Microsoft Cloud Authors: Pat Romanski, Andreas Grabner, Nick Basinger, Kevin Benedict, Liz McMillan

Blog Feed Post

Don’t be stupid, use (cloud) protection!

- By Andy Thurai (Twitter: @AndyThurai)

This article originally appeared on PandoDaily.

Looks like Obama read my blog! The White House got the message. Politicians now seem to understand that while they are trying to do things to save the country, such as creating NSA programs, they cannot do that at the cost of thriving and innovative businesses, especially cloud programs, which are in their infancy. Recently, Obama met with technology leaders from Apple, AT&T, Google and others behind closed doors to discuss this issue.

While American initiatives, both federal and commercial, are trying to do everything to fix this issue, I see vultures in the air. I saw articles urging nationalism among Canadian companies, asking them to go Canadian. In addition, they are also trying to use scare tactics to steer the business towards them, which is not necessarily going to help global companies in my view.

Scare tactics – The Americans are coming…

americans coming

For instance, German federal data protection commissioners threatened new bureaucratic hurdles for anyone using US cloud providers. The nation’s Interior Minister, Hans-Peter Friedrich, announced “whoever fears their communication is being intercepted in any way should use services that don’t go through American servers.” A  German state justice minister, Jörg-Uwe Hahn, called for an outright boycott of U.S. companies. Europe’s largest oil company (Royal Dutch Shell Plc.) and one of Microsoft’s biggest clients in the region, decided to store its data in Germany with T-Systems and decided against Microsoft because Microsoft’s offering is U.S.-based.

The Dutch Security and Justice Minister, Ivo Opstelten, told Parliament that U.S. companies will be excluded from bidding for IT services by his government because of fears that the U.S. Patriot Act may allow data to be compromised. “It’s extremely important to have the governments of Europe take care of this issue,” said Jean-Francois Audenard, the cloud security advisor to France Telecom. “If all the data of enterprises were going to be under the control of the U.S., it’s not really good for the future of the European people.”

Sweden and the Swiss have jumped in the bandwagon.  Johan Christenson, CEO of City Network from Sweden, noted, “[t]here are a lot of customers that come to us because they want to store their data in Sweden (instead of U.S.A.).”  Mateo Meier, CEO of Artmotion, Switzerland’s largest hosting company, said that revenues jumped 45% since the Snowden leaks.

The list goes on….

In any case, if your operations, and your consumers, can be restricted to just your local country, assuming your country has cloud awesomeness, it will be wonderful. But the reality is that it can never be. I am not even sure if they are really seeing that many customers taking their business away from US cloud provider as they claim above. Or this could simply be a scare tactic by starving international cloud providers to get their business to increase.

The reason why cloud became so popular is because it knows no national or cultural boundaries. By choosing these localized boutique cloud providers, you will lose the ability to use the best of the cloud providers and will limit yourself to using some sub-standard providers just because they are local and abide by your country’s laws. This will result in cloud silos giving way from best of the breed providers to low quality, high cost providers driven by scare tactics. Also, keep in mind there is no guarantee that these providers will guard your sensitive data with their life either. It could be a bigger disaster waiting to happen.

So what does a business that wants a cloud-based solution do now?

You can either be scared away by stories like above and steer away from U.S. based cloud implementations, or take counter measures to make your usage of clouds better, not just for now, but for the future.

So how do you do that? As I explained in my earlier pandodaily article, the easiest and quickest way to do this would be not to send sensitive data to the cloud.

There are a few ways you can make this happen. First, let us explore the various ways to do this and then let us explore the possible options:

  1. Big bang approach – Legacy way of doing things. Once you figure out the areas of your system, and the workload that goes to cloud, you can do the rip and replace approach in which you will touch every system component that needs to be modified and rewrite the system to modify the sensitive un-secure data to be encrypted/ tokenized/ redacted. This might involve touching every component and changing your entire architecture. This will be the most expensive, painful and the slowest approach. While this can be the most effective for spot solutions, this could be an issue if you have to do this every time you enable a new system/ application to use cloud services.
  2. API/SDK approach – More effective than big bang. In this case, you can retrofit applications, processes, systems, databases, etc. by making those components call an API (or an SDK) which will convert the sensitive data and return one of the approved formats which can be sent to the cloud for storage or processing. This requires you to do minimally invasive procedures. While this doesn’t require you to change your entire architecture/system, it still requires you to touch all those components that need to be compliant. Effectively, this method is a lot faster and quicker to the market, while also giving you an opportunity to change quickly when the needs change.
  3. Gateway approach. In this you essentially monitor the traffic between enterprise to cloud and vice versa and de-sensitize the data in transit. You can either have global policies or location, device, system and cloud specific policies. This method is effectively the cheapest, and the quickest to the market. However, the biggest advantage is that the changes to your existing systems will be very minimal to nil. Essentially, you make the sensitive data flow through the gateway, which will take care of converting the de-sensitizing the data before it hits outside your perimeter.

How do you do that?

Let us explore what I mean by don’t send sensitive data to cloud. You can do one of the following:

  1. Encrypt the data – This will create a garble out of the original data. While this is a good way to desensitize the data, the strength of protection depends on the key strength and algorithm used. You also need to worry about key management issues. (Key rotation, key expiration, re-keying the old data, etc.)
  2. Format preserves the encryption – Variation of the above. In this case, the output can make fit the original format of the data so it won’t break the backend systems.
  3. Tokenize your data – Create a random token that will look, feel, and act the same as original data; store the original data in your enterprise secure vault locally; send the tokens to the cloud by replacing the sensitive data.
  4. Redact data – Keep portions of data and mask the rest of the data. This is the safest of all formats but you won’t be able to get the original data with this. Best used for archival purposes.cloud vault

Don’t be a naïve cloud user by shifting responsibility to your cloud provider and expecting them to deliver protection to YOUR data. Get smart by putting solutions and controls in place that will give you control of the situation. Don’t send your raw sensitive data to the cloud.


The post Don’t be stupid, use (cloud) protection! appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...