In April 2015 I wrote about “Intelligent Key Management for the Cloud”. In that blog I described the various models for encryption and key management for virtual workloads running in IaaS including:
In the past I have tried to make the case for encrypting physical servers on premise. The argument for not needing to encrypt them is usually that these servers run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center. The protection that FDE (Full Drive Encryption) brings only really applies to data at rest and it seldom is at rest on these servers. I would counter that all drives eventually leave the data center for repair or disposal and having them encrypted protects you from having your old drives with your customer data on them show up on eBay. An encrypted drive can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key.
We often talk about flexibility in IT in instances of user-friendly experiences like knowing your Microsoft Word doc will open in Apple’s Pages, or the ability to accept or decline a meeting request from your iPhone with an Outlook account. But, what is being developed behind the curtains for IT flexibility is going to change how the world uses technology.
As we evolve more and more to complete self-contained services like the mainstream Cloud services of Microsoft, Amazon, IBM and Google, I often express concerns about the Cyber aspects being coupled. Enterprises and users are, if they haven’t already, getting more and more comfortable with giving up their physical/virtual servers, applications and storage but are not, and should not, be comfortable giving up control of their sensitive data. The shared responsibility models of Cloud Services Providers (CSPs) delineates between the physical aspects (network, disks, memory, etc.) and the responsibility of what resides in the storage and computer.
Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it. But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.
Last week, I once again had the pleasure and privilege of attending the RSA Conference in San Francisco. I heard estimates of a record breaking 40,000 attendees. It didn’t seem much busier than previous years but as another participant pointed out to me, that might be because it was better organized, with pre-registration for the sessions, this year. This year I focused my sessions on the Cloud.
The RSA Conference began in 1991 as a forum for cryptographers to gather and share the latest industry knowledge. In 1997 – just 6 years later – WinMagic launched into the data security market – offering software full disk encryption. Since then, similar to the RSA Conference agenda, WinMagic has continued to push the art of security forward, bringing encryption and intelligent key management to new markets and new heights. As we celebrate our 20th year anniversary, we have the same mindset we had when we started out – to protect data no matter where it resides. However now, more so than ever, data has become the lifeblood of the modern world – from banking to education – it’s everywhere. And the surface area of data has expanded across a wide variety of devices, platforms and operating systems, making it more and more difficult to secure.
If you’re like most people, you use tools like DropBox or Box to send and share your files via the Cloud. But how do you know that the files you share via these tools are safe? Do you trust the Cloud service provider and the security measures they’ve put in place? How sure are you that these security measures are foolproof?
When you move into a new place, one of the first things you do is change all the locks. It’s important to your sense of security that you control who has access to your home. Changing the locks just makes logical and practical sense. This same logic should also be applied to your business thinking when you are looking to secure your sensitive information in a new environment or an environment you don’t fully control.