Cloud Migration and Adoption - Ionic Accelerates Cloud Security at Scale

Ionic

Unified Data Security & Access Control

Cloud Security is Your Shared Responsibility

Manage the Security of Your Data in the Cloud

Cloud migration and the adoption of cloud services are accelerating to enable remote workforces and virtual work environments. CSPs provide native security controls, but these are often not adequate for regulated organizations. Also, any misconfigurations can lead to breaches. Machina simplifies the management of your shared responsibility to secure data in cloud and hybrid environments.

Customer-Managed Trust Enhances
Your Cloud Security Strategy

When it comes to future-proofing your business,
you can't ignore the new realities. The stakes are too high.

PERIOD 1

Understand

the Stakes

PERIOD 2

Redefine

the Rules

PERIOD 3

Shift the

Paradigm

PERIOD 4

Future-Proof

Your Business

Understand the Stakes

Cloud hosting providers, along with the databases and applications that run on cloud hosted infrastructure, provide native security controls. However, these are not adequate for many organizations because:

  • Data privacy regulations mandate that organizations collecting data must remain responsible for its privacy and security at all times
  • Organizations remain accountable even when they have almost no direct control over any of the infrastructure processing the data
  • Real-time insight into data access activity and policy enforcement is required to provide proof of compliance

BRENT WILLIAMS
Former CTO for Identity Solutions, Equifax
President & CEO, Euclidian Trust

HARPREET TOOR
Security Technologist, Accenture

CSP (Cloud Security Provider) Customers are responsible for Governance Risk Control (GRC), Data Security, and Application Security. CSP is responsible for Platform Security, Infrastructure Security, and Physical Security. Platform Security is a shared responsibility. Manage GRC, data security, and application security with Machina.

Redefine the Rules

Traditional methods do not adequately address the requirements outlined above, necessitating change. With the rapid transition to everything as a service (SaaS, DBaaS, IaaS, etc.), managing data security becomes even more abstracted. Any cloud adoption strategy must maximize control using the few vectors not managed by the provider, like user identity, data attributes, and application(s) used to access the data.

Cloud adoption demands a data-centric approach, one that enables full data mobility without compromising data security. The same data security and privacy, fine-grained access controls, authorization policies, and auditable visibility need to be maintained even though the data may be hosted and accessed from almost anywhere. You need a solution with the right capabilities to handle these essential components to execute a successful cloud security strategy.

Shift the Paradigm

External Authorization Management

Machina delivers an authorization framework that is external to applications and systems, providing a consistent way to define and enforce authorization decisions to applications, resources, services, and data, using both role- and attribute-based access controls coupled with user-controlled encryption. You can eliminate complex access logic code from homegrown applications and easily manage your shared responsibility by using a single solution to secure data at rest and in transit in AWS, GCP, and Azure.

External Authorization Management (EAM) workflow diagram shows arrow pointing from Box A, Client, to Box B, Service with Machina integration. Arrow is labeled 1: authenticated req. Arrow points from Box B, Service, to Box C, Machina. Inside Machina, there are three boxes: Encryption Key Management, Attribute-Based Access Controls, and Dynamic Policies. The third arrow in the workflow points from Machina to Service, and the arrow is labeled 2: req context. Arrow from Service to Box D, Resource (Local or Remote) is 4: fetch response. Arrow from Resource back to Service labeled 5: resource response. Finally, the last arrow points from Service back to Box A, Client, 6: resource response.

External Authorization Management (EAM) workflow

Diagram of Ionic Machina for Google Cloud External Key Manager (EKM) | User or Service connects to Compute Engine or BigQuery, which feeds in to Key Management Service in Google Cloud. Google's Key Management Service connects to External Key Manager Service, in this case Machina. From there workflow goes to Encryption (region-specific) service from Machina, feeding into Machina Access Decision, Attributes, and Policy stores, which can be managed in Machina Console. Attribute examples include Users, Devices, Data, and additional attribute examples include Type of data (i.e.: PII) and Environmental Attributes, such as IP, location, time, version, and Google Cloud Key Access Justifications.

Example of External Key Management solution availble with Machina

External Key Management

When you use the native security controls provided by the cloud providers, your data and encryption keys to access the data are stored in the same location, giving the cloud providers access to both. The risk of unauthorized access increases as you move your sensitive data to the cloud. Securing and controlling access to it is essential to keep up with evolving regulations and to retain customer trust.

Machina for Google Cloud External Key Manager allows you to create, store, and manage your own encryption keys outside of GCP’s infrastructure. You control the security of and access to your data and resources in Google Cloud services--BigQuery, Cloud SQL, Kubernetes Engine, and Compute Engine--such that you become the ultimate arbiter of authorizing access.

Machina allows organizations to maintain complete control over storing and managing their encryption keys outside of cloud providers’ infrastructure. Cloud providers have no access to your keys, allowing you to remove implicit trust from shared infrastructures.

Machina for Google Cloud External Key Manager

Future-Proof Your Business

Machina is a game-changer for your cloud security strategy. A unified data security and authorization engine that integrates easily anywhere across cloud, on-prem, and hybrid environments. Secure data with a globally scalable encryption key management service. Authorize access to data and resources from a central console with granular, context-aware policies. Build security and privacy by default and design to future-proof your business.

Create Your Cloud Security Gameplan

Before the next move catches you off guard, create a gameplan to prepare, implement, and maintain your cloud migration and adoption strategy.

Prepare

There is no home field advantage in the cloud. You have to assume you are playing on the adversaries' court. As you start your cloud journey, is your team prepared for all the attacks you'll face?

Implement

You've taken the fundamental steps to prepare for the game, but do your play makers⁠—admins, architects, developers⁠—have the tools they need to succeed day after day?

Maintain

There is no doubt: You have established yourself on the field of play. But don't get comfortable, because the rules of the game will change with little prior notice. Can you quickly adapt to the changes as they emerge?

Machina Credentials

AWS Partner Network Advanced Technology Partner badge
Google Cloud Partner Badge
Microsoft Partner Badge

Certified by Leading Industry Organizations

ISO 27001 Certified A-LIGN badge
ANAB Accreditation symbol (ISO/IEC 17025 ANSI/NCSL Z540-I)
Privacy Shield Framework logo
Official IT ISAC Member Company logo
FIPs 140-2 Validated badge
AICPA SOC badge | SOC for Service Organizations | aicpa.org/soc4so

©️ 2019-2021 Ionic Security Inc. All rights reserved.