Television weather reporters are often made fun of when their forecast calls for partly cloudy skies with scattered precipitation and isolated storms. It is a forecast that covers practically all possibilities. Similarly, as enterprises migrate workloads from on-premises to multi-cloud and hybrid configurations, deployments are – well – partly cloudy. With organizations seeking to secure sensitive data in these configurations, they want to make sure it cannot escape in a downpour. Moreover, as data breaches continue to make headlines, the right strategy and technology will protect business and keep storms isolated.

Trends and advantage

According to Gartner, worldwide end-user spending on public cloud services will grow 18.4% in 2021, and that 81% of organizations were already using more than one public cloud provider prior to the pandemic. Multi-cloud strategies enable enterprises to take advantage of the best features that each service provider offers. With a growing, competitive ecosystem, enterprises will benefit from innovation while ensuring robust reliability and resiliency.

While the adoption of multi-cloud services was well underway prior to the pandemic, emerging new business models that support a remote workforce and improve budget management have firmly established these computing models as an enabler for change in a new economy.

Data protection

With this ‘partly cloudy’ forecast, one immediately wonders about the chance for rain, and if data is safe in the cloud. In the growing cloud services market, security is a vital consideration for every reputable provider. Encryption technologies protect data in cloud workloads and cloud storage, making data worthless to an attacker—assuming, of course, the attacker does not have access to the cryptographic keys.

Enterprise customers have the choice to use security solutions from a cloud service provider (CSP) or enhanced methods to gain more control over their keys and data. It is important to remember that, under the shared responsibility model employed across the industry, CSPs are accountable only for the infrastructure and service agreement they offer, while the enterprise customer is ultimately responsible for the security of their data, and their clients’ privacy in the cloud. CSPs protect keys in the cloud using their own key vaults to keep them segregated from their applications. Customers using multi-cloud deployments end up relying on the encryption and key management features offered by each individual CSP. To strengthen these models, one alternative is for enterprises to encrypt data before sending it to the cloud. Another approach is to encrypt data protection workloads within native cloud services. Format-preserving encryption, format-preserving hash, and stateless tokenization techniques can be used to ensure that protected data will maintain its format to still fit within applications and data store schemas, so no changes are required for data usability.

Root of trust

The effectiveness of any encryption strategy depends on the security given to the underpinning cryptographic keys. As enterprises benefit from the flexibility and economy of cloud services, they also need to strengthen the security of their key management practices to gain greater control. Achieving this across a hybrid or multi-cloud environment is even more important to ensure consistent policy enforcement, and to facilitate security audits and regulatory compliance.

The use of certified hardware security modules (HSMs) enables organizations to establish a root of trust for high quality key generation and safekeeping during their lifecycle. Certified to recognized security standards like FIPS and Common Criteria, HSMs offer robust security to ensure employed data protection mechanisms can be trusted. To facilitate security auditing and regulatory compliance, HSMs establish key use polices, and ensure no single individual or entity can change them.

Way forward

With the right data security strategy, organizations can migrate to a multi-cloud environment with confidence. For example, Entrust technology partner Micro Focus offers an integrated solution to ease this process. To learn more about Micro Focus’s approach, Carole Murphy has written this blog on how to ‘secure your data for cyber resilience’.

Weather forecasters remind us to always stay vigilant for storms and have emergency plans in place. The same is true in cybersecurity. With the right data security tools, enterprises can make the most of the cloud, while ensuring their sensitive data stays safe and secure. Read our solution brief and register for our webinar “Cloud migration with confidence – Securing multi-cloud and hybrid IT” and learn how  we can help you transition to the cloud with confidence.