Does one size fit all for cloud encryption gateways?
With the launch of support for additional cloud-based services, including Microsoft Yammer, Box, Microsoft Dynamics CRM Online, SkyDrive and SharePoint Online through Vaultive Platform for SaaS, we now provide a single encryption platform for multiple applications. The thought process behind this phrase – a single encryption platform for multiple applications provided by one vendor – is deliberate. Why are we making such a big deal out of it?
Risk-aware organizations are not moving to embrace cloud-based services in a headlong rush. Rather, they are taking definitive, measured steps where they can control each increment.
We’ve added support for many applications in recent months and support for many others is under development.
Each time we develop support for additional applications, we understand the serious responsibility we are undertaking in creating a solution that truly meets the requirements and expectations of our customers:
- First and foremost, it must be secure. The encryption has to be strong, and not in any way vulnerable to common attacks such as chosen plaintext attacks.
- The second requirement is that it has to meet our customer’s operational requirements and work within their existing ecosystem.
- The third is that is has to be transparent to the 99+% of the employees in the company who do not work in IT or Security.
- Fourth, is that the solution has to be seamless to the cloud application.
The more complex and sophisticated the customer’s service requirements, the more likely it is that a one-size fits all approach will prove to be a recipe for a disaster.
Our experience with Exchange Online, and now Dynamics Online, Box, Yammer, SkyDrive Pro and SharePoint Online, is that every large enterprise, regulated organization and even many small and mid-size businesses have complex requirements. While their governance and security requirements are consistent across PaaS, IaaS, storage as a service, CRM or HRM apps as well as email applications, the technical requirements to encrypt data-in-use and preserve features and functionality is vastly different.
From the customer’s perspective, it is appealing to use a single encryption platform for multiple applications. No customer wants to have to manage multiple boxes, management interfaces and vendors. The reality, however, is that to strike an acceptable balance for any risk conscious organization between security and functionality requires deep application knowledge and encryption-in-use expertise.
The bottom line is that enterprises should be wary of any vendor making sweeping statements about the extent of their support for cloud applications. Dig a little deeper on degree of support, or risk a gamble on production readiness. The degree of support is as critical as the extent of support.