Research

By Adrian Lane

Discussion on multi-cloud strategies is atop the list of inbound questions customer ask us. “How do you architect applications and what technologies will promote a cloud neutral approach?” is what is commonly asked, and all have a fear of vendor lock-in. As such, they want critical security controls to be under their control. And given most customers worry over control of encryption keys, key management is always a major issue. As such, we are re-launching our research work on multi-cloud key management. Infrastructure as a Service entails handing over some security and operational control to the service provider. But responsibility for your data security does go along with it. Your provider ensures compute, storage, and networking components are secure from external attackers and other tenants, but you must protect your data and application access to it. That means you need to control the elements of the cloud that related to data access and security, to avoid any possibility of your cloud vendor(s) viewing it.

Encryption is the fundamental security technology for data security and privacy, so it should be no surprise that encryption technologies are everywhere in cloud computing. The vast majority of cloud service providers enable network (transport) encryption by default and offer encryption for data at rest to protect files and archives from unwanted inspection by authorized infrastructure personnel. But the principal concern is who has access to encryption keys, and whether clouds vendor can decrypt your data without you knowing about it. So many firms insist on brining their own keys into the cloud, not allowing their cloud vendors access to their keys. And, of course, many organizations ask how they can provide consistent protection, regardless of which cloud services they select? So this research is focused on these use cases.

We hope you find this research useful. And we would like to thank nCipher Security for licensing this paper for use with their customer outreach and education programs. Like us, they receive an increasing number of customer inquiries regarding cloud key management. Support like this enables us to bring you objective material built in a Totally Transparent manner. This allows us to perform impactful research and protect our integrity.

You can download the paper here

Comments