The proliferation of cloud-based services has radically simplified day-to-day data management and decreased overhead costs for many businesses. It is currently estimated that more than 60% of organizations have moved to cloud-based data systems, with many using the cloud to store sensitive information. At the same time however, cloud technology has brought with it a number of new business risks. In the increasingly predatory world of cloud-stored data, following best practices for encryption key management can help you achieve the maximum level of protection possible. These three best practices for encryption key management can set your cloud-based company on the path to optimum data security and keep your information from falling into the wrong hands.
1. Don’t Store Your Lock and Key Together
Obviously, you want your data to be under lock and key – like locking the door to your house to protect your valuables. Handing over your data management to cloud services is often the most stress-free route to take. But when companies move their data to cloud-based management systems, they may be giving the cloud provider access to their key, meaning the lock and key are stored closer together than necessary. This is like leaving your house key under the mat in front of your door; there will be fewer barriers in the way to stop someone intent on robbing you. In regards to this issue, the Cloud Security Alliance recommends separation of the lock and key, as well as back up of encryption keys in offline and secured locations.
StorMagic SvKMS enables you to manage and bring your own keys (known as BYOK) to cloud and SaaS-based encryption services. Amongst a number of benefits, this allows users to retain control over the de-encryption of data and provide a full audit trail of key lifecycle activity. It also allows users to disable keys to protect their encrypted data from breaches and from third-party service providers, if necessary.
2. Centralize Your Key Management Infrastructure
With the growth of cloud services, companies are using dozens of SaaS platforms, as well as many more micro and sub services via their cloud providers. Organizations may be using multiple key management servers and protocols across these different services and platforms. And, at the same time these cloud services are operating, local applications are running in their data centers. Under these circumstances, the multiple key management servers will likely have varied levels of security and conformity to industry standards. This complicates data infrastructure, increasing cost and risk while decreasing efficiency.
The development of KMIP as a standard for data management makes this complex infrastructure simply unnecessary. KMIP and centralized key management infrastructure are built into the DNA of SvKMS. StorMagic recognizes the need for seamless protection of keys, secrets and credentials across multiple applications and use cases, both on-premises and in the cloud. In many cases, the combination of SvKMS with various KMIP enabled platforms already in your infrastructure, such as in VMware, Hyper-V or numerous storage arrays, presents an opportunity to activate native encryption features with almost no effort, thus increasing your security posture significantly in a short time.
3. Be Compliant and Proactive in Handling Sensitive Data
As the “wild, wild west” days of the internet are being left behind, major industries such as healthcare, financial services and medical/biotechnology are being compelled to encrypt their sensitive data, to meet nationwide / global regulations and guidelines. The EU passed a policy dealing with the encryption of personal data for all companies operating within its borders. Failure to conform to such regulations can lead to severe fines and other penalties. But even industries that aren’t compelled by regulators to follow encryption guidelines need to be proactive for purely business reasons. Data breaches can lead to reputational fallout, legal action and loss of sensitive or proprietary data, belonging to the business. Ultimately, in both regulated and unregulated industries, being vigilant about following legal or industry standards is important to the bottom line.
As a full-featured key management lifecycle platform, StorMagic SvKMS can help meet complex legal requirements across a wide variety of regulations, not only in cloud but also on-premises and hybrid services, including:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI-DSS)
- Federal Information Processing Standard (FIPS)
- The European Union’s General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
For unregulated industries, StorMagic provides you with industry-standard key management services.
StorMagic as the Best Solution to Best Practices
These are only three of the best practices for encryption key management that can maximize your data security. StorMagic SvKMS can help you with these, and much more. For more information on how StorMagic can help you meet the best practices for your data security needs, contact us today at [email protected].