Sol Cates | Principal Technologist, Data Protection
As I noted in my December 16, 2019 blog post “Cloud Data Security: Who Should Hold the Keys?”, nearly half of all corporate data is stored in the cloud. That was based on Thales 2019 Cloud Security Study. Our 2020 Thales Data Threat Report-Global Edition tells us 98% of surveyed organizations have some data in the cloud, and the estimated amount of data in the cloud is now 50% and that 48% of that data is sensitive.
Additionally in that blog, I discussed how Thales is working with Google Cloud’s Key Management System (KMS) to confidently secure organization’s workloads. The integration between Thales and Google Cloud’s KMS will allow businesses to store encryption keys in their on-premises, colo or cloud-based FIPS 140-2 level 3 HSMs as opposed to storing keying material in the Google Cloud platform or a software-only KMS. For more information on how we are working with Google Cloud, check out the recent webinar, Managing Keys in the Google Cloud Platform, presented by Google’s Il-Sung Lee, senior product manager, and me.
Fast forward to last month when Google announced the general availability of the Google Cloud VMware Engine, an integrated cloud offering that enables organizations to create vSphere data centers on Google Cloud. This solution allows organizations to seamlessly migrate and extend their on-premises VMware vSphere-based environments to Google Cloud with no changes to their tools, process or applications. The Google Cloud VMware Engine is also a great solution for enterprise IT infrastructure organizations looking to consolidate and extend their data center capacities, as well as optimize, simplify, and modernize their disaster recovery solutions.
But what about security?
CipherTrust Manager for the Google Cloud VMWare Engine
The Google Cloud VMware Engine can leverage CipherTrust Manager from Thales to simplify data protection operations by giving security teams the ability to uniformly view, control, and administer cryptographic policies and keys for sensitive data. Organizations can improve key security and simplify the audit preparation process with CipherTrust Manager by retaining ownership and control of keys for all their encrypted data. CipherTrust Manager enables organizations to centrally manage encryption key lifecycles and policies independent of where the data resides and helps them meet data privacy and compliance requirements. The new platform architecture allows for more hybrid deployment architecture options, and the end-customer remains in full custody and control of their encrypted VM and data images, as they move to Google Cloud.
The Google Cloud VMware Engine enables organizations to deploy the same proven solutions seamlessly in both the public and private cloud. VMware simplifies the deployment and eliminates the need for partners to refactor solutions for the Google Cloud VMware Engine, and CipherTrust Manager enables organizations to centralize key management, encryption, and tokenization to simplify security operations such as data visibility, compliance auditing, and policy enforcement.
More information on how we are working together on this will be provided during Google Cloud’s Next OnAir event this week.
Securing Virtual Machines
Hybrid cloud environments are the new reality. Organizations need to look to best practices to protect data from cyberattacks as well as achieve and maintain compliance across their private or public cloud environments. CipherTrust Manager can help.
For more information on CipherTrust Manager for VMWare, please read our solution brief “VMware and Thales Deliver a Secure Virtual Machine Encryption Solution.”