Even as the cloud computing model delivers value in terms of operational flexibility, enhanced user experience and economic benefits, risk-conscious organizations remain hesitant to adopt cloud computing. The primary concern that these organizations wrestle with is structural: how to control, secure and protect data that is processed by a third-party service.
Traditionally, encryption has been implemented to secure data-at-rest and data-in-transit. However, enforcing controls for data in the cloud raises two fundamental issues:
- How to insulate corporate data resident on cloud-based servers from third-party access and maintain the encryption when the data is processed in the cloud.
- How to ensure that functionality is preserved and the full business benefits of a migration to the cloud are realized.
Vaultive specifically addresses these structural needs to secure data that is processed by and hosted in a third-party environment. This capability represents a significant technical advance, and is based on intensive R&D in the areas of encryption and key management by Vaultive over the course of more than four years by a team of world-class engineers.
As a result, Vaultive enables businesses to adhere to the Cloud Security Alliance’s best practices for cloud computing:
- Data should be encrypted before it leaves the business’ control – Functioning as a gateway that can be deployed either on-premise, at a trusted third party or behind a VPN, Vaultive can serve as a demarcation point between a business’ network and the cloud. Data is encrypted as passes through the Vaultive gateway before it leaves the network.
- Encryption should be implemented for data at rest, data in transit and data in use – Persistent encryption protects data across the entire lifecycle – in transit, at rest and in use. Vaultive ensures that data remains encrypted in place within a third-party’s environment and throughout the data lifecycle, but is seamlessly available to authorized users.
- Encryption keys should be retained by the end-user organization, not the cloud provider – This seems self-evident, but it bears repeating, if the encryption keys are held by the same cloud provider that hosts and processes the data then little value is achieved.