The increased use of cloud-based solutions is a boon and bane for CIOs.
It’s a boon because it helps control costs and can simplify infrastructure. It’s a bane because of security risks associated with not knowing where staff are going and what they are doing with corporate data.
Two security providers said Monday they are teaming up to provide a secure key management solution to protect corporate data in the cloud.
Skyhigh Networks of Cupertino, Calif., which makes an encryption gateway that gives visibility into cloud usage, and SafeNet Inc. of Belcamp, Md., which makes multi-factor authentication and encryption solutions, said their cloud-based solution allows enterprises to retain full control of their encryption keys to meet corporate and regulatory compliance requirements.
The cloud-based version provides immediate scale, minimizes network latency, and avoids the expensive upfront investment and limits of on-premise deployments, they said.
Skyhigh is a service that ranks cloud services so CSOs can determine which are too risky for staff to use. It analyzes logs from network devices like firewalls to spot risky behavior. It also puts a token on all sensitive networking and personally identifiable information before uploading log data to the cloud.
SafeNet solutions are integrated with Skyhigh through what the partners say is an optimized and secured key distribution method. This allows companies to centralize encryption and key management for their cloud applications, as well as securely store their keys—in solutions from hardened virtual appliances up to FIPS 140-2 Level 3-compliant hardware if needed, the partners said.
Skyhigh Secure encryption gateways now integrate with on-premises SafeNet key management solutions via the Key Management Interoperability Protocol (KMIP) for enterprise key management, and/or with the SafeNet Luna SA network attached hardware security module for tamper-proof secure key storage. Customers can use these solutions separately or in combination depending on the type of keys and the type of data they need to protect.
“More and more organizations are asking to encrypt their data in business-critical SaaS applications such as Salesforce, ServiceNow, and Microsoft Office 365 with customer-managed keys,” said Chris Cesio, Skyhigh’s vice president of business development and alliances. “Through integration with SafeNet’s leading key management solutions, we’re providing a scalable, standards-based approach that gives customers flexibility of deployment models so that they can leverage the benefits of cloud services while ensuring the best possible security controls.”
Skyhigh says its customers include Cisco Systems Inc. and SAP. SafeNet, whose customers include the Bank of Canada and the federal government’s online transaction system , sells through channel partners. One of them is Interwork Technologies of Ottawa.