Cloud Cryptography

How can I put my sensitive data in the public cloud and stay secure?

One of the biggest barriers to adoption of cloud is concern about security of sensitive data. Cryptography has a central role to play is controlling the risks, but setting and enforcing a cloud cryptography policy is not easy, in particular for regulated enterprises.

There are many choices to make about when to use CSP-native cryptography services, when to use third party cloud cryptography, and when to leave data on premise. Once policy has been set, continuous visibility is needed into how workloads are protecting their data and managing their keys as applications evolve over time.

Cloud Key Management

Many people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure. This can be a particular concern for people working in highly regulated industries.

So how can you know if your keys are secure?

Cloud KMS comparison

Comparison of Cloud KMS Services

To compare the cloud KMS offerings of the 'big 3' CSPs: AWS, Microsoft Azure and Google Cloud; we made this handy infographic.

Read our Cloud Cryptography White Paper

How to Choose a CSP and Migrate Securely

All the major cloud service providers (CSPs) now offer cryptography services. This whitepaper will explain why many businesses are adopting cloud crypto services as they migrate their applications to the public cloud. We will look at what these services do, how to choose a cloud crypto service, and how to migrate an application securely.

We will focus on cryptographic services available from the three largest CSPs (Amazon Web Services, Google Cloud Platform, Microsoft Azure) including their cloud key management services (KMS) and their cloud hardware security modules (HSMs). Lock-in to a single provider is considered unwise by many organizations, so we will also look at the portability of applications designed to use these services.

Finally, we will describe how to understand the cryptographic needs of an application, and how to carry out the migration. We will consider how to monitor the security of a sensitive application that is using cloud cryptography services.

Already registered? Log in here.

Welcome!

As a subscriber to our Knowledge Base, you have free access to all of our white papers, on-demand webinars and more.
Download white paper

Register now

Register for free access to all of our white papers, on-demand webinars and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Popular Cloud Cryptography Blog Articles

Migrate Keys to Cloud KMS Without Rewriting any Code

Cryptosense

In this video Dr. Graham Steel explains how to move to cloud cryptography easily and securely using Cryptosense Analyzer Platform (CAP). In this example we show how we can move an enterprise Tomcat Java application to Amazon's AWS KMS.

READ ARTICLE ->

Are my Encryption Keys in the Cloud Really Secure?

Cryptosense

A lot of people are concerned that their encryption keys stored in cloud services such as AWS KMS, Azure Keyvault, or GCP KMS, are not really secure...

READ ARTICLE ->

Key Usage Detection in Cryptosense Analyzer

Graham Steel

Identifying the cryptographic keys an application really uses, what they are used for, and how they are stored, is a critical step towards many transformation projects...

READ ARTICLE ->

The Capital One Breach and Cloud Encryption

Graham Steel

On 29th July 2019 CapitalOne Financial Corp announced a data breach affecting 140 000 of their customer's social security numbers and 80 000 bank account numbers. CapitalOne is a major user of AWS cloud, and in this case the stolen data was stored in AWS S3 buckets. Why didn't encryption save us?

READ ARTICLE ->
More cloud articles on the blog