How to ensure Data Protection in Multi-Cloud

How can you protect data in the cloud?

Encrypting data is one of the most important requirements for a safe storage, transfer and processing in the cloud. Obfuscations techniques transform plaintext data into unreadable ciphertext, thus preserving the CIA triad: confidentiality, integrity, and availability. And while encryption does not represent an insurmountable task per se, as it follows standards like the AES, managing the lifecycle of cryptographic keys (generation, usage, storage, archiving, and deletion) becomes non-trivial and error-prone in multi-cloud setups: in fact, secure management of cryptographic keys across different clouds imposes real challenges, as highlighted by 76% of the respondents to the KeyFactor and Ponemon Institute survey on PKI and digital certificates management practices (The Impact of Unsecured Digital Identities, 2020). And with most cloud service providers having their own key management system, trying to create a harmonized approach across clouds often results in higher complexity, inconsistency and misconfigurations, leading to increased security risks. Adding to the argument, physical location of data and keys constitutes another serious risk since it involves compliance issues: depending on the geographies, data ownership and privacy are governed by different jurisdictions with different laws, such as the GDPR, BDSG or the CCPA, as well as industry-specific regulations like HIPAA and PCI DDS.

  • decryption of the encrypted data in the original cloud
  • encryption to protect the data in transit from the original cloud to the destination cloud
  • decryption of the encrypted data upon arrival at the cloud of destination
  • final encryption of the data in the cloud of destination, according to the cloud’s own KMS (which is different from the original cloud’s KMS)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CYBERCRYPT

CYBERCRYPT

We help companies develop secure products