Sébastien Pavie, VP Sales Southern EMEA, Data Protection solutions at Thales, tells Anita Joseph, Editor, Reseller Middle East, about the company‘s comprehensive range of data security solutions which aim to protect sensitive data regardless of the environment.
Implementing Digital Transformation solutions is easier said than done. What’s the biggest challenge CISOs face here? Why?
All roads lead to data protection, cloud, and secure remote working. But if businesses don’t have the agility to respond to future crises (as with the pandemic), they will continue to be caught out. As more organisations accelerate their digital transformation processes, they need to implement balanced and robust security both in physical and cloud environments. As a result, businesses will continue to increasingly adopt multi-cloud and hybrid cloud environments. As we exit 2021, the organisations achieving true success will be those that have instilled an inbuilt agility and resiliency needed to succeed, no matter the size or industry.
As data breaches continue and compliance mandates get more stringent, how can organisations protect sensitive data in both on-prem and cloud environments?
Before the pandemic hit, the 2020 Thales Data Threat Report revealed that 50% of all data was stored in cloud environments while 47% of organizations experienced a breach or failed a compliance audit in the past year. With this number likely to have gone up dramatically since the pandemic started, this means a deluge of companies are encountering new data protection challenges while trying to get to grips with the wider environment and the challenges posed by working away from each other.
Regardless of where the data resides, there are recommended actions companies can take now to make a start on protecting data in their possession. These include:
- Discover your data wherever it is and classify it. That way an organisation knows what data it has so it can apply the appropriate security policies required by legislation.
- Protect sensitive data in motion and wherever it is stored using encryption. Encrypting network traffic and data in the cloud and data centres ensures that unauthorised users cannot read the data.
- Control access to the data by securing the use and storage of encryption keys throughout their lifecycle. That way, the company in question owns the keys, not the cloud provider..
Tell us something about the multi-cloud data security solutions that Thales provides. What are the key benefits?
One of the biggest challenges in data security today is the rapid growth in complexity of the average enterprise IT infrastructure. An organization’s IT infrastructure is no longer limited to desktop computers and servers. Instead, there is a clear growth in the adoption of multi-cloud services. According to the 2020 Thales Data Threat Report – Global Edition, organizations use 29 different cloud services on average. With increasingly blurred security perimeters, organizations are challenged to implement and manage consistent unified policies to their distributed IT resources.
Every business has a mix of legacy and new platforms. However, with new platforms come new risks. Each new environment that an IT security team needs to learn to configure, monitor, and secure is one more opportunity for an oversight or mistake that can easily result in a data breach. This is further complicated by the increasing number of global and regional privacy regulations with differing compliance requirements. To effectively comply, organizations can no longer rely on siloes and traditional approaches to secure their sensitive data.
All of these factors combined is putting sensitive data at risk. And a lack of visibility and operational complexity has resulted in organizations not knowing where all of their sensitive data is stored. Thales’ new CipherTrust Data Security Platform also reduces total cost of ownership for organizations of all sizes by simplifying data security, accelerating time to compliance, and securing cloud migrations.
Built on an extensible infrastructure, the new platform enables IT and security departments to discover, classify and protect data-at-rest in a uniform and repeatable way. Additionally, data security administration is simplified with a ‘single pane of glass’ centralized management console that equips organizations with powerful tools to combat external threats, guard against insider abuse, and establish persistent controls.
What, in your opinion, are some of the best practices for secure cloud migration? What are organisations missing/overlooking?
We recommend organisations apply controls to what matters most, their sensitive data, and follow the following best practices:
Step 1 – Know your data: Where is your sensitive data and on which platforms, who has access to it?
Step 2- Take Control of Your Data: Identify and classify your data, then sort it according to importance. Make sure the important data are secure and the correct security policies are adhered to. Use encryption to anonymize your data.
Step 3 – Managing Access to your Data: Ensure that you can effectively manage who has access, what they have access to and from where they can get access.
Step 4 – Adequately Secure your Data: Ensure that all sensitive data is encrypted and you have control over the keys lifecycle. If your Cloud provider is natively encrypting, make sure you control the keys with secure BYOK or HYOK.
Step 5 – Protect your Keys: Separate the access to your critical keys across different roles and ensure you know who has access to keys and when. Make sure your keys are secured in an HSM and they are auditable to help you with your compliance.
Step 6 – Think ahead to Future Needs: Consider your potential need for hybrid models in the case you need to pull data back on-premises. Consider your policies and architectures carefully. Think multi-cloud with security that follows the data.
What are the data protection products that Thales offers and how do they ensure protection against evolving threats, cost-effectiveness and compliance/best practice requirements?
Thales offers a number of data security solutions, which aims to protect sensitive data regardless the environment: on-premises, hybrid, cloud or multi-cloud. Some of these include:
- Our Thales Data Discovery & Classification solution helps organisations discover their data and classify it based on how sensitive it is;
- CypherTrust Transparent Encryption offers data-at-rest encryption delivering granular encryption, tokenization and role-based access control for structured and unstructured data residing in databases, applications, files, and storage containers.
- CipherTrust Cloud Key Manager combines support for cloud provider BYOK APIs, cloud key management automation, and key usage logging and reporting, to provide cloud consumers with strong controls over encryption key life cycles for data encrypted by cloud services
- Thales High Speed Encryption provides customers with a single platform to ‘encrypt everywhere’— from network traffic between data centres and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud.
- Luna HSMs are purposefully designed to provide a balance of security, high performance, and usability that makes them an ideal choice for enterprise, financial, and government organizations.
- SafeNet Trusted Access helps organisations streamline cloud identity management, eliminate password hassles for IT and users, provide a single pane view of access events across your app estate and ensure that the right user has access to the right application at the right level of trust.