Research Papers

By Adrian Lane

We are proud to announce the launch of our newest research paper, on multi-cloud key management, covering how to tackle data security and compliance issues in diverse cloud computing environments. Infrastructure as a Service entails handing over ownership and operational control of IT infrastructure to a third party. But responsibility for data security cannot go along with it. Your provider ensures compute, storage, and networking components are secure from external attackers and other tenants, but you must protect your data and application access to it. Some of you trust your cloud providers, while others do not. Or you might trust one cloud service but not others. Regardless, to maintain control of your data you must engineer cloud security controls to ensure compliance with internal security requirements, as well as regulatory and contractual obligations. That means you need to control the elements of the cloud that related to data access and security, to avoid any possibility of your cloud vendor(s) viewing it.

Encryption is the fundamental security technology in modern computing, so it should be no surprise that encryption technologies are everywhere in cloud computing. The vast majority of cloud service providers enable network (transport) encryption by default and offer encryption for data at rest to protect files and archives from unwanted inspection by authorized infrastructure personnel. But the principal concern is who has access to encryption keys, and whether clouds vendor can decrypt your data without you knowing about it. So many firms insist on brining their own keys into the cloud, not allowing their cloud vendors access to their keys. And, of course, many organizations ask how they can provide consistent protection, regardless of which cloud services they select? So this research is focused on these use cases.

We hope you find this research useful. And we would like to thank Thales eSecurity for licensing this paper for use with their customer outreach and education programs. Like us, they receive an increasing number of customer inquiries regarding cloud key management. Support like this enables us to bring you objective material built in a Totally Transparent manner. This allows us to perform impactful research and protect our integrity.

You can download the paper.