This blog post is about cloud encryption and we’ll get to that, but first a little on change. Change, even change for the better, tends to be stressful. Get a new car, you have to set up all the Bluetooth and media stuff. Get a new house and you need internet and utilities. Leave all the horrors and hassles of on premises IT behind for the shining new cloud and you worry about security. Change is stressful.
The Cloud promises to make many things much better. Agility is a given, as is speed. Cost, less so, but that is another discussion for another time.
One thing that really does raise concerns about the move to the cloud is security (interested readers may want to explore the HyTrust State of the Cloud and SDDC Study). This to me is a little bit like the worries that some have about air travel that they do not share when getting into a statistically significantly more dangerous car. Much of it has to do with control. Driving your own car, you feel a greater sense of control – your destiny is in your hands. In a plane, you are counting on the folks in the cockpit to get you back to the ground safely and the lack of control for many is scary.
When you reflect on it a bit, security, or at least the fundamentals, shouldn’t be scary in the cloud. Even your in-house server guy is likely going to agree that when compared to the likes of Azure or AWS, he may not be quite as good. The big cloud operators hire the very best and implement the best possible automation. They do it the way its meant to be done, particularly when looking at things at scale.
That said, nobody is perfect and you should still run cloud encryption of some sort. HIPAA, for example, grants safe harbor to breaches of encrypted data, allowing you to avoid the stigma of a public announcement – as long as all the ePHI is “rendered indecipherable to unauthorized individuals. “ Now there are different approaches to how you might want to do that that. If you leave everything to your cloud provider, it may be convenient but in a way that puts you back on the plane or bus – you are not really in control of your destiny. If your provider is managing your encryption and encryption keys, you are depending on them not to share your data. Guess what, when presented with court papers or when visited by folks with badges and guns, they are going to give up your data.
What if there was another way to do cloud encryption? Well, actually there is. You could use HyTrust Cloud Encryption, aka HyTrust DataControl. One common way of deploying cloud encryption would be to have the key manager (think a client-server model with management handled by the key manager that controls an agent running on the VM) running on premises while the VMs run in the cloud. This gives you complete control over encryption keys with the implication that unless you give [someone] the keys, they are not reading your data, regardless of what they do with or to your cloud provider.
We are currently running a special promotion on encryption for Vormetric customers, details here. If you are interested in a comparison between Vormetric and HyTrust, you can read one here. We also have white papers on the Top 10 Encryption Myths, the Top 10 Encryption Benefits and Encryption for IaaS.
Thanks for reading.