The Cloud Security Challenge
It’s no secret that cloud technology usage is pervasive among enterprises. According to the 2019 Thales Data Threat Report-Global Edition, some 90 percent of 1,200 responding data security professionals worldwide report their organizations are using the cloud.
While the agility and cost-saving benefits of cloud technologies are compelling, the need to protect sensitive application data remains. And, as if in response, the 2019 Thales Data Threat report observes:
… Organizations already appear to be confident in placing sensitive data in the cloud. This creates an environment in which sensitive data is moving further away from the traditional enterprise data controls in which organizations have already invested. Data must be protected where it sits, in the data center, in the cloud, or at its termination point.
The challenge is to implement robust data security without adversely affecting operational performance. Fortunately, transparent data encryption can protect sensitive data without slowing down operations and does not require changing services and applications.
Pivotal Cloud Foundry
Pivotal Cloud Foundry (PCF) is a cloud platform that lets anyone deploy network apps or services and make them available to the world in a few minutes. When an app becomes popular, the cloud easily scales it to handle more traffic, replacing with a few keystrokes the build-out and migration efforts that once took months. PCF is an open source platform that you can deploy to run your apps on your own computing infrastructure, or deploy on an IaaS like Azure, AWS, GCP,vSphere or OpenStack. You can also use a PaaS deployed by a commercial CF cloud provider. Enterprises have adopted PCF to boost software-developer productivity, reduce operational cost, and create an environment for innovation to scale.
Vormetric Transparent Encryption
When combined with the PCF platform, Thales’s Vormetric Transparent Encryption (VTE) for PCF protects data stored within PCF MySQL server with file-level encryption and access control. This effectively limits data file access to only allowed users and groups. The combination enables organizations to meet compliance requirements while following best practices for data security, including preventing access by administrators of the Pivotal environment.
The Thales solution is a BOSH add-on and supports multi-tenancy. A Registration Service maps tenant organizations and spaces as defined in Pivotal Apps Manager to domains within a Vormetric data security management environment. Once registered, the Vormetic tile protects directories and files based on pre-configured encryption keys and policies. Domains within this management environment can isolate management of data security policies and keys for specific PCF instances to specific organizations or business units.