By Tony Willis, Director of Enterprise Architecture • Global ICT Architecture – T-Systems International
Cloud Computing has moved well beyond buzzword status to become a bona fide business-enabling technology area that can be used enterprise-wide, by sales, marketing, procurement and line of business, and for multiple purposes – including collaboration.
However, despite Cloud Computing’s evolving maturity its adoption continues to face a number of challenges due to Public, Hybrid and Community-based Cloud solutions being based on an Internet-based accessibility and delivery backbone – and enterprise data being stored externally.
On the flip side, Cloud is often deployed (unchecked) in silos where business units and even individuals are using Public Cloud services without considering that this might leave the business vulnerable.
The argument is often – we cannot wait weeks and months for a corporate solution when we can start using a Public Cloud offering within hours.
The challenge therefore is for IT departments and/or their outsourced providers to deal with a very real factor: human nature. And rather than resisting it, why not simply provide a set of security precautions that enable the business rather than constraining it?
The same solution can enable on a broader level those companies that remain reluctant to move over to the Cloud as they have inherent concerns about security, privacy and compliance with industry-based regulations.
The industry has been working very hard at offering viable security solutions and Cloud Encryption Gateways undoubtedly fall into this category. These gateways enable companies to encrypt sensitive information as it moves beyond the enterprise boundary into the Public Cloud and then decrypts it again when it is accessed again internally by users.
Should data ever be compromised (copied, stolen or accessed) while under the supervision and custody of a Public Cloud Provider, the data is in encrypted format and will be of no value to any person illegally trying to make use of it as they can see only an encrypted depiction/version of this sensitive data.
Furthermore, Cloud Encryption Gateways maintain the Cloud application user experience – with near zero latency – and without needing to make any changes to the Cloud application itself.
A Cloud Encryption Gateway is deployed at the enterprise perimeter, and essentially acts as a reverse proxy server that monitors all incoming and outgoing traffic between enterprise users and their Cloud applications.
The encryption gateway examines all outgoing cloud requests, in near real-time to encrypt or ‘tokenise’ the data, and then modifies the request to the Cloud application.
Similarly, encrypted or ‘tokenised’ data returning from the Cloud application is converted, again in real time, into cleartext (i.e., text that can be read) prior to being displayed to the end user
Cloud Encryption Gateways are becoming more prevalent, which is why it important to choose the right one. Here are a number of important features to consider:
- An enterprise-class solution that offers support for all Cloud environments: it must be deployable on-premise and support connectivity to Public, Hybrid, Community and even Private Clouds;
- Offer support across most (if not all) Public Software as a Service Cloud applications (e.g. Salesforce, Force.com, Chatter, AWS S3, Google Gmail, and Microsoft Office 365) while enforcing unified data protection policies across these applications and over any communication protocol (HTTP, SMTP, SOAP, REST etc.);
- Strong encryption & tokenisation capabilities utilising industry standards such as AES-256 strong encryption;
- Allow for Cloud application capabilities such as indexing, sorting and reporting to be maintained;
- Support Mobile devices regardless of form factor: laptops, tablets, and smart phones; and
- Support latest technologies such as HTML5 applications.
Cloud Encryption Gateways undoubtedly form part of a feasible security solution for Cloud Computing and should be considered as part of any Enterprise Cloud Strategy as well as with any Cloud migration or deployment to an external Cloud environment.