In an agreement that will compel quicker migration of sensitive data between public clouds, private clouds and private IT infrastructure, Thales and Google Cloud will collaborate on new features that give organizations more control over their encryption keys – and their data.
“A security team that properly manages the entire lifecycle (creation, rotation, versioning, backup, deletion) of their encryption keys truly has ownership of their sensitive data, no matter where it exists,” Todd Moore, vice president of encryption solutions at Thales, told SC Media. “This is especially true for data that has heightened compliance and sovereignty data security requirements.”
Thales has been collaborating with Google Cloud for several years “to deliver joint solutions that allow enterprises to move and secure their most sensitive data assets to Google Cloud Platform and Google Workspace,” Moore said. This year that collaboration has included services for Thales's Data Protection On Demand in Google Marketplace with plans to add support for other Thales key sources.
The latest collaborative agreement was build on that history to offer a solution that Thales said would manage, broker and store encryption keys completely controlled by the user organization, a growing ask. The Thales 2020 Data Threat Report-Global Edition found that half of the corporate data in the world is stored in the cloud, with 48 percent of that deemed sensitive.
Enterprises have faced numerous challenges in the quest to migrate that sensitive data between public clouds, private clouds and private IT infrastructure. For many, data and workloads do not always stay in one environment. “Data needs to move between on-premise and cloud (public and private) environments,” said Moore.
“There is a balance between having control of your sensitive data and optimizing the features within a public cloud environment,” he added.
Encryption and centralized key management can offer much-needed control across those various environments, "but it breaks some of the automation and orchestration features provided by the public cloud,” said Moore. “There needs to be a balance between control of your data and the benefits provided by public cloud.”
Moore expects “substantial progress” stemming from the collaboration with Google Cloud during 2021, spurred by “the increased focus on global privacy regulations” like Schrems II.
“With the uptick of cloud adoption and the increasing amount of compliance regulations, it has never been more important to arm organizations with the critical elements of data protection - discover, protect and control,” he said.