Today, cloud resellers need to know that companies searching for a cloud provider to host their information technology have several good options. Microsoft Azure and Amazon Web Services (AWS) are two popular and trustworthy cloud platforms, and there are many other smaller cloud and private cloud platforms that can meet specific technological needs. However, when moving to the cloud, organizations must also consider the security options provided by that cloud service in order to address their own concerns about data security. This can be an issue for cloud resellers whose customers need good security in order to move to the cloud.
Finding good security on a cloud platform can be difficult when cloud security seems to be far more expensive than the cloud solution itself. Many companies need to encrypt sensitive data such as cardholder data, protected health information (PHI), and other personally identifiable information (PII), as well as manage their own encryption keys to meet compliance regulations.
This is why third-party cloud encryption and key management solutions are becoming more and more popular with cloud resellers who need to provide their customers easy and cost-effective encryption and key management. Third-party security can help a company choose the cloud provider they want without having to compromise their data security due to cost.
Cloud resellers for Azure, AWS, and other cloud providers should consider these concerns their customers’ may have about data security on cloud platforms:
1. Multi-Tenancy
Since it is shared by many users, the cloud is inherently less secure than a hardware solution. Cloud solutions utilize shared resources such as disk space and RAM, which is why the cloud is much less expensive than purchasing your own hardware; however, this means you have less control over who has access to your data. This is why encryption is critical to organizations who are storing sensitive data in the cloud.
2. Standards-Based Encryption
Many organizations attempt “in-house” or do-it-yourself encryption in an attempt to avoid difficult or costly third-party encryption solutions. However, these DIY projects tend to be difficult and rarely result in strong, defensible security. They can lead to huge problems down the road, especially when it comes to meeting compliance regulations, and it is common for these solutions to fail data security audits.
One major reason a DIY approach to encryption often fails is a lack of strong cryptography and and encryption key management. The management and documentation of encryption key lifecycle, rotation, creation, and deletion is mandated by many regulations such as the Payment Card Industry Data Security Standards (PCI DSS). Anyone handling sensitive data must meet specific encryption and key management requirements set forth by the industry or government regulations they fall under.
For these reasons, most organizations chose a certified third-party encryption and key management vendor to help them meet compliance as well as centralize and streamline the encryption and key management of all of their sensitive data in the cloud.
3. Encryption Key Management
Encryption key management is a major concern for cloud users. Even if their cloud vendor offers a native encryption option, how that vendor manages encryption keys can be a barrier for organizations who need to manage their own encryption keys in order to meet compliance. In accordance with many compliance regulations, businesses must document how they manage their encryption keys away from their encrypted data. This can be very difficult if your encryption keys are being stored in the cloud and accessible by the cloud provider. Some cloud providers offer encryption key management; however, they do so at a cost that makes using the cloud an unattractive choice. Cloud resellers must be aware that this, too, can be a barrier to cloud adoption.
Cloud resellers need to know that security is a barrier for many companies who wish to move to the cloud. Building a toolbox of certified cloud encryption vendors can help them win these customers and gain new revenue.
To learn more about encryption key management for the cloud, view our webinar, “Encryption & Key Management Everywhere Your Data Is,” featuring data privacy expert Patrick Townsend.