Because I work for a cybersecurity company, I frequently get asked the following question: “what builds the most secure next-gen datacenter”? To answer this question, people tend to throw out a ton of mixed jargons and acronyms – AI, ML, quantum cryptography, blockchain, intelligent firewall, UTM, IDS, IPS, DLP, VPN, and believe it or not, even APT, DDoS, SQLi and XSS that sound more like cyberattack than cyber-defense. True, but these perimeter tools only manage to protect at the surface. Regardless of the language, all cyberattacks with the purpose of data breaching have the same goal of stealing your “crown-jewel” information and trade secrets. You and I know that as a best practice, all classified sensitive data should be locked down on persistent storage by encryption simply because it is technically the last line of defense. However, the reality is that for many organizations, encryption is still a missing piece and oversight for their CIOs and CISOs.
Recently, at Bloombase, I was fortunate to meet a couple of IT decision makers from Global 500 organizations. These thought leaders along with their successful career have experienced countless challenges and would-have-been disasters but they made game-changing profound decisions in critical situations which led their organizations to excel among peers – while others fail, they stand. Having sat through these thought-provoking meetings, I noticed shared technology adoption traits including the pioneering implementation of the following:
Cloud – while others saw this as not much more than just a college project, they made this rock-solid infrastructure the go-to computing platform for their mission-critical business applications, gaining the benefits of cost savings, operational efficiency, resilience, agility and time-to-market
Encryption – when others are still head-scratching with intelligent firewall implementation, these technology-meisters have already taken the bold leap forward to secure their “crown-jewel” data-at-rest with encryption, not only those storage systems in their datacenters on-premises but also up on the cloud, with Bloombase
Hardware Security Module (HSM) – the security proven cryptographic key life-cycle management and protection hardware when others were skeptical at its true value propositions.
If you are closer to this topic and attempt to follow through the mind-maps of these gurus – cloud debuted its huge success as the most comprehensive platform of choice for enterprise IT, one that truly represents utility computing. You probably would agree, developed on virtualization’s foundation and now extended to the cloud, Bloombase is going to prove it once again as a scalable, open solution in data-at-rest encryption security for virtual machine-based and containerized workloads in traditional IT and the cloud. As the encryption instances multiply and distribute borderless, you need flexible ways to effectively contain and manage the cryptographic credentials within your logical boundary from “outsiders”. Not surprisingly they need HSMs to ensure tamper-proof key protection for application systems in their own datacenters.
Leveraging AI and ML technologies, Bloombase StoreSafe intelligent storage firewall provides autonomous discovery, dynamic access control, and lifecycle cryptographic protection of sensitive data-at-rest, both structured and unstructured, managed in on-premises storage systems and off-premises cloud storage services. Bloombase StoreSafe intelligent storage firewall allows organizational customers to move their invaluable digital assets and business sensitive applications more securely to the cloud, and helps achieve data privacy regulatory compliance mandates cost-effectively.
From a vendor’s perspective, I could not have appreciated more these customers’ courage and commitments in embracing these technologies. Nonetheless, customers could rarely go with all 3 options at one time. No needle is sharp at both ends: you can hardly check in your HSMs in form factor of hardware into the cloud which is intrinsically service in nature as we all know it.
Fortunately, Entrust Security’s new nShield as a Service subscription-based HSM service helps provide HSM services to the cloud. Entrust Security has numerous technology advantages and customer benefits which I am not going to repeat here, and for their cloud-readiness and deployment flexibility alone, it has been worth Bloombase’s full devotion. nShield as a Service was created to enable vendors like us to help raise the bar on data cryptographic services with security accredited key management at cloud scale. The end result is that it helps close the gap between business-sensitive applications and the cloud, thereby accelerating secure cloud adoption to unleash the power within defense-in-depth utility computing. You can learn more about Entrust’s nShield HSM as a Service and the need for flexibility in cloud data security by reading my colleague Juan Asenjo’s companion blog. He also writes a bit about National Cybersecurity Awareness Month (October).
Now back to the question, the most secure next-gen datacenter. At Bloombase, we believe that the answer is Cloud + Bloombase StoreSafe + Entrust Security nShield as a Service.