For the first time ever, we are seeing that more enterprises are moving more workloads to the cloud than their data centres.ย  With these new applications, they are also sending sensitive data to the cloud, and, in some cases, ignoring the risk of that data being compromised.

In fact, today, nearly two-thirds of enterprises are using SaaS applications, while the percentage of workloads deployed to the cloud is expected to rise from 41 percent to 60 percent in the next two years. And itโ€™s not hard to understand why; cloud services eliminate the need for internal infrastructure, maintenance and support, improve productivity and ultimately reduce costs.

However, where there are rewards, there are also risks. As information moves to the cloud, data may be under an organisationโ€™s logical control but it will physically reside in infrastructure owned and managed by another entity. And this is cause for concern for many within the business community. In addition to an overwhelming fear that their cloud data could suffer a security breach, the majority of organisations in our most recent Data Threat Report revealed that they were concerned over shared infrastructure vulnerabilities and also a lack of control over where data is processed and stored in the cloud.

Curbing the fears

Of course, cloud and SaaS providers can use encryption to protect an organisationโ€™s sensitive data stored in the cloud. And, at a point when data breaches are at an all-time high, such security measures have never been more important. If we are to learn anything from the various cyber-attacks on high profile organisations over the past few years, itโ€™s that hackers are after one thing: data. Protecting it using encryption is critical to ensure that any data is rendered useless to anyone other than its owner.

However, this is just one part of the puzzle. Encryption alone is not enough – access control and key management can also prove to be weak points in a providerโ€™s defences. So, to recap the benefits of cloud computing confidently, an organisation must have full control over its data โ€“ and the keys that protect it. Keys represent trust, and their secrecy and integrity determine whether that trust can be relied upon.

[easy-tweet tweet=”โ€œbring your own encryption keyโ€ identified as the most popular way to secure data in the cloud” hashtags=”BYOK, Cloud”]

Keeper of the keys

To acknowledge this trust balance, we have seen rising popularity in businesses managing and controlling their own encryption keys. In fact, the โ€œbring your own encryption keyโ€ (BYOK) concept was identified as the most popular way to secure data in the cloud, according to our 2017 Data Threat Report. Whatโ€™s more, when it comes to the security techniques and solutions organisations are planning to implement next year, encryption with BYOK topped the list.

Clearly, this is a trend not to be taken for granted. As such, almost all the major cloud providers from Microsoft to AWS now offer BYOK capabilities. Google, for example, have all enabled a BYOK strategy for their Cloud customers to generate, protect and supply their encryption keys to the cloud using an on-premise hardware security module (HSM), allowing them to securely move more workloads to the cloud.

Furthermore, while most organisations want to take advantage of the public cloud, many are faced with resistance when migrating workloads containing sensitive data due to strict security standards that support internal policies or regulatory compliance. These requirements, however, are often overcome when encryption and customer controlled keys can prove to auditors that the enterprise is the custodian of the encryption keys and, consequently, the data they protect.

Taking control

While only 35 percent of global organisations either currently implement or have plans to implement BYOK encryption as part of their overall data security strategy, we can be certain that, as more businesses move sensitive data to cloud against a backdrop of an ever more precarious threat landscape, this number will only increase.

So whether your organisation is adopting a public, private or hybrid strategy, ensuring confidentiality and security of data has to be at the top of your agenda. We only have to recall the numerous data breaches on high-profile organisations โ€“ from Yahoo to Ashley Madison – to understand the devastating impact of valuable data being hacked and leaked online. As more organisations focus on moving their sensitive data and applications to the public cloud, now is the time to take control, hold the keys to your castle and protect your data – even when it is physically out of reach.

+ posts

Peter Galvin, Vice President of Strategy,Thales e-Security

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

How AI is Transforming Customer Communication Management

Business communication has evolved over the years. Today, it's...

Investment Opportunities for Startups and Technologies in AIย 

Although artificial intelligence developed from niche technology has become...

Four Surprising Lessons I’ve Learned Leading Tech Teams

Techies. Geeks. Boffins. Whatever your organisation calls its IT...

A Business Continuity Cheat Sheet

Right, let's be honest. When you hear "business continuity,"...

Challenges of Cloud & Ultima’s Solution to Transform Business

With the way that AWS and Microsoft dominate technology...