Rob Elliss | Thales CPL VP of Sales - EMEA
During the pandemic, I got the chance to catch up on a few movies and TV shows I never would have had the time to watch in the “old normal” humdrum of life.
One such show was the Academy Award winning documentary “Free Solo” which follows the attempts of professional rock climber Alex Honnold to be the first person to climb El Capitan's rock face at Yosemite National Park without ropes or climbing equipment.
In the documentary, the interviewer asks, “Does it feel different to be up there without a rope?” Alex downplays the implications “There’s obviously, like, much higher consequence.”
When analyzing his chances of success of climbing without safety ropes, Alex goes on to say, “People who know a little bit about climbing, they’re like ‘Oh he’s totally safe’ and then people who know exactly what he’s doing…are freaked out!”
This got me thinking. Many organizations are trying to speed up their ascent to the cloud but, having abandoned the safety ropes of their on-premises security, how many organizations have failed to stay in full control of their sensitive data such as personally identifiable information, financial records, and corporate intellectual property?
The main public Cloud Service Providers (CSPs) focus heavily on their responsibility of providing a secure cloud infrastructure. However, whether you are a bank, retailer, manufacturer, telco provider, hospital, government department, or indeed any organization that stores or processes personal or sensitive data, then you remain legally responsible for ensuring the privacy of your data and complying with relevant privacy regulations such as GDPR, HIPAA, and PCI-DSS.
You need to know where that data is stored, who can access it, and what happens if it falls in the wrong hands. Up in the cloud, without the independent control provided by a safety rope, there are obviously much higher consequences for your business, and your customers, if your data is breached.
By taking control of your digital sovereignty early rather than leaving it as an afterthought, Google Cloud and Thales can help you unblock data privacy and compliance barriers, and accelerate your migration to the cloud.
Together, we offer new capabilities to transfer data to the cloud or multi-cloud while maintaining digital sovereignty, allowing ownership and control over private encryption keys, and helping to address heightened regulatory requirements.
Adopting Hybrid Multi-Cloud Environments
Organizations are increasingly adopting hybrid or multi-cloud for commercial, technical, or compliance reasons. The idea is to avoid over-reliance on a single CSP and retain the ability to run workloads wherever they are needed. As you add more workloads across clouds you can end up with thousands of different key stores associated with different applications and workloads that have to be managed manually using different processes and interfaces.
Human error of managing multiple disparate key stores can be the biggest source of security holes. Thales can help you consolidate keys in one place and manage them through a single pane of glass which reduces operational cost, improves security posture, and increases the portability of workloads between on-premises and different clouds.
A Risk-Based Approach to Key Management
We recommend taking a risk-based approach to achieving digital sovereignty by applying an appropriate key management strategy. As you apply tighter controls on your data, you will increase data portability but this may place limitations on the extent to which you can use native cloud services. The solution is to balance control against risk. On average, 80% of workloads don’t contain sensitive data so it’s okay to use native CSP key management. However, 20% of workloads will contain varying levels of sensitive data and additional controls will be needed. Often these workloads are large VMs or databases.
Fortunately with Google Cloud and Thales, wherever you are in your cloud migration, you can still put measures in place to control your digital sovereignty. Thankfully, when it comes to safeguarding your sensitive data, Thales can give you back your safety rope - giving you independent control of who can access your sensitive data and where you want it hosted.
If a problem should arise, you can immediately pull the plug, revoke access to your sensitive data, and move it quickly and securely to a different location whether that be back in your own data centre or co-lo, or in a different cloud.
The fact is, by staying in charge of your sensitive data and building into your architecture privacy by design from the very onset of your migration, your whole ascent to cloud will be more predictable and the likelihood of long-term success more certain. Staying in control is a good thing. Moving to the cloud Free Solo is typically not.
Thales solutions are available in hardware, VMs, or through Google Marketplace. Learn more about Thales CipherTrust Data Security Platform.
Join the Conversation
To join the conversation, attend our webinar on September 29 at 11:00 GMT +1 on the topic of solving the complexities of taking charge of your data in the cloud! Multiple use cases will be discussed and there will be time for Q&A. Register here.