Three steps security professionals can take to secure data in a multi-cloud environment

Multi-cloud adoption is the future of cloud technology, according to Thales’ 2023 Data Threat Report. The study finds that four-fifths of businesses (79 per cent) are using infrastructure provided by multiple cloud service providers, such as Amazon Web Services, Google, and Microsoft Azure – up from 57 per cent in 2021.

At the same time, over half of businesses surveyed shared concerns that multi-cloud environments make it more complex to manage privacy and data protection in the cloud. And data breaches are on the rise: according to the report, nearly half of businesses globally experienced a data breach within their cloud environment or failed a security audit in the prior twelve months.

A multi-cloud environment offers organisations benefits such as flexibility, scalability, and access to services from a range of cloud environments, while also creating a more complex security landscape for information security officers to manage.

GovInsider speaks with Shaun Chen, Director of Sales Engineering from multinational company Thales to better understand the key challenges that multi-cloud environments pose to IT security professionals, and the three steps governments can take to protect data in a multi-cloud space.

1. Know your data well

Poorly secured data on the government cloud can pose threats to national security and digital sovereignty. Modern conflicts have evolved beyond physical warfare to encompass the emerging tactics of cyber attacks and defence.

Data breaches have the potential to cripple critical infrastructure and pose a significant risk to national security. Governments worldwide are increasingly concerned about protecting critical infrastructure and citizens' data from cyber threats and potential manipulation.

"The Facebook-Cambridge Analytica breach revealed the grave impact of misusing citizen privacy data on elections and national security, prompting countries across the world to enact stricter data privacy regulations and sovereignty acts,” said Chen.

But the first step to securing data is knowing your data.

As various forms of data continue to grow in volume, organisations struggle to discover and classify data residing in their cloud environments, explains Chen. This means that organisations might be unaware of sensitive data that is regulated and require strong protection – which poses a security risk.

Thales CipherTrust Data Security Platform can help security professionals discover and classify information across data stores, be it on-premises or on cloud. It can also support security professionals with risk analysis and provide recommendations on security measures, he shares.

“After determining the appropriate classification, they can implement relevant security measures, including encryption, tokenisation, or bring your own key (BYOK) options, Chen added. This provides organisations with increased flexibility and autonomy in determining how to manage their data security.

2. Secure your data with encryption

Data security platforms like Thales' CipherTrust Data Security Platform helps organisations secure data across a range of cloud environments by offering advanced tokenisation and encryption capabilities. This guarantees that data can only be accessed by authorised individuals with the correct cryptographic keys.

In turn, these features enable the protection of sensitive information, such as personally identifiable information (PII) and payment card data, ensuring data integrity and mitigating potential risks to data security. In 2023, nearly two-thirds of businesses places sensitive data on the cloud, with more than 40 per cent of their cloud data being sensitive.

Under the shared responsibility model, cloud services providers are responsible for the security of the cloud – i.e., the hardware and the software of the cloud infrastructure – while customers are responsible for managing the security of data residing on the cloud.

While the multi-cloud enables organisations to access services and products across providers, the shared responsibility model means that governments that adopt a multi-cloud approach will have to manage security protocols across a range of environments, explains Chen.

“Each cloud vendor implements their own security protocols. However, from the customer's standpoint, managing these protocols across various environments and vendors becomes a crucial and complex task,” says Chen.

And he cautions that as agencies adopt emerging technologies such as artificial intelligence, the amount of data that need encryption will only grow.

“When we look at big data analytics using AI, it involves terabytes and petabytes of data to generate valuable insights. It is crucial to acknowledge that a significant portion of this data is sensitive, making encryption protection necessary and essential,” says Chen.

3. Control access to encrypted data with centralised key management

Once data has been encrypted, it is critical to control and monitor who has access to data and cryptographic keys so that agencies can ensure sensitive data protection with accountability and audits.

Regarding access controls to cryptographic keys, agencies can ensure that only the right person can access the right data at the right time.

“Traditionally, customers deploy silo-based solutions for encryption where they need to manage multiple vendors, facing challenges in enabling consistent protection and key management across the different projects,” warns Chen.

According to Thales’ 2023 Data Threat Report, 62 per cent of respondents have at least five enterprise key management systems that manage access in hybrid IT environments, adding to the complexity on managing security.

With a single centralised key management system, Thales’ data security platform provides granular access controls across cloud environments, be it on-prem, hybrid, or multi-cloud environments.

This reduces the amount of resources needed to maintain data security operations, and reduces risk across the board, as opposed to adopting piecemeal solutions that may only be applicable to one environment.

Thales' centralised key management platform integrates seamlessly with leading cloud providers, such as Amazon Web Services, Google GCP, Microsoft Azure, Salesforce, and Oracle, providing customers a unified solution for encryption and key management, explains Chen.

Moreover, this centralised platform provides encryption and key access management capabilities that extend beyond immediate operational requirements. It enables agencies to seamlessly scale up their key management to other cloud environments as needed in the future.

"In Singapore, Thales has already been assisting numerous agencies in securely managing sensitive workloads within cloud and on-premise environments using their data security platform," Chen says.