Security challenges with multi-cloud and SaaS services
5 min
Cloud Services and Platforms
It is our belief that everyone has the right to control and own their data, regardless of cloud service or cloud platform. We also believe that it is important for organizations to take advantage of cloud services and platforms without risking the integrity of sensitive data. The SaaS offering is an important technology for business success, and a recent survey by Harvey Nash showed that organizations consider SaaS to be the most important technology for achieving future business goals.
En undersökning som utfördes av Thales visade att nästan alla tillfrågade organisationer lagrar någon form av känsliga data i molntjänster. Närmare bestämt använde 98% av organisationerna någon form av molntjänst för att lagra data. Av dessa använde 78% en eller flera SaaS-applikationer för att lagra känsliga data, medan 38% använde IaaS-miljöer och 36% använde PaaS-miljöer.
The digitization and consumption of cloud services in Europe today are affected by various factors. Cloud Act, Schrems II, and GDPR in particular hinder the consumption of cloud services where personal data is handled, and the service is owned by a company located outside the EU. Privacy rules and local regulatory requirements also pose challenges for companies using cloud services.
Increased complexity with multiple services
With increasing data migrating to the cloud, the need to protect data regardless of the platform or cloud service used is increasing. Companies face the challenge of finding secure solutions that enable continued digitalization of their business and consumption of cloud and SaaS services.
The more data that is moved to the cloud, the more complex the security work becomes. This complexity is largely self-caused as companies use multiple IaaS and PaaS environments. Multi-cloud environments have become increasingly common, meaning that data flows across multiple platforms and technologies, further increasing the complexity of controlling and protecting sensitive data.
But with this opportunity to store and manage data in the cloud also comes great demands for knowledge and competence from companies that want to take advantage of these services in a secure way.
To protect sensitive data on cloud platforms and in SaaS services, vendors offer various security measures. But it is almost always up to the customer to configure and protect these services properly, which is a major challenge for many companies. The risk of handling errors and data leakage is always present and can cause significant problems for both the company and its customers.
Data integrity and data encryption
There is no doubt that cloud services have changed how we handle and store data. But while the benefits are many, there are also significant risks to consider, especially when it comes to confidentiality of sensitive data.
The more data that is stored in cloud environments, the greater the risks to data security. Despite this significant exposure of sensitive data, the use of encryption and tokenization is low. In fact 100% of those surveyed by Thales report storing sensitive data that is not encrypted in the cloud. The survey found that only 57% av känsliga data som lagras i molnmiljöer skyddas av kryptering, och mindre än hälften – 48% – skyddas av tokenisering.
Relying on the protection provided by the cloud service chosen by the company is not sufficient to secure sensitive information and guarantee confidentiality. Even if the provider can assure that data is protected through encryption during transport and storage, this does not give customers the complete control and ownership over their private encryption key that is necessary to secure data in a reliable way.
Key Management Services (KMS)
The continued digitization and use of cloud platforms bring challenges regarding the protection of sensitive data. However, centralizing the keys to your data from different platforms can enable a cohesive overview and increased control over access, all from one place.
A KMS (Key Management Service) is a solution that allows for the centralized management and protection of encryption keys for various types of applications and devices in the cloud or locally in your data center.
This service delivers high security to sensitive environments and simplifies security management for both in-house and third-party applications. A KMS service connects to applications through standardized interfaces and provides access to robust features to protect data with keys.
The major advantages of using a centralized solution to protect your data in cloud and SaaS platforms are:
– Separation av ansvar: By storing encryption keys outside of the corresponding cloud, one can create a separation of responsibilities between data and the cloud provider.
– Minskad risk: One can apply risk-adaptive controls and protection for workloads based on data sensitivity and compliance requirements.
– En plats, flera molntjänster: One can use any combination of public clouds, private or on-premises data infrastructures. One can also choose from different ways to manage keys to their data, such as BYOK (Bring Your Own Key), HYOK (Hold Your Own Key), or Native (the cloud's own keys).
– Ökad effektivitet och operativ motståndskraft: One can automate key management across cloud and hybrid environments with processes and tools that have a unified user interface, a common API set, and an overview of where the keys are stored.
A KMS service has standardized connections to multiple cloud providers and SaaS services, such as:
- Amazon Web Service (AWS)
- Google Workspace
- IBM Cloud
- Google Cloud Plattform
- Microsoft Azure
- Oracle Cloud infrastructure
Pre-built integrations with SaaS services such as:
- Zendesk
- Microsoft 365
- Google Workspace CSE
- Salesforce
- Atlassian