The public cloud big bang
Since cloud computing was introduced around the turn of the century its use has exploded. Consider a few illuminating data points from two recent reports about cloud computing trends:
- 91% of enterprises now use public cloud
- 84% of enterprises have a multi-cloud strategy
- Further, an estimated 83% of enterprise workloads will run in the cloud by 2020
It’s also notable that between 2018 and 2020 the fastest growing trends or factors driving public cloud adoption are artificial intelligence/machine learning (16% growth) and the Internet of Things (13% growth). Cloud computing has clearly matured beyond merely digitizing traditional ways of doing business and is now foundational to new use cases.
More cloud workloads = more security requirements
With many organizations taking a cloud-first – or even cloud-only – approach for their workloads, the need for stringent security strategies is more critical than ever. Indeed, the biggest challenge for organizations using public cloud is security. Cloud workloads deserve the same levels of security planning and design as is given to on-premises computing and storage.
However, some aspects of the security stack have traditionally functioned best on-premises, including hardware security modules. HSMs are central to an enterprise’s security as they protect critical keys and cryptographic material, but because they have traditionally been housed within the organization’s data center, connecting them with cloud-based applications and services has been challenging. Until now.
HSM as a Service – across any cloud
Entrust’s nShield as a Service delivers a cloud-native, subscription-based solution to these challenges. Instead of acquiring and maintaining physical devices, nShield as a Service customers are able to generate, access and protect their cryptographic key material, separately from sensitive data, using dedicated FIPS 140-2 Level 3-certified nShield Connect HSMs. Critically, this solution also provides a secure execution capability that allows developers to run sensitive code within the HSM’s boundaries, whether that’s business logic associated with banking, smart metering, digital signatures or custom encryption processes.
Because nShield as a Service is cloud-agnostic, customers can continue with their multi-cloud strategies with the peace of mind that if they want to move data or workloads from one cloud to another, their encryption keys are not locked into a particular cloud provider’s HSM. nShield as a Service customers own and maintain full control over their keys at all times.
As organizations continue to move beyond proofs of concept with artificial intelligence, machine learning and IoT projects, more and more sensitive data and intellectual property will come into play. Anytime that encryption is required to protect this information, nShield as a Service provides easy, efficient access to cryptography as a service.