3 Lessons From Private-Sector Cloud Deployments
Government agencies can learn from industry’s experiences.
Every day, more and more government organizations are moving IT functions and data storage to the cloud. Early last month, the U.S. Department of Defense signed a multimillion-dollar contract to encourage organizations under its umbrella to move to the cloud. While the needs of public-sector entities differ from those of the private sector, there are some hard-won data security lessons corporations have learned—such as encryption key management and the use of cryptographic gateways—that can be useful for government organizations as they plan and execute a migration to the cloud.
Keep Some On-Premises Storage
The cloud, with its safety in numbers, is widely considered more secure than individual on-premises data centers in most situations, but this doesn’t call for getting rid of on-premises storage entirely. One cloud company manages more than 1 billion sensitive documents for customers across the globe—most of them law firms with security and compliance requirements as rigorous as those found in government. The company keeps those documents secure using a layered approach heavily involving on-premises hardware to create, manage and store strong encryption keys.
Control Your Keys
Everyone who uses the cloud is, to an extent, trusting a cloud service provider with the security of his or her data, but just as you wouldn’t leave both safe-deposit box keys with the bank, you don’t want to surrender all control over your data security to a third party, no matter how trustworthy. When you control the keys, you control who accesses the data, when and why. As seen in most data breaches, it’s often not encryption or other security systems that lead to leaks, but the human element. That’s why key and policy management are essential parts of data security.
Build a Strong Gateway
The financial industry is another sector where data security and privacy are of the utmost importance. A leading financial institution with tens of millions of customers worldwide recently wanted to reduce costs, increase data availability and improve performance using the power of the cloud. For security purposes, it sought a cloud storage solution that satisfied its stringent requirements for confidentiality and integrity and provided complete control over data access without any chance of exposing data to service providers or other cloud service users.
The solution was to create a cryptographic gateway that works for local, network and cloud storage. Not only does this ensure that each data file is encrypted with a strong full-entropy key before being stored in the cloud, but it also allows for a secure local cache for files that are accessed most often, improving availability and performance.
Beyond enabling the financial institution to take advantage of cost-effective cloud storage without sacrificing data integrity, the cryptographic gateway allows clients to:
- Integrate multifactor authentication into their data access applications, providing the data greater protection from unauthorized access.
- Improve availability of internal services by offloading storage management to the cloud storage service provider while taking advantage of the ability to use multiple redundant back-end data stores.
- Apply consistent corporate cryptographic management policy using comprehensive object and usage policies.
- Maintain a centralized view of cryptographic key and file access for a more detailed and complete audit log of information access across the organization.
That kind of secure functionality satisfies internal customers, auditors, regulators and internal security teams while reducing operating costs and improving user experience—everything the financial institution needed.
These were just a couple of examples of how major private-sector organizations in highly regulated industries have ensured data integrity while taking advantage of all the cloud has to offer. There are many notable examples of successful cloud strategies out there, most of which have some lessons to offer both private and public-sector entities just beginning to explore the possibilities of the cloud.
Jane Melia, Ph.D., is vice president of strategic business development at QuintessenceLabs, a provider of quantum cybersecurity solutions and maker of quantum random number generators.