Today, cybersecurity is top of mind for leaders in nearly every industry—and if not, they’re simply not paying attention.
The likelihood of a security incident is not a matter of if it happens, but when. This is especially true for enterprises working in banking, finance, healthcare, and government, who deal with sensitive, and often highly regulated data. In addition to ransomware gangs, scammers, and insider threats, these industries now have a new concern: protecting the data perimeter in a multi-cloud world.
From hybrid work to global corporations and beyond, multi-cloud environments present new types of opportunities and security challenges. According to a 2022 report, 89 percent of organizations have a multi-cloud strategy to distribute applications and services, with 80 percent taking a hybrid approach that combines both private and public clouds.
And yet, in the 2022 Global Encryption Trends Study by the Ponemon Institute, sponsored by Entrust, 55 percent of respondents admitted that their organizations transfer sensitive or confidential data to the cloud—whether or not it’s encrypted or made unreadable via a mechanism like tokenization or data masking.
“Multi-cloud is a fundamental shift on par with when the internet was born,” says Anudeep Parhar, Chief Operating Officer-Digital at Entrust, the global leader in security protection for identities, payments, and digital infrastructure. “It unlocks innovation for companies, while making their surface areas for attack much larger. But when an organization moves to the cloud, it doesn’t change who is responsible for securing sensitive data.”
That’s why the fundamentals of security—access management, trusted identity backed by public key infrastructure (PKI) and strong encryption with secure key management—have never been more critical. This is a primary focus for Entrust, to help companies secure their multi-cloud operations to enable companies to realize their opportunities amid rising threats.
Securing Infrastructure for Multi-Cloud
The challenge of securing multi-cloud operations is driving increased adoption of zero-trust security principles and approaches.
For chief information officers, the traditional approach to IT security has been to digitally lock the entrance with firewalls and endpoint protection to keep potential threats out. But the rise of multi-cloud operations has come with the rise of remote devices, IoT and the hybrid workplace. As a result, it’s easier for threat actors to find new entrances, or fool employees, suppliers, or cloud partners into opening the window. It’s no surprise, then, that a surge of cyberattacks has happened in the wake of COVID-19, including the rising threats of ransomware and wiper malware, and an active market for sensitive information.
Multi-cloud operations create new growth and innovation opportunities for businesses—as well as a need for new expertise and information security policy. Those responsible for information security (CIOs and CISOs) need to transform their operations to leverage a shared accountability model with their cloud vendors to help manage costs and ensure businesses remain agile.
As a result, CIOs need to view perimeter security in a new way: assume the bad actor is already in your system. That’s where the zero-trust approach starts. The traditional cyber and data security mindset needs to evolve to a data and cyber resilience mindset.
“There are so many hacks happening that they don’t even make the front page anymore,” Parhar says. “So from a zero trust perspective, we build our products and services to enable implementation of security policies to protect your data assuming that a threat actor is already in your system. The real question then becomes, how do you protect yourself from the bad actor’s movements inside your operations?”
The answers, Parhar says, come back to applying security fundamentals in increasingly sophisticated ways. “The zero-trust approach is about ensuring that you’re granting only access that’s needed at any given time and applying those policies consistently, whether they are in your internal corporate network or across your multi-cloud operations,” Parhar says.
Evolving Encryption
Encryption is a critical foundation of security—but the standards for it are changing. Scientists at leading tech companies are working towards quantum computing, an entirely new model that could theoretically quickly complete calculations that currently take supercomputers hundreds of years to solve. As a result, bad actors could use these quantum computers to break the encryption keys of just about any encrypted system.
“Quantum computing may happen in the next few years, or it could be several years down the road,” Parhar says. “But if you’re a threat actor, you can take a ‘store now, decrypt later’ approach.” It’s just another example of how state-backed cyber attackers are converging with accelerating technologies to create new threats to companies. That’s why having a partner in this environment, to help prepare business for the post-quantum future, is crucial.
To protect multi-cloud platforms—and encryption—for the future, Entrust works with CIOs to create a resilient infrastructure that evolves in real time ahead of bad actors. First, the company offers a cryptographic center of excellence, a service that helps them discover their cryptography real estate and assess what data is encrypted and how. Next, Entrust offers lifecycle management of the discovered crypto assets, helping companies ensure their keys and certificates are up to date. Finally, Entrust helps customers manage shared responsibility in the multi-cloud world, overseeing partnerships with third-party vendors to make sure cloud members are doing their part in terms of security as workloads move between clouds.
Entrust cryptography experts are also working alongside industry partners, scientists, academics, and government bodies like NIST to develop standards for quantum resistant algorithms. This allows Entrust, and its partners, to get a jump start at testing this new cryptography within their own applications.
Innovating Technology at the Speed of Trust
Enhancing both digital and physical identification is key to ensuring data security and Entrust has been doing this for over half a century.
Founded in 1969 as Datacard Corporation, the company created the first high-speed credit card system for authenticating transactions, followed by innovations including web-based ID software and secure passport technology. In 2013, the company acquired Entrust, a pioneer in digital security and identity, deepening its core technology and expertise in the world of digital security with pioneering solutions for public infrastructure, website and ecommerce security, and identity and access management. In 2019, Entrust also acquired nCipher Security, a leader in hardware security modules (HSMs) that provide the root of secure communications and transactions.
“You don’t win if you solve for just one approach,” Parhar says. “Entrust has a long history of bringing both the physical and digital aspects together to transform the security of companies. We do it by making sure the user experience is top of mind, highly secure, and based on core fundamentals of trusted infrastructure. And this translates to success for our customers—because all organizations should be able to assume they can communicate and transact with banks to provide better service to their customers, tighten their operations, reduce costs, and grow for the future.”
Accelerating Security—and Growth—for the Future
Going forward, a secure infrastructure helps companies grow both their safeguards—and business.
Entrust, for example, partners with the governments around the world, including the U.S. government, to secure their systems and citizen communication channels. It also works with some of the most recognizable banks to oversee financial issuance, and helps Fortune 500 companies migrate to the zero-trust multi cloud.
One of the best examples of the importance of both digital and physical security? The credit card. Leveraging their expertise in physical ID security, Entrust provides financial issuing services, helping banks instantly provide ready-to-use physical credentials like credit and debit cards to customers. While this creates a great experience for the customer, it also requires significant behind-the-scenes work—melding the best of both physical and digital security.
To verify the ID, Entrust uses multiple clouds to connect the bank and customer information, confirm credit limits, embed data in the magnetic stripe of the card, and then distribute the information to global banks. This makes it possible for Entrust to create hybrid ‘digital-first’ experiences, enabling digital account onboarding through identity verification and authentication, and deliver a digital credit card to a mobile device along with the physical credential.
“Really, it’s about creating an overall infrastructure of trust,” Parhar says. “One of our bank customers in Latin America, for instance, uses the same apparatus we provide for their financial services to offer social services to its citizens. Ultimately, our goal is always the same—to future-proof the organization.”
*This story was produced by WIRED Brand Lab for Entrust.*
