every day at Thales is how the pace of change in organizations is pushing them to adapt and utilize cloud, big data, IoT and container technologies. Organizations are digitally transforming themselves at a fundamental level to address new markets, offer new services to existing customers and stay relevant in a rapidly changing world that is increasingly operating online. One result is that fewer organizations are keeping new resources within the traditional four walls of the enterprise. In fact, the default option when a new initiative gets underway is to do it “in the cloud.”

It’s also clear there is no single cloud environment or vendor that’s winning as they make these transitions. To meet their diverse needs, many organizations leverage multiple vendors offering Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Services (SaaS) environments. Here’s what some analysts say about the topic:

As cyberattacks also increase, these same organizations face both a stronger internal focus on protecting sensitive information, as well as additional industry compliance and government regulation mandates.

The number one tool that organizations need in order to enable further adoption of these cloud environments is encryption. According to 451 Research, 60 percent of enterprise IT security professionals identified data encryption in the cloud with enterprise key control as the top IT security tool needed.

Multiple clouds with multiple encryption solutions and use cases create problems

Many enterprises choose to use their cloud providers’ native encryption solutions to protect their data – this poses a number of problems:

  • Meeting best practices requires that these keys be stored outside of the solution provider’s environment
  • Within each cloud provider’s environment, enterprises will typically use hundreds to thousands of keys. These include keys for securing communications, keys associated with specific applications (like Office 365 SharePoint and IaaS usage in Azure), specific groups (Finance in Salesforce, for instance) and more
  • Meeting key management requirements under compliance and regulation regimes for key expiration, rotation and management environment security
  • Lots and lots of keys, for lots and lots of uses …that require lots of specific maintenance and usage methods

How are most enterprises approaching this today? In a word: spreadsheets.

But when you look at thousands of keys, tens to hundreds of use cases and the need for all to map back to enterprise roles and responsibilities, spreadsheets quickly become non-viable and in fact, can lead to compliance and regulatory violations.

Enter the latest solution from Thales – CipherTrust Cloud Key Manager

CipherTrust Cloud Key Manager provides the centralized, multi-cloud key management needed to solve the problem.

It includes centralized, multi-cloud key control and management for IaaS, PaaS and SaaS use. Supporting Microsoft Azure Key Vault (includes Microsoft Office 365 support), Amazon Key Management Service (available in December) and Salesforce Shield Platform Encryption, the Cloud Key Manager enables encryption, access control, key management, key activity logs and more for all the applications and environments that are supported by these services.

The CipherTrust Cloud Key Manager is available either as-a-service or for on-premises deployment. As-a-service is an advantage for organizations that have gone “all in” on cloud applications, and are minimizing any expansions in their data center. On-premises deployment allows for the strongest level of control over the key management environments that organizations with heavy regulatory or compliance requirements will need:

  • Secure key storage and management
  • Single tab access to all cloud providers
  • Logging and reporting for enhanced visibility and compliance

Terminology is even matched to the cloud provider – Salesforce, for instance, uses “Tenant Secrets” to describe the information used to create encryption keys in their environment, while Azure uses “Keys” as the common terminology.

The Time is Right for Multi-Cloud Key Management

The result of this solution is removing the errors and bottlenecks that are inherent in manual operations, making it simpler to manage and match policies and usage across cloud environments. In addition, the solution meets compliance, regulation and best practices requirements for storing, managing, rotating, retiring and using encryption keys to safeguard the interests of organizations.

Lastly, it’s worth noting that this solution is just one element of the data security offerings that Thales brings to enterprises today. Offerings that make it easy and efficient to manage data-at-rest security across your entire organization with advanced encryption, tokenization and centralized key management.

You won’t need to manage the encryption, key management and access control to your cloud data separately from the rest of your environment. It can all be done on one platform from Thales.

Find out more about Thales Data Security Platform here. And more about CipherTrust Cloud Key Manager here.