The cost savings and scalability of moving to the cloud are well-documented — data center space is expensive, but storage is cheap when it’s managed by someone else — so if I could give you the same level of control (if not more) in the cloud, with better visibility into your data, why wouldn’t that make sense?
Looking back at my previous posts about the advent of cloud technology and the barriers that still remain to adopting it, it’s clear that the wholesale move of sensitive data is what makes people nervous. If we want to accelerate mainstream adoption by security professionals like me, then we have to be able to answer the right questions: Where’s my data? Who has access? If someone mishandles parameters or compromises some part of the system, how do I make sure I’m only dealing with an incident and not a breach?
It all boils down to control. Companies like Ionic have freed me to be as secure in the cloud as in my own enterprise. With Ionic MachinaTM controlling access and encryption, it doesn’t matter if I move sensitive data to the cloud. Even if someone took the data or improperly gained access to the cloud repository, it doesn’t matter. Only I can control who can see what. And once I’m confident that I’ve retained control? That assurance removes the biggest obstacle in my world to moving data and infrastructure to cloud.
Machina eliminates or drastically reduces risk. Your data can be anywhere, even the cloud, because the cloud providers don’t control access or encryption of your data, you do. Relying on the blunter role-based access controls of other providers weakens your security; it’s one-size-fits-all, and all data is handled the same. The attribute-based access controls of the Machina decision engine allow you to get really granular about not just the user (or service) and the classification of the data, but the context of the request itself.
Similarly, the fine-grain key management capabilities of Machina are not one-key-per-bucket, where compromise of the key means compromise of all the data stored there. You can give every data element its own key. And the visibility you get into every access request and every key transaction…it’s unbeatable.
Machina means you have better control, protection, and visibility than you ever could in your own on-prem environment.
I don’t say this lightly. Like others who have been in this business for as long as I have, I got pulled into using the cloud against my will. It has taken advances in cloud technology — but more importantly, advances in technology that lets me retain control and ownership of the data I’m charged with protecting — that have changed my mind.
Ionic has been offering on-prem and multi-cloud capabilities for some time. We’re listed in the AWS Marketplace, the Azure Marketplace, and now we’re doing something really interesting with Google Cloud’s External Key Manager. I’ve learned that I can trust these CSPs to run my infrastructure better than I can, and now I’m getting the controls that help me live up to my end of the shared responsibility model. The customer-managed trust Machina enables means that I can trust those environments are protected and fully under my control, with the visibility into every transaction that makes me (and my auditors and my customers) happy.
Ken Silva is VP of operations and infrastructure for Ionic. Prior to joining Ionic in 2014, Ken was the SVP of cyber strategy at ManTech, and prior to that he was the senior executive advisor on Cyber Technologies at Booz Allen Hamilton.
From 2000 to 2010, Ken held multiple leadership positions at VeriSign, such as chief security officer and chief technology officer. Prior to joining the private sector, Ken spent 20 years in the Air Force and the NSA in multiple technical and senior analyst positions.