Introduction

Many businesses that require increased capacity for growth or which experience seasonal bursts of activity realize it is more cost effective to take advantage of elastic cloud capacity, when needed, than to acquire, manage, and maintain data center hardware and software. However, traditional security controls embedded throughout existing IT infrastructure are proving increasingly ineffective as data has become more pervasive, mobile, and cross-functional. With the increasing number and complexity of privacy regulations, such as the GDPR and CCPA, and the upward trend in the number, scope, and scale of data breaches, more effective measures are required to protect sensitive data wherever it flows, whether on premises, in cloud infrastructure and applications, or in analytics platforms. In the eyes of governments, industry standards associations, and consumers, the organization that controls the data is responsible for its security, no matter who the company uses to process or store the data. Moreover, for many IT processes to function effectively, the data needs to be trustworthy.

Fortunately, those very services that provide a root of trust for data can now also be delivered through robust and flexible subscription-based models using the cloud. In this blog, Entrust Security and Micro Focus Voltage offer some thoughts on these topics.

What’s in the name?

The as a service business model is not new. Subscriptions have been around for many years, whether it’s a publication that regularly delivers news and information, or a health club that provides everything you need to exercise and stay fit – the concept always revolves around enabling the subscriber to use an end service or product without having to incur the cost of owning and maintaining anything needed to ensure its delivery. In return, subscribers pay a recurring expense and perhaps an initiation fee. With the advent of cloud computing, the as a service concept has gained a great deal of popularity in virtual environments, and is finding wide acceptance in many markets, including data security.

“As a service” offerings now include:

  • Software as a Service (SaaS)
  • Hardware as a service (HaaS)
  • Infrastructure as a service (Iaas)
  • Network as a service (NaaS)
  • Platform as a service (PaaS)

Solutions

Voltage SecureData protects sensitive data persistently across multi-cloud, hybrid, and on-premises environments. The protection technologies in the FIPS 140-2 and Common Criteria validated Voltage SecureData provide flexible implementation and encryption for a virtually unlimited number of structured data types in any language, and any region, with field-proven performance and scalability. It embeds data-centric security across hybrid IT and, by reducing the risk to sensitive data, accelerates the safe migration to cloud environments.

As Voltage SecureData customers increasingly migrate storage and workloads to cloud-based environments, many look to establish a hardware security module (HSM)-based root of trust in the cloud. Using certified HSMs to store and manage cryptographic keys is considered a best practice by security professionals. HSMs safeguard and manage critical keys used by cryptographic applications. Since they are hardware, they traditionally have been purchased and deployed as a physical component of the enterprise IT security system.

But that is changing. According to the Ponemon 2019 Global Encryption Trends Study of 5,856 data security professionals in 14 countries/regions, 61 percent of respondents rate key management as very painful, and:

Almost half (48 percent of respondents) own and operate HSMs on-premises for cloud-based applications, and 37 percent of respondents rent/use HSMs from a public cloud provider for the same purpose. In the next 12 months, both figures will increase, by 5 and 7 percent respectively.

Entrust nShield as a Service supports Voltage Stateless Key Management. The service provides enterprise customers with the same robust root of trust they depend on with an on-premises nShield HSM, but as a subscription-based model that is easy to use, flexible, and cost-effective. The addition of nShield as a Service to the Entrust HSM portfolio provides enterprise customers, no matter their size, greater choice and the ability to establish a robust FIPS 140-2 Level 3 and Common Criteria EAL4+ root of trust with little or no capital investment. Businesses migrating their storage and workloads to cloud-based environments can now take advantage of the flexibility offered by the innovative subscription-based services to support high availability and high-performance data protection solutions.

Security that travels with the data to the cloud

Data security solution suites like Micro Focus Voltage SecureData allow access policies to travel with the data itself, enabling it to be protected without changing format or integrity. With the introduction of nShield as a Service, enterprises can now:

  • Match changing demand for cryptographic key management capabilities
  • Shift security budgets from a capital to an operational expenditure
  • Maintain the levels of certification required for regulatory compliance
  • To learn more about Entrust’s HSM integration with Micro Focus Voltage, on-premises and in the cloud, read our solution brief. To learn more about the new nShield as a Service from Entrust security click here.

    This blog was authored by Juan Asenjo, Entrust Security and Carole Murphy, Micro Focus Voltage, and is also appears in the Micro Focus Security blog page.