By: Patrick Lastennet
Today, according to a 2017 IDC survey, more than 50% of organisations are adopting hybrid cloud architectures as they undertake their digital transformation and accelerate the disposal of directly owned infrastructure. A hybrid architecture makes it possible to connect existing IT and digital initiatives, by integrating front-and back-office systems in a way that most companies find more palatable than the prospect of moving all IT into the public cloud.
However, in terms of data management, hybrid and multi-cloud environments are bringing their own challenges. Whilst volumes skyrocket and datasets increase in sensitivity, governance of fragmented data becomes increasingly complex.
Starting at the physical level, sensitive data must reside in the data centre, meeting best practice standards for security and availability. Adopting industry best practices for managing encryption keys is crucial for enabling the highest level of protection of data and applications.
To aid our customers with these efforts, we’re launching the external Beta of Interxion Key Guardian.
Interxion Key Guardian is a colocated encryption key security service that uses Hardware Security Modules (HSMs) for high performance crypto operations and secure key storage for applications in the Public Cloud or your own data processing infrastructure. The keys are secured in an HSM appliance dedicated to you, outside of, but in close proximity to the cloud environment in which cloud applications reside. This architecture allows for high performance, low latency integration with your cloud apps while demonstrating strong auditability with a precise physical location of the keys in a secure environment.
Here’s how it helps organisations
In a 2016 study of non-IT executives, 71% said that concerns over cybersecurity are impeding innovation in their organisations. Addressing this new reality from a cybersecurity standpoint has become a defining challenge of organisations undertaking digital transformation.
This is further exacerbated by the upcoming GDPR, coming into effect in May. Whilst most digital leaders are preparing for the impact of GDPR, major data breaches can still occur as a result of the sheer complexity of implementing privacy by design in a hybrid and fragmented infrastructure.
Encrypting data at rest is directly referenced in GDPR as a way to control and protect personal information and protect against such data breaches. With encryption comes the need to secure and manage encryption keys. In an ideal world, solutions would be available for enterprise-wide Key Management that are fit for hybrid and multi-cloud. However, as Gartner points out in their report Develop an Enterprise wide Encryption Key Management Strategy or Lose Data, “With each environment supporting a variety of capabilities and configuration options, the idealized development of an enterprise wide EKM solution may not be attainable.”
Rather, organisations must develop an enterprise wide encryption key management strategy. At the heart of this strategy must be sound data governance principles. One of which, in context of cloud, being the segregation of encryption keys from the data it protects. To minimise risk attached to the potential for encryption keys to be compromised, HSMs designed as the safest means of protecting cryptographic secrets should be used.
Key Guardian is designed as an open platform which allows for FIPS 140-2 Level 3 certified HSM, technology from Gemalto, Thales and Utimaco to be available, leveraging our Cloud Connect network across Europe. This allows for long-term architectural fit, supporting multiple clouds without vendor lock-in to specific Cloud Service Provider Key Management solution or HSM.
One of our first committed beta user is Blockchain Helix with their Helix Alpha solution.
In November 2017 Blockchain Helix released the first public version. It demonstrates the creation of a Trusted Digital Identity with validation of user data (KYC) in compliance with German laws and regulations (GDPR).
The next steps are the integration of eID and video identification. The vision of Blockchain Helix is to enable a trusted and secure digital economy and society.
Oliver Naegele, Founder & CEO: “The Interxion Key Guardian service is a perfect fit to bring the security level from Banking Systems to their Digital Identity Platform”
Get in touch if you want to learn more about how Key Guardian can help your organisation.