Cloud Encryption Gateways
As enterprises evaluate the role cloud services will play in their operations, the efficiency and cost benefits become clear, as do the concerns of security and privacy requirements. Despite any concerns, organizations of all sizes are increasingly willing to place their data externally, and are increasingly likely to have at least some formalized processes for the assessment of the associated risk.
One approach that more and more organizations are considering is encryption of the data on the servers of the cloud provider, but three issues are quickly identified: (1) this may cover data at rest, but what about data in transit?; (2) server-based encryption “breaks” application functionality that end users likely depend on, such as “Searching” and “Sorting” information, and; (3) who owns the encryption keys? (e.g. the Cloud Security Alliance recently published its Best Practice Guidelines highlighting that enterprises maintain full control of encryption keys). While Enterprises need to be able to protect highly sensitive information with data control technology, they need to be able to do it in a manner consistent with the way they need to operate their business. The good news is that options now exist to address these challenges and they are being rapidly adopted across a variety of diverse industries.
One innovative solution is referred to by Gartner as “Cloud Encryption Gateways.” These gateways put sensitive data control back into the hands of the enterprise in scenarios where they are using public cloud services. When designed and deployed correctly, a Cloud Encryption Gateway is able to preserve the end user’s experience with the cloud application even while securing the data being processed and stored in the cloud.
Cloud Encryption Gateways intercept sensitive data while it is still on-premise and replace it with a random tokenized or strongly encrypted value, rendering it meaningless should anyone hack the data while it is in transit, processed or stored in the cloud. If encryption is used, the enterprise controls the key. If tokenization is used, the enterprise controls the token vault. But not all gateways are created equal, so please refer to this recent paper in our Knowledge Center to make sure you ask the right questions when determining which gateway is the right fit for your specific Security, IT and End User needs.
The PerspecSys Cloud Data Protection Gateway provides a flexible data encryption and tokenization platform that provides:
- The ability to preserve SaaS functionality across a wide array of applications while maintaining the highest level of tokenization or encryption protection.
- High availability and enterprise-level performance, with the ability to scale the solution across multiple dimensions.
- Open integration and configuration options that simplify deployment and facilitate expanded use of the platform.
- A hybrid architecture that gives customers the flexibility to consider multiple deployment options, including hosted models to eliminate the need for any upfront capital expenditures.
Learn more about the PerspecSys Cloud Protection Gateway.