September 9, 2014 By Rick Robinson 3 min read

Cloud offerings are becoming a mainstay in Internet resources, and enterprises are embracing cloud offerings in one form or another as part of their cloud strategy (and cloud key management strategy). These strategies vary greatly from Internet-as-a-service to software-as-a-service. The depth of any deployment also varies from a hybrid combination of services to a focused and very granular implementation that uses technical controls to restrict access to specific roles of specific employees in an enterprise.

The flexibility of the cloud makes the breadth and depth of options readily available, easy to deploy and capable of adopting new innovations and technology faster than a single-enterprise data center. This is also true of cloud key management.

Everything that has been deemed viable in a data center is now being implemented in a cloud. In addition to being more flexible, cloud deployments are being achieved at a lower initial and operational cost. Who wants to deal with power, air conditioning, cable and rack space, anyway? With a click of a mouse, you can have your cloud data center up and operating — bam!

The cloud might not be the end-all solution for everybody, but if its growth in mobile apps and cloud-based services is any indication, it is very clear that enterprises must adopt a cloud strategy to remain flexible and competitive. If they don’t, they can look at the history of companies such as Research in Motion, Nortel and Digital Equipment Corporation to see what can happen if enterprises don’t remain flexible and competitive. Sometimes the best, most strategic options are not coming from what existing customers say they need, but rather what the untapped market of customers really wants. Frequently, those options are not intuitive.

The cloud is happening. The cloud is coming. The cloud is here. Enterprises must adopt cloud strategies. In response, the cloud has and is changing to help large and small enterprises be more flexible and competitive than ever. But how is the cloud changing? What will address the needs and concerns of enterprises that are inhibiting their move to the cloud?

Cloud Keys and Cloud Key Management

Data is like water — it goes everywhere. It leaks, spreads, changes form, expands and replicates. Putting it back after it is in the wild is virtually impossible. It’s like trying to catch crickets and put them in a glass jar without letting any of those already in the jar get out.

To no surprise, data confidentiality in the cloud is a primary concern of enterprises. However, that concern can be alleviated if there is a demonstration of the comprehensive and integrated suite of controls that are behind any cloud offering. Such a comprehensive architecture must deploy more than a single technology bullet to control the dynamic petabytes of data overseen. It takes policy, progress and technical controls, all integrated and working as a single ecosystem of security.

With all this data, not everything can be reasonably tracked. However, it can be controlled with a secure ecosystem that provides the suite of controls necessary to alleviate the security concerns for the marketplace. Enterprises need confidentiality, integrity and availability of data.

The strategy comes down to leveraging data. In other words, large amounts of data should be controlled by implementing controls so that the management of large amounts of data is achieved by controlling smaller amounts of data. Think of the flight controls in an aircraft. These are a small set of controls that are able to easily manage a very large machine.

In the context of data, data leverage is achieved through implementing technical controls based on the open deployment of cryptography and key management. If you control the keys, you control the data. You can control petabytes of data by controlling kilobytes of keys (as is implied, kilobytes are much smaller than petabytes).

Controlling Access to the Cloud

The conventional wisdom of the cloud is a highly scalable environment that can store all data, have necessary processing capabilities and be available to authorized individuals. However, with all that data, how can you technically control access (versus policy or procedure controls)? This is done through data leverage: using cryptographic keys to control the confidentiality and availability of data. Enterprise key management in the cloud, or cloud key management, will bring enterprises the seamless and simple capability to enforce confidentiality in the cloud and provide that capability to an endlessly scalable level.

This means that enterprise key management will be one of the necessary, centralized mechanisms that will help manage the confidentiality of all the data in the cloud. Enterprises will control their keys and, as a result, control their data. Cloud key management is coming and will be a natural extension of enterprise key management. It is already being adopted by enterprises that are leaders in their space. It is being offered to consumers and taking many forms, from being deployed on-premise with network access to the cloud to being completely deployed in the cloud. It will be flexible. With cloud key management, you will have data leverage in the cloud.

Over the coming months and years, be sure to keep an eye out for cloud key management. It is becoming a capability of cloud solutions, it is part of cryptography for business and it will grow to become a ubiquitous part of any cloud offering. It is coming to a cloud near you.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today