The Role of Key Management in a Multi-Cloud Workload World

Cloud computing is an essential component of online businesses today. We are now seeing rapid growth in the demand for multiple public and private cloud platforms. Behind this expansion is a need for a cost-effective way to develop and deploy new and innovative software faster so companies can more effectively win, serve, and retain customers. In order to meet this need, organizations are turning to cloud platforms to find the infrastructure and services they need to quickly build and transform customer-focused web and mobile apps.

Forrester’s Business Technographics Global Developer Survey, 2015 shows that 34% of enterprise developers have built software for elastic cloud platforms in the past two years.shutterstock_image

Today, it’s unlikely that any single cloud platform (public or private) is capable of providing organizations with everything they want in a single package.  As they build and maintain different types of apps on different clouds — including legacy platforms — organizations will need different types of infrastructure and services and will therefore have different workloads on different cloud platforms.  While organizations will typically get excited about all the resources at their fingertips, but they don’t necessarily want to shoulder the burden of responsibility when it comes to high-level management tasks such as selecting a new platform, monitoring, governing and controlling them.

Rising to the Challenge of Cloud Security

The trend towards multi-cloud infrastructure, combined with the increasingly higher levels of attacker sophistication, creates a need for enterprises to build a security architecture that goes beyond existing perimeter-centric models that were developed before the cloud. However, migrating data to the cloud poses significant challenges for enterprises concerned with compliance, data sovereignty, and maintaining control of data. Therefore, organizations must find a solution that can integrate with their existing infrastructure and across their heterogeneous environments including across multiple clouds. Today, organizations are experiencing many issues with multi-cloud security, ranging from a lack of redundancy, risk management and API controls. The most common challenge is the ability to meet data protection and access.

In a recent security survey 40% of organizations indicated they were currently storing or processing sensitive data in the cloud. According to the survey, 40% cited unauthorized access from other cloud tenants as their most pressing security concern. Furthermore, most felt they did not have a suitable degree of visibility into cloud provider operations and security controls. Many also mentioned encryption as a primary control they were implementing or planning to implement to secure their data in the cloud.

Secure Enterprise Key Management (EKM) in the Cloud

Enterprise key management is a real challenge at the best of times. While encryption enables access control to your data, poor key management and storage  can lead to it being compromised. When you add the additional risk of having a third-party controlling physical and logical access to your infrastructure, the challenge of keeping your encryption keys secure becomes more critical. The main security issue lies in the fact that key management is often combined with key storage. This situation is similar to you renting a safe deposit box at a bank and letting them also keep the keys to it. Access to your encryption keys gives your provider access to your data – which makes you vulnerable. Potential risks include intentional or malicious acts by the cloud provider’s internal personnel, or the cloud provider facing a subpoena by the government saying they must turn in the keys and/or the data.

For this reason, enterprises are concerned about cloud service providers having access to encryption keys stored within the service provider environment. In a study conducted in early 2015 by the Ponemon Institute, 50% of respondents stated that implementation of encryption technology was challenging. Trying to integrate internal encryption and key management tools with cloud provider technology can compound the issue.

What is the Best EKM Solution?

All of these factors combine to drive organizations toward new models and tools for data protection, with encryption at the forefront. Cloud service providers have introduced many new encryption offerings within the past several years. However, these solutions don’t answer the need for organizations who with workloads across clouds. The dedicated key management services that they provide only support their own environments.

Unbound Key Control – A Smart Solution to EKM

Unbound Key Control (UKC) provides a clever solution to the problem of key management in a multi-cloud world. Specifically, an organization can move part of their data center into the cloud, and move their entire cryptographic infrastructure into UKC (UKC handles the SSL keys, password protection, data encryption, PKI, and so on). As part of Unbound’s implementation, one part of the key is stored in the cloud and the other part inside the enterprise. This prevents the cloud provider from having full access to the key and thus cannot carry out operations by itself. This solves one of the major problems of moving to the cloud and is a pragmatic enabler for organizations to begin their transition to the cloud.

Unbound implements full united enterprise key management in a multi-cloud environment, with the ability to secure your private keys in the public cloud. Any keys. Any cloud.

The main features of Unbound Key Control include:

    • Provision when and where you want, instantly
    • United key management for ALL workloads and ALL IaaS cloud providers
    • Ability to scale up and down, as with standard VMs
    • Secure access control in the cloud (M-of-N)

[smicon anim=”fadeInLeft” icon=”fa-film” type=”icon-border-round” color=”color-default” size=”fa-2x” /] [tblock anim=”fadeInRight” title=”On-demand Webinar” tag=”h5″ position=”text-left” class=”font-size-25-30″/]Securing Data in a Perimeter-less and Multi-Cloud IT Enviorment

Register Now >

Avner Mor

Avner Mor

As Unbound CEO and Co-Founder, Avner brings 25 years of experience in turning technology to business, leading startups and corporate innovation teams.

Subscribe to BLOG