The use of multi-cloud has gained enormously in popularity in recent years, becoming an essential part of day-to-day operations for many businesses. The adoption of such an approach increases agility whilst minimising vendor lock-in, improving disaster recovery and boosting application performance, all while streamlining costs. In a Gartner study, 81% of respondents said they are working with two or more providers while IDC predicts that global spending on ‘whole cloud’ services will reach $1.3 trillion by 2025 as a digital-first economy becomes the future of enterprise.
Yet, data protection issues relating to an increasing reliance on the multi-cloud approach, is of growing concern. This is because multi-cloud in the enterprise often comes about organically to meet evolving requirements, so is not always planned. Departments within an organisation can choose to store data in different clouds, resulting in the creation of complicated silos of data. This decreases visibility and can have profound repercussions when it comes to compliance. But what can be done to address this, and what steps should IT leaders be taking to implement a solution?
Encrypting confidential data
Although a multi-cloud architecture can make data migration easy, managing access to the data and keeping it confidential can be challenging. Regardless of the mode of transfer or method of storage, the key point to remember is that information remains a valuable commodity that is vulnerable at all possible points of connectivity. The most effective methods to address such vulnerability is to consider secure encryption.
Encrypting data both in transit and at rest is critical. For ultra-secure encryption, data should preferably be encrypted with a FIPS certified, randomly generated, AES 256-bit encrypted encryption key. Confidential information stored locally on a computer or hard drive, sent via email or file sharing service, or shared via data transfer in the cloud should equally be securely encrypted. By taking such an approach, ongoing protection is guaranteed, giving IT leaders peace of mind that their information remains confidential.
Centralised remote management
As the use of multi-cloud environments essentially means that sensitive data is stored in silos and transferred across numerous servers, it’s important for security managers to gain a holistic view as to which cloud providers hold which data, where that data is located and who holds access permissions within the organisation. This will enable geo-fencing and time fencing restrictions to be set, filenames to be appropriately encrypted and remote access to be enabled or disabled depending on requirement. Such controls will go a long way towards eliminating unnecessary security risks.
Key management for encrypted information is also important. Authorised users can be given a copy of a physical encrypted encryption key; a randomly generated encryption key stored within a USB module to allow ultra-secure and real-time collaboration in the cloud. Having a key management system in place provides greater control of encryption keys when using a multi-cloud solution, helping to facilitate a more centralised administration and management approach to data security.
Businesses need to have clear processes in place that all employees follow to uphold adherence to data protection regulations, regardless of where they choose to store the data. Security measures must go beyond simple single-factor cloud login credentials to be truly secure. Incorporating multi-factor authentication will help in relation to data protection governance and is an important step in standardising policies, procedures and processes across multiple cloud providers.
If a malicious threat actor obtains a user’s credentials and compromises an account, the breach is likely to remain unnoticed by the cloud service provider who will not be able to tell the difference between a legitimate user and an attacker. Using an encryption key, but keeping the encryption key away from the cloud, increases the number of security measures from just one level of authentication – the cloud account login – to as many five-factors of authentication. The encryption key should itself be encrypted within an ultra-secure Common Criteria EAL5+ secure microprocessor along with a PIN authenticated code.
As more businesses move toward a multi-cloud setup, security leaders should be looking to follow such recommendations; encrypting and centrally managing their data, and then ensuring that multi-factor authentication is employed for further layers of advanced protection while still enabling operatives to share and collaborate in real time. Managing all devices storing the encrypted encryption key, used to access data in the cloud, will provide a more unified administration and monitoring process, an approach which will bring peace of mind and, ultimately, result in safer data.
Learn more about managing and encrypting data in the cloud: