Introduction

The familiar Slinky is one of those toys that captivates a person every time — no matter his or her age. Not long ago while cleaning my attic, I came across my now grown daughter’s Slinky, and the undulating coils moving back and forth reminded me of the importance of flexibility when protecting data today. As organizations capture, process, and store increasing volumes of data, including private and sensitive information for advanced analytics and business intelligence, big data repositories have become a primary target for cyber-attackers. So, the security of this data is paramount. In this blog, and in an accompanying one by our colleague Jemmee Yung from our nFinity partner Bloombase, we highlight why flexible security is so important for next generation datacenters in this age of big data.

Speaking of security, I’d like to thank the U.S. Department of Homeland Security (DHS) for once again sponsoring October as National Cybersecurity Awareness Month (NCSAM).

Slinky

According to the site, “NCSAM is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online. NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace.”

Those of us in this industry know there is no one size fits all approach to cybersecurity. So, one of the key resources organizations and individuals need to enhance their cybersecurity is the flexibility created by an array of security solutions to choose from.

Big Data

The growing amount of data generated by Internet of Things (IoT) smart devices highlights data storage infrastructure as a prime target for attack. IDC projects that the amount of data created by connected IoT devices, or “things” will see a compound annual growth rate (CAGR) of 28.7% over the 2018-2025 forecast period. The estimated 41.6 billion IoT devices will generate more than 79.4 zettabytes (ZB) of data in 2025.

With more and more data being generated by IoT devices at a time when enterprises are migrating their workloads from on-premises systems to cloud-based deployments, the need to protect confidentiality and integrity of this data is critical to ensure a secure and trustworthy computing environment.

Challenge

Encryption protects data privacy, however the techniques used to encrypt data can vary among software applications and storage technologies. As enterprises migrate from on-premises disk systems to cloud-based storage services to better meet the increasing need for capacity, they need a more comprehensive data protection approach to secure these heterogeneous storage environments. Consequently, we have seen a shift from selective encryption of sensitive data to an “encrypt everything” policy. But, with even more data being encrypted, enterprises have also seen an explosion in the number of encryption keys they need to protect and manage. Because these keys can decrypt the data, safeguarding and managing them is essential to keeping the data secure. As more data gets encrypted, more keys need to be stored, managed and secured to ensure the data can be decrypted when needed.

Flexibility

Migration to the cloud has also prompted organizations to migrate many operations to an “as a service” (aaS) model. So, we’re seeing data storage in multiple environments and data processing by not only the organizations that “own” the data but also their aaS vendors. This is an increasingly complex environment, and this complexity demands flexibility — especially when securing data.

Fortunately, enterprises can now strengthen their cloud security using hardware security modules (HSMs) delivered through robust and flexible subscription-based models. Using certified HSMs to store and manage cryptographic keys is considered a best practice by security professionals. HSMs safeguard and manage critical keys used by cryptographic applications. Since they are hardware, they traditionally have been purchased and deployed as a physical component of the enterprise IT security system.

nShield as a Service from Entrust Security is a subscription-based solution for generating, accessing, and protecting cryptographic keys, completely separate from the sensitive data it secures, using dedicated FIPS 140-2 and Common Criteria certified nShield HSMs. This cloud-hosted model gives organizations the flexibility to supplement or replace HSMs in their data centers, while retaining the same benefits as owning the appliances. nShield as a Service allows enterprises to budget for security more predictably, manage their capacity based on demand, reduce their data center footprints, and decrease the time spent on routine maintenance and monitoring.

Solutions

Bloombase helps secure sensitive information in traditional and next-generation data centers by using artificial intelligence to discover sensitive information across data-at-rest resources, and machine learning to provide dynamic access control of structured and unstructured data. Heterogeneous storage can then be protected through encryption and access controls, and hosts and applications can be trusted. And with a FIPS 140-2 Level 3 and Common Criteria EAL4+ certified root of trust for centralized key management and hardened key protection from Entrust , the task of complying with increasingly stringent data privacy and security regulations is easier.

What about Slinky?

The springy Slinky will never go out of style, and neither will the need for more flexible security services. Making robust security more accessible to users is what nShield as a Service is all about. To learn more about how to protect big data storage systems and how to mitigate data exfiltration threats, read Jemmee’s blog “What builds the most secure next-gen datacenter?”. For details on how Entrust nShield and Entrust nShield as a Service integrate with Bloombase StoreSafe on-premises and in the cloud, read our solution brief. You can also follow the company on Twitter, LinkedIn, and Facebook.