Jan Brass Takes a Hard Look at the Cloud

What is “Bring Your Own Key Computing”?

What is "Bring Your Own Key Computing"?Security has become a top priority for organizations of late. It is not surprising given the recent string of startling revelations about NSA surveillance, enterprise data breaches of major companies like Sony and the increased media spotlight on security/privacy concerns.

The majority of business enterprises are shifting over to cloud technology but there are several issues that still need to be resolved. The NSA leaks have shown that even major cloud vendors can be forced to hand over data on their clients or their databases hacked into secretly, leaving no recourse for affected customers. Many cloud vendors have started encrypting their suite of services but that does not ensure immunity of data from government seizures (although it can prevent damage by criminals, hackers etc.)

BYOK Computing

To alleviate customer concerns about data access and ownership, companies like Microsoft and Amazon offer Bring Your Own Key or BYOK computing. It means that the organization will have to provide the encryption keys for data that is stored on the vendor’s cloud. It ensures that even the vendor’s own employees have no access to the unencrypted data and the company cannot be forced to hand over keys that it does not have, thus protecting it from governments as well.

BYOK may possibly be the solution that many organizations are looking for – especially financial services  companies or others that store sensitive/confidential data. While encryption prevents unauthorized access, BYOK  provides additional peace of mind  that even government (American or otherwise) agencies cannot access company data without a valid warrant.

BYOK Burdens

But bringing your own keys is not as easy as it sounds in theory. For one thing it negates much of the convenience of shifting to the cloud since the organization has to set up and manage the infrastructure for creating and securely storing keys. It is an expensive and time-consuming process for which the organization has to assume complete responsibility.
Secure key management infrastructure is not just a matter of encrypting data, controlling access and creating/managing security keys. Essentially the organization has to act like a bank and even monitor daily activities or travel plans of executives who are in charge of (or otherwise have access to) the keys. For instance, if two or three executives have authorization to access the keys, the company should ensure that they never travel together in case of accidents etc.

This is because the vendor does not have access to these keys in any shape or form whatsoever. So if the keys are stolen, lost or otherwise compromised, the organization will lose all access to its own data. There have been instances where companies have lost enterprise keys to hackers and then having to pay millions of dollars to get them back. That level of security and key management is beyond the scope of most organizations and even larger companies may prefer to let the cloud vendor manage the keys instead of bringing their own.

As always, it is up to the organization to decide how far they are willing to go in pursuit of security and even more importantly, whether they have the capabilities to implement it themselves.

When Amazon Goes Down…

Amazon is the biggest provider in the public cloud sector and although it is facing stiff competition from the likes of Microsoft, Google and others, AWS is the first choice for many companies that rely on cloud services. Many of the most popular … [Continue reading]

Cloud Services – Striving for Differentiation

With cloud services becoming increasingly prevalent and more vendors jumping into the fray every year, the market for cloud technology is quickly becoming crowded. Even diehard adherents of the on-premise model are finally coming around to endorsing … [Continue reading]

Are you Worried about Cloud Tax Implications?

As the cloud becomes intrinsically entwined with many aspects of business, it is becoming quite the headache for enterprises to figure out what transactions are subject to tax, who should report it, and the amount to be paid as well as to which … [Continue reading]

Dangerous Cloud Users and What You can do About them

It is a commonly held belief that moving to the cloud is inherently insecure and increases the risk exposure of an organization. This belief is based on the assumption that the infrastructure is somehow less secure than equipment that is within the … [Continue reading]

Using the Cloud for Superior Backup

An Overview of IBM's Cloud Strategy

There are very few industries where cloud technology has not made its mark especially when it comes to enterprise services. Similarly, there are very few businesses that do not utilize at least a few cloud services – whether it is hosted VoIP or SaaS … [Continue reading]

Netflix – Removing the Last Vestige of On-Premise Systems

Netflix - Removing the Last Vestige of On-Premise Systems

In a move which will likely be seen as a big win for the public cloud industry, Netflix recently announced that it would close out its last remaining data center in favor of going all in on AWS. This shouldn't come as a surprise for anyone since the … [Continue reading]

How Effective is Cloud Analytics?

With every major technology company betting on the cloud, there is no doubt that it will be a major driver for revenue and growth over the next decade. Many of those companies are relying on cloud analytics as a key benefit when selling their … [Continue reading]

Cloud Reliability and Security – Roadblocks or Enablers?

In spite of the huge advancements made with respect to reliability and security in the cloud, these aspects continue to be cited as roadblocks or obstacles in numerous surveys of business organizations. In spite of impressive numbers regarding … [Continue reading]

What Does Google Have to do to Get Serious About the Cloud?

If asked about the contenders in the cloud services industry, most people are likely to reply that it is a three-way race between Google, Amazon and Microsoft. After all these three organizations are constantly leapfrogging one another in terms of … [Continue reading]