New solutions to help organisations discover, protect and control sensitive data in multicloud environments

May 19, 2021

With each cloud provider having unique data protection mechanisms and key management offerings, multicloud data protection presents a complex security challenge for organisations. Our latest cloud data security solutions (Google Cloud, Microsoft Azure en Amazon Web Services) allow customers to maintain control of and manage their encryption keys, as well as manage access and authentication across hybrid and multicloud environments. This enables organisations to bring their own security to the cloud and solve major challenges including discovering critical data, reducing operational complexity and ensuring data sovereignty.

“These capabilities are critical to cloud migration and security, especially with such accelerated growth in this area,” said Sunil Potti, Vice President and General Manager of Google Cloud Security. “True to our mission, we have forged this collaboration with Thales to further protect our customer’s most sensitive information. We are empowering customers to leverage the full potential of Google Cloud technology for sensitive workloads, by utilising the Customer-Managed Encryption Key-integrated GCP services, CipherTrust Cloud Key Manager and SafeNet Trusted Access for access management and authentication from Thales. This will enable enterprises to deal with a fluid and dynamic business environment where protecting sensitive data in the cloud is of extreme importance.”

Simplifying Multicloud Security

Thales Data Discovery and Classification automates the discovery, classification and protection of data in the cloud and on-premises using automation policies that identify sensitive data and protect the data with encryption or tokenisation. These capabilities have now been extended to the discovery and classification of data in Amazon Web Services S3 buckets and Azure Blob storage.

To address both the complexity of where data is stored and to help ensure data sovereignty in a multicloud environment, effective encryption and tokenisation is needed. Below you’ll find some of the (technical) new functionalities and possibilities for data protection in the cloud::

● CipherTrust Transparent Encryption for advanced encryption and access controls, protects data in Amazon Web Services Simple Storage Service (S3).
● Encryption of Kubernetes secrets and Google Anthos Service Mesh signing keys.

● Thales is also offering CipherTrust Cloud Key Manager support for Google Cloud’s External Key Manager (EKM), building on the existing CipherTrust Key Broker for Google Cloud EKM which is part of the Thales Data Protection on Demand cloud-based platform.

● SafeNet Trusted Access integrates out of the box with Google Workspace, Azure and AWS, enforcing the appropriate access controls and authentication for privileged and regular users.

● SafeNet Trusted Access is offering new abilities to provide authentication and authorisation for APIs and for applications not using industry-standard protocols such as SAML and OIDC.

“The proliferation of multicloud computing has created new organizational challenges in managing data across many different cloud environments. Whilst organisations have benefited from scalability and speed to market thanks to the power of cloud, the ever-expanding IT cloud landscape has added greater complexity to data management and security”, said Sébastien Cano, Senior Vice President, Cloud Protection and Licensing activities at Thales. “In a post pandemic, highly regulated world, it is even more important for organisations to understand what data they have, where it sits, who can access it and the risks associated with managing it. Only once an organization understands all of these data lifecycle aspects, can they ensure that it is secured and managed correctly.”