Moving to the public cloud brings several key advantages – flexibility, cost savings, and speed. A leading public cloud supplier like Amazon, Google, or Microsoft Azure can give you exactly what you need at exactly the right time. They are simply faster to enable the development and production environments you need than you can likely provide in-house, and costs for their deployments are much lower. Their healthy competition with each other, scale of operations, and forward-thinking view of the business make the costs of using them lower than just about anything you can do in-house. Developers can deploy the software “stack” they need in minutes within the public cloud – within most major enterprises, this usually takes days to weeks or even months. Private clouds do bring some efficiency for standardized environments that you use across your corporation – but what happens when your leading-edge development team wants to deploy a machine learning (ML) software stack and it is not one of your standard environments? In the public cloud, it is instantaneously available, as are specialized consultants to support it.
Sometimes getting ready for the move to the cloud is a bigger problem than the actual deployment. It used to be quite a chore if you had, let’s say, 5000 databases in Oracle and IBM DB2 and you wanted to move them to the cloud. It could take months to years just to assess the potential migration, understand the specific issues, and prioritize your planned activity. Today there are tools that, in just a few days, completely analyze your on-premise database, identify all issues and impact necessary for migration to, for example, an Amazon AWS cloud, and then prioritize the migration moves based upon your criteria. These tools, designed to understand the specific issues of migrating to an environment such as Amazon AWS, greatly reduce the time to plan and implement a data migration and similarly reduce the overall cost of the project.
The public cloud extends the surface area that is exposed to attackers and creates a greater need for data and threat protection. As we’ve seen in the news recently, data can be at serious risk due to misconfigurations and procedural errors by cloud personnel that could inadvertently lead to a serious data breach. These are not your employees – even though they may be more competent, their handling of your data is perceived as less secure and is certainly out of your control.
More challenging is that you must control the keys to your encrypted data or you cannot meet the complex requirements of compliance for laws such as Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the European General Data Protection Requirement (GDPR), which went into full force in May 2018. Cloud vendors often require or request access to your keys to encrypt your data in their applications. If you don’t control the keys 100 percent of the time, you can be found noncompliant, increase your risk of data breach, and open yourself to the often severe financial penalties associated with compliance failure. Also, consider that if you don’t control the keys, you cannot stop forced third-party disclosures. Under many anti-terrorism laws, as well as new laws such as the Cloud Act, you cannot stop a third party from surrendering your data, often without your knowledge or permission.
Solutions exist to mitigate these drawbacks and, hence, have substantially improved the attractiveness of public clouds. Technologies such as cloud security brokers (CSB) or cloud access security brokers (CASB) allow you to tightly manage your keys and encrypt all of your data before it is delivered to these public clouds, so any unauthorized access becomes useless. Under compliance regulations such as GDPR, there is no need to notify customers if a cyberattacker or malicious insider gets hold of encrypted data. Data which is encrypted and stolen is not considered breached, as it is completely unusable by the thieves. This Safe Harbor protects reputational risk in case of a breach related disclosure. These new cloud technologies also eliminate the risk of third-party forced disclosures.
CipherCloud offers you the most advanced and complete CASB+ solution available today. Request a trial to find out more. We can help