There’s no doubt the movement of organizations to the cloud is going to continue. As the advantages out-weight the disadvantages. Organizations want to focus on their business, not on the infrastructure it runs on. Leveraging the most advanced services (artificial intelligence, big data, containers) without the need of hiring highly specialized systems and technicians to maintain the infrastructure, democratize the access to these services, etc.
With the continued transition to the cloud the duty of managing the data security becomes more complex. Recently we reviewed the components that affect data security. Within the movement to cloud some of these components now reside in a third party location. However, the responsibility of data protection in the cloud still resides with the data’s owner.
Each cloud service model (IaaS, PaaS, SaaS) has its own shared responsibility schema for each of the security items, from Physical Security to Identity or Application controls (see an example here)
This means that the cloud customer has to manage the data protection in the cloud, and it becomes a more complex task because of the diverse systems, locations and tools. Especially in cases where not all the customer’s systems and applications are migrated to the cloud or to the same cloud provider (multicloud is another big trend).
Today all the relevant cloud providers offer encryption services integrated with the most relevant services they provide (storage as infrastructure, databases, SaaS, etc.), and the integrated services list grows day by day. These encryption services provide the ability to use keys, certificates, etc. generated and managed by the cloud provider or by the cloud customer. In each case the quality of the cryptographic material generated is of vital importance.
Moreover the performance of the systems that generate and manage the cryptographic material is key, in order not to impact the performance of the business functions that use and require the cloud data protection. Furthermore, the cloud customer has to be sure that the cloud providers implement cutting edge entropy generators to feed the cryptography systems and services with high-performance, high-quality random numbers to comply with both characteristics. Furthermore, the cloud provider must report to the customer relevant information on the entropy that is being generated to protect their data in the cloud infrastructure.
Equally, if the customer decides to manage the cryptographic material themselves they have to ensure they implement the same features. As regards speed, quality, and to monitor that the randomness generated is of the required grade.
At Quside our mission is to deliver the highest performance quantum random number generators (QRNGs) to empower the transition to a more powerful data security against the known and new threats including the added value of providing full visibility on the quality and status of this fundamental element to the audit and monitoring into the Operating Centers.
Data protection is not only a moral obligation to protect our customer’s and organization’s data, there are specific regulations for the different industries and sectors that we all must comply with when managing data. This is not different when we move to the cloud. We are responsible of the data protection in any case.
Taking apart that there are several challenges in protecting the data in general, the big differential challenge when protecting the data in our premises versus protecting the data in the cloud is that the data now resides in a third party domain, while you keep the responsibility on data protection.
Encryption is the main mechanism to ensure data privacy. By encrypting the data you will be sure that nobody could access to the information in case a leakage or security incident.