Security challenges with multi-cloud and SaaS services

Cloud Services and Platforms

It is our belief that everyone has the right to control and own their data, regardless of cloud service or cloud platform. We also believe that it is important for organizations to take advantage of cloud services and platforms without risking the integrity of sensitive data. The SaaS offering is an important technology for business success, and a recent survey by Harvey Nash showed that organizations consider SaaS to be the most important technology for achieving future business goals.

A survey conducted by Thales showed that almost all organizations surveyed store some form of sensitive data in cloud services. Specifically, 98% of organizations used some form of cloud service to store data. Of these, 78% of organizations used some form of cloud service to store data. Of these, 38% used IaaS environments and 36% used PaaS environments.

The digitization and consumption of cloud services in Europe today are affected by various factors. Cloud Act, Schrems II, and GDPR in particular hinder the consumption of cloud services where personal data is handled, and the service is owned by a company located outside the EU. Privacy rules and local regulatory requirements also pose challenges for companies using cloud services.

Data shown on graph

Increased complexity with multiple services

With increasing data migrating to the cloud, the need to protect data regardless of the platform or cloud service used is increasing. Companies face the challenge of finding secure solutions that enable continued digitalization of their business and consumption of cloud and SaaS services.

The more data that is moved to the cloud, the more complex the security work becomes. This complexity is largely self-caused as companies use multiple IaaS and PaaS environments. Multi-cloud environments have become increasingly common, meaning that data flows across multiple platforms and technologies, further increasing the complexity of controlling and protecting sensitive data.

But with this opportunity to store and manage data in the cloud also comes great demands for knowledge and competence from companies that want to take advantage of these services in a secure way.

To protect sensitive data on cloud platforms and in SaaS services, vendors offer various security measures. But it is almost always up to the customer to configure and protect these services properly, which is a major challenge for many companies. The risk of handling errors and data leakage is always present and can cause significant problems for both the company and its customers.

Data shown on graph

Data integrity and data encryption

There is no doubt that cloud services have changed how we handle and store data. But while the benefits are many, there are also significant risks to consider, especially when it comes to confidentiality of sensitive data.

The more data that is stored in cloud environments, the greater the risks to data security. Despite this significant exposure of sensitive data, the use of encryption and tokenization is low. In fact 100% of those surveyed by Thales report storing sensitive data that is not encrypted in the cloud. The survey found that only 57% of sensitive data stored in cloud environments is protected by encryption, and less than half 48% – is protected by tokenization.

Relying on the protection provided by the cloud service chosen by the company is not sufficient to secure sensitive information and guarantee confidentiality. Even if the provider can assure that data is protected through encryption during transport and storage, this does not give customers the complete control and ownership over their private encryption key that is necessary to secure data in a reliable way.

Key Management Services (KMS)                              

The continued digitization and use of cloud platforms bring challenges regarding the protection of sensitive data. However, centralizing the keys to your data from different platforms can enable a cohesive overview and increased control over access, all from one place.

A KMS (Key Management Service) is a solution that allows for the centralized management and protection of encryption keys for various types of applications and devices in the cloud or locally in your data center.

This service delivers high security to sensitive environments and simplifies security management for both in-house and third-party applications. A KMS service connects to applications through standardized interfaces and provides access to robust features to protect data with keys.

Woman working on laptop in front a online secure cloud
The major advantages of using a centralized solution to protect your data in cloud and SaaS platforms are:

– Separation of responsibilities: By storing encryption keys outside of the corresponding cloud, one can create a separation of responsibilities between data and the cloud provider.

– Reduced risk: One can apply risk-adaptive controls and protection for workloads based on data sensitivity and compliance requirements.

– One place, multiple cloud services: One can use any combination of public clouds, private or on-premises data infrastructures. One can also choose from different ways to manage keys to their data, such as BYOK (Bring Your Own Key), HYOK (Hold Your Own Key), or Native (the cloud's own keys).

– Increased efficiency and operational resilience: One can automate key management across cloud and hybrid environments with processes and tools that have a unified user interface, a common API set, and an overview of where the keys are stored.

A KMS service has standardized connections to multiple cloud providers and SaaS services, such as:

  • Amazon Web Service (AWS)
  • Google Workspace
  • IBM Cloud
  • Google Cloud Platform
  • Microsoft Azure
  • Oracle Cloud infrastructure

Pre-built integrations with SaaS services such as:

  • Zendesk
  • Microsoft 365
  • Google Workspace CSE
  • Salesforce
  • Atlassian

If you want to learn more about KMS as a service, you can visit Complior's website or contact us for a personal demonstration.

Definitions:

SaaS stands for "Software as a Service." It is a software distribution model where a third-party provider hosts applications and makes them available to customers over the internet. The customer accesses the software through a web browser or mobile app and pays a subscription fee to use it.
 
PaaS stands for "Platform as a Service." It is a cloud computing model where a provider offers a platform that enables customers to develop, run, and manage their own applications without having to build and maintain the underlying infrastructure. PaaS offers a complete development and deployment environment, including tools and services for building, testing, and deploying applications.
 
IaaS stands for "Infrastructure as a Service." It is a cloud computing model where a provider offers virtualized computer resources, such as servers, storage, and networking, over the internet. The customer can use these resources to build and run their own applications and services, while the provider is responsible for managing the underlying infrastructure. IaaS allows customers to scale their infrastructure up or down based on their needs and only pay for what they use.


Sources:

Learn more