listen to this article:
As our digital footprint continues to grow even more rapidly by the expanding remote work world, more and more enterprises have shifted their focus to the cloud. For those with heavy investments in on-premise infrastructure, hardware security modules (HSMs), or even apps partially in the cloud – the ability to secure and more importantly manage keys across a multitude of scenarios, can result in a cost-prohibitive standstill. And while many a vendor will use terminology such as cloud-agnostic, or support for multi-cloud, it’s important to challenge that, especially when you are trying to meet the challenges associated with migrating and securing digital assets, information, and applications across any cloud.
The Cost of the Cloud Shift
The centralized management capability offered by the cloud, while lucrative is not always as feasible and seamless when it means abandoning years of tried-and-true hardware that may be in consideration for obsolescence. So, what are IT managers up against when they decide on a cloud shift that requires that some existing hardware remains intact? Several issues will surface, such as the time-consuming task of maintaining multiple systems, implementing key management solutions, and the creation of multiple keys depending on the application supported and authentication path. Developers and solution architects take on the biggest migration risk, because the painstaking work that it took to develop an application once, may now have to be repeatedly refactored to ensure that keys work anywhere, any cloud, at any time.
Related reading: Is Your Business Crypto Agile for the Cloud?
Scattered Key Management Platform
Most cloud providers have a key management solution (KMS) that delivers a segmented picture of the cryptographic key logs and usage reports, that is inherent to their cloud, making it impossible for enterprises to manage their entire key arsenal in a single place with full visibility of cryptographic keys, across multiple sites from on-premise to hybrid and multi-cloud. This greatly impacts distributed enterprises and financial organizations as they expose themselves to the most risk and increased costs when not fully considering the impact of a disparate infrastructure when moving to the cloud.
Once an organization begins to vet the potential risks and considerations of their shift, many find it close to impossible to manage their entire cryptographic arsenal across disparate sites and multi-cloud due to the dependencies on the very applications that they are looking to authenticate having written to each cloud requirements. This greatly impacts the time to market with existing and new applications that require keys to ensure proper security policies are met and could have drastic repercussions on the organization’s ability to prevent cyber-attacks and data leakage.
So how does one implement a solution that accounts for existing and new infrastructure, accelerates your financial institution’s time to market, and enforces the policy, custody, and security parameters you are required to meet?
The Road to Hybrid Cloud and Multi-Cloud
In an on-premise environment, the technology and where it is housed is physically known and visible to the user; however, when it comes to cloud management solutions, that control is abdicated and trust can be easily impacted. Controlling cryptographic keys should not be a leap of faith, but a gain in agility and visibility of all assets, anywhere any time.
Banks can often invest months trying to implement a partial solution to the major problem a fragmented environment. Meeting the requirement that provides a single pane of glass to their keys and digital assets on where they are stored, how they are being used, who is using them, and how they are being programmed is only a challenge that we can meet with the superior security benchmark of multi-party computation (MPC). These MPC-enabled key management systems should inherently provide the capacity to communicate universally across any key stores to identify usage and misuse, in order to leverage and coexistence with existing hardware (HSM) legacy solutions.