Each day at AFORE, we work with business enterprises and cloud service providers who are taking advantage of the benefits that the hybrid cloud has to offer. We believe that the significant growth we’re seeing with hybrid cloud deployments will only continue to increase. In fact, Gartner recently stated that “Nearly half of large enterprises will have hybrid cloud deployments by the end of 2017”. The appeal of the hybrid cloud is that it allows an organization to distribute workloads across the private cloud (the enterprise data center) and one or more public clouds. This distributed workload environment is a proven approach for deployment flexibility, infrastructure scalability, and cost-effective use of resources. However, given the shared nature of the hybrid cloud, we regularly hear concerns about how to ensure the security of sensitive data across this form of multi-tenant, heterogeneous infrastructure. Whether your sensitive data is confidential financial documents, intellectual property, customer identity records, or regulatory compliance information, it’s critical that you take every precaution necessary to keep that data safe from increasingly sophisticated threats, data breaches, cyber-surveillance, third-party cloud administrators and data remanence. At a high-level, here are a few considerations to keep in mind if you’re concerned about how to best secure your sensitive data in the hybrid cloud:
- What data do you need to secure? While there’s a cost associated with securing data—whether that be financial or business flexibility—it’s critical to keep confidential documents, personal information, and regulatory compliance data secure. As you evaluate encryption solutions, look for approaches that allow you to selectively encrypt only sensitive data.
- When does data need to be encrypted? While every organization is different, there are some common considerations that generally apply to determine when data needs to be encrypted. As an example, most sensitive data should always be encrypted when “at rest”. Similarly, data transferred from the application layer to the storage layer (referred to as “data-in flight”) may also need to be encrypted to keep it safe from cloud admins or other tenants. For mission-critical situation, encrypting data at the point of use is critical to lock down all points of egress.
- Where does data live? Sensitive data is everywhere in your organization. Users work with it across various applications, on different devices and workloads are often distributed across the private data center and, possibly, multiple public cloud environments. While you need to protect sensitive data no matter where it exists, practical considerations can make that quite a challenge to manage. A centralized encryption management solution provides “single pane of glass” visibility to control, manage, and report on data security no matter where sensitive data reside, which reduces risk and streamlines regulatory compliance initiatives.
- Who controls the encryption keys? As the data owner, you should always have control over the encryption keys, not your cloud provider. This control is important to ensure that you—and only you—have access to your sensitive data both now and in the future, should you change cloud providers.