Back in 2010, Forrester Research predicted that by 2015, security would shift from being the number one inhibitor of cloud to one of the top enablers. This prediction has proved to be correct, as enterprise cloud has now become one of the most secure ways to store and share data.
But in spite of the improvements to cloud security over the last five years, the perceived threat to the security and privacy of digital information has grown. Concerns about the government accessing our private data have been particularly heightened in the United States since the Edward Snowden revelations about the NSA’s snooping practices in 2013.
On top of this has come concerns about the threat of hackers to the enterprise, and the rise of news stories around rogue employees stealing confidential business data have led to increased awareness of a the need for robust enterprise data security.
Addressing the physical data problem
It is the physical aspects of where data is stored in the cloud that cause many of the concerns, which is ironic considering that the cloud was designed to remove many of the challenges that come with storing and sharing physical data. The trouble is, data is subject to the laws of where it is physically stored; for instance, data held in a data centre in the United States is subject to American laws. But so is data held outside of the United States in a cloud owned by an American company. This fact took Microsoft by surprise in 2014, when they received a subpoena from the US Supreme Court to release customer data held in their Dublin data centre.
Non-US customers have become more discerning when it comes to where their data is held, and they expect to have the ability to choose the jurisdiction of where their data is physically hosted. Subsequently, cloud providers have clamoured to open data centres in jurisdictions around the world to cater for their clients’ need for data to be held in their country of choice, and be subject to laws of that jurisdiction. This trend has allowed for smaller cloud and SaaS providers outside of the United States to take on some of the biggest US challengers, such as Amazon Web Services and Microsoft, particularly within the enterprise market.
Aside from the opening of many new data centres around the globe, there have been two recent developments in cloud infrastructure that have helped to overcome these concerns and mean that the cloud is now more secure and private than ever before. The first is hybrid cloud storage, and the second is encryption key management, or EKM. The combination of these two solutions enables enterprise cloud customers to have maximum flexibility over where and how their data is stored and secured in the cloud.
How do hybrid and EKM make the cloud more secure?
Hybrid storage gives customers the ability to choose where they want their data stored, with the option to split data between different data centres and on premise storage. This offers incredible flexibility, enabling enterprises to store different sets of data across different jurisdictions.
This is particularly beneficial for enterprises whose clients have specific requirements for where their data is stored; for instance, a law firm in the UK may have an Australian client who requires their data to be stored in Australia and be subject to Australian data laws. The UK firm can maintain its core corporate data in the cloud in the UK, but all data associated with the Australian client can be stored in a data centre in Australia, without any discernible difference for the end users.
While hybrid allows the customer to choose precisely where the data resides, encryption key management gives control of who can access this data back to the customer. Until recently, most cloud-based applications stored the encryption keys in the cloud alongside the data. While this did offer a level of protection sufficient for most enterprise customers, it meant that the encryption keys were managed by the cloud vendor rather than the customer.
EKM places the keys in the hands of the customer, separate from the data itself. Not only does this tighten security generally, reducing the probability of any third parties being able to decrypt the data, crucially it means that if a government body or agency were to seize the cloud vendor’s servers, they could not decrypt the data within.