Using ‘ bring your own encryption ’ to secure cloud based data
While cloud computing, virtualisation, and other enabling technologies are integral to the Always-On business, it should not detract from the importance of security. This article discusses how bring your own encryption (BYOE) could reprioritise this for decision-makers
By Gregg Petersen, Regional Director, Middle East and SAARC at Veeam Software
Bring your own encryption, or BYOE, is a relatively new cloud computing security model that is providing companies with a new way to address data storage security concerns in a cloud-based environment. Above all, this new trend is encouraging decision makers to put security as high on the agenda for the Always-on business as other business-critical technologies such as cloud computing and virtualisation.
The BYOE security model gives cloud customers complete control over the encryption of their data. In essence, this enables them to use a virtualised example of their own encryption software together with the applications they are hosting in the cloud, to encrypt their data. At the same time, cloud providers are finding innovative ways to let users manage their encryption keys.
Up to now, questions around data sovereignty drove the majority of decisions around moving to the cloud. After all, having corporate data being subjected to the laws of the country in which it is located has created additional challenges for CIOs the globe over. With BYOE, it does not matter where organisational data resides as the company has its own encryption key.
The BYOE paradigm places the onus on the business to encrypt the data locally before storing it offshore. Given the connectedness of the world and the extent at which people access back-end corporate data using a myriad of devices irrespective of location, this is an especially empowering way of going about security.
It is a great way of diversifying the backup strategy of an organisation. Not only does it mean there are local and off-site copies available, it also provides decision-makers with the added peace of mind that the data is secure from prying eyes.
Of course, this does not mean companies should embark on a mass exodus and migrate to international solutions providers. Instead, BYOE gives companies the flexibility to use local cloud providers as their primary option and offshore data centres as additional backups once the data is encrypted.
Lost my keys!?
When it comes to this model one of the biggest concerns is what happens if the encryption key is lost? After all, encryption is theoretically a single point of failure that could see all corporate data lost. There are ways to address this. As an example, Veeam has implemented a feature where it can generate a new encryption key for the company. This is done once certain elements have been verified and provides customers with a fail-safe solution around encryption.
It is important to note that using BYOE does not mean there is an inherent distrust towards cloud providers and their ability to store data. Rather, it is about securing corporate information as effectively as possible using all the options available to meet regulatory requirements. Bring your own encryption can even help build trust with partnered vendors. If a corporate company relies on a service provider who understands its unique requirements, the best way to enhance the relationship is to integrate BYOE.
The always-on business requires an environment that is conducive to innovation and leveraging the best technologies for the needs of the business. BYOE supplements that from a security perspective and ultimately allows businesses to confidently transition their IT operations into the cloud.