Giving Companies the Keys to Controlling Their Data | Fortanix Blog

The cloud has become a major focus for organisations seeking to improve processes and increase efficiencies. indeed, most are using more than one cloud provider across their networks to enhance these benefits.

According to recent research from Gartner, 81 percent of public cloud users have two or more providers.

According to recent research from Gartner, 81 percent of public cloud users have two or more providers. However, by placing significant amounts of sensitive data in the cloud, fragmented across several different providers, means that businesses do not have control over the security of said data. Such an approach has resulted in businesses having to trust that all of their cloud providers have a suitable level of security to protect this information. Combined with pressure from regulators about protecting data held with third parties, businesses need to be sure that their data is safe across al their cloud networks.

To achieve this, organisations need to bring the oversight and control of security back into the business. This means implementing a centralised cloud strategy where organisations encrypt sensitive data across al cloud providers themselves and manage it in one place.

Compliance in the cloud

That said, encryption is not a fool-proof defence if the cryptographic keys for the encrypted material are also exposed, providing the criminals with the ability to freely access and abuse the data. It almost goes without saying that there is a significant chance of this happening if the keys are kept in the same or a linked cloud facility as the targeted data. Keys that are kept in the cloud are at greater risk from both external cybercriminals and insider threats.

Businesses need to be certain that their cryptographic keys are secured to the highest standards, which is not always possible on the public cloud. Indeed, this scenario is such a concern for regulators that the international credit card security standard, PCI DSS, prohibits the encryption keys for payment details to be kept in the cloud.

Locking down security

This is where we are seeing a sea-change in approach by organisations, particularly those in highly regulated industries or with a high level of confidential information and sensitive intellectual property (IP), for a way for organisations to manage their own encryption keys via their own KMS.

This is where a Bring Your Own Key Management system (BYOKMS), where encryption keys can be stored in their own data centres and the customers always retain exclusive control of who can see their data, is making a difference. With their own key management system, enterprises are no longer beholden to cloud providers and the potential risk of unauthorised access/decryption being given without their knowledge or consent.

Additional benefits of owning and managing your own keys is that further security measures can be set to protect data, including parameters about when and where the data is used. Nobody will be able to access the data if they try to do so outside of an expected time period or location.

However, taking such an approach requires the implementation of an effective management system that ensures cryptographic keys and certificates are securely generated, used and stored. Having a central place where all of this can be managed is essential for those organisations running on more than one cloud environment. Whether using public, private or hybrid cloud infrastructure, enterprise-wide control and oversight should be available on one central dashboard.

Without such a system, keeping on top of the encryption used across different deployments in multiple geographies becomes exceedingly complex.

Having a centralised cloud strategy also enables businesses to better demonstrate to regulators that they are meeting data security compliance requirements. For instance, those companies that deal with credit card payments and implement a centralised cloud strategy would now be able to store these details in the cloud and be compliant with the PCI DSS.

As more businesses look to move mission-critical digital assets to the cloud, they need to be certain that the data they are putting there is safe. Failing to do so could severely impact the organisation in terms of reputation, revenue and regulatory compliance. By bringing full control and oversight of its encryption processes back in house, organisations can ensure that critical and sensitive information is locked down and can only be accessed by authorised persons.

Originally published at

Fortanix™ has created the world’s first runtime encryption solution. Enterprises get provable, portable, and preventive security for their applications!