Companies and individuals are using cloud services more and more. Putting so much of our data into the cloud introduces a growing problem. The lines between public cloud, private cloud, and software-as-a-service (Saas) have rapidly blurred as new technology develops, redefining what “cloud” actually means. Some businesses put significant portions of their infrastructure into the cloud and choose to keep only a very small footprint in a traditional data center or office. More commonly, businesses will leverage SaaS to handle common IT requirements such as email, storage, CRM, and backups.
Every time data is relinquished to a 3rd party there is risk that it will be exposed. This could be due to security breaches by hacktivists or nation-states, but it could also come from negligence or an internal threat. On platforms such as AWS, Google Cloud Storage, Dropbox, or Office 365, the difference between a document being private or public is just a few clicks. With no control over what security features are offered by SaaS platforms, businesses must find a different way to secure the data. Without a solution to this problem, the cost savings of leveraging a SaaS solution are outweighed by the significant risk of data loss.
Enter the CASB
Cloud Access Security Brokers (CASBs) encrypt data as it’s being written to the cloud and decrypt it when it needs to be read and presented to a user. This is performed by either placing an agent on client machines or by installing a proxy on the network. For example, when a user goes to access Dropbox, they access it through the CASB instead of connecting directly. This means even if files are mistakenly shared or made public, they are still encrypted and cannot be read or used.
Encrypting large numbers of files to secure a company’s data creates a different problem — how do you manage all of the encryption keys? The more frequently a single key is used to encrypt data, the easier it is to crack that key and decrypt the entire collection of files. To maintain good security, many keys need to be utilized. Ideally, using a unique key for each encrypted file makes it nearly impossible to crack. As more encryption keys are created, however, it becomes more difficult to correlate which key goes with which file and who can access it.
Add In a Key Management Server
Key Management Servers such as Fornetix VaultCore are designed to offload the arduous task of ensuring that keys are managed properly and securely. Key managers provide separation of powers between the system creating the encryption keys and the system performing the data encryption. As well, VaultCore provides a single-pane-of-glass view for all encryption keys in an enterprise. With the highest capacity in the industry, VaultCore can store up to 100,000,000 keys in a single appliance, supporting the demands of even the largest enterprises.
By integrating a Cloud Access Security Broker and Fornetix VaultCore, companies can leverage cheap storage and application services to save money without compromising security.
Ready to find out more? Request a demo today.
Note: This entry has been edited to reflect the ‘Key Orchestration’ solution name becoming ‘VaultCore’