Maintaining Data Security Integrity and Trust Infrastructure with Remote IT April 14, 2020 Charles Goldberg | VP, product marketing More About This Author > Companies of all sizes, from the largest public enterprise to the smallest private firm, are all susceptible to cyberattacks. Having a presence on the Internet opens us up to risk such as hackers, disruptors and insider threats. The COVID-19 crisis has created an unprecedented need for employees to work remotely, almost overnight. As a result, companies around the globe are doing everything they can to maintain a “business as usual” pace so there is minimal disruption, even if it means relaxing security processes and quickly adopting new tools that may create new risks. A strategic way to maintain security best practices is to reduce the reliance on employees in data centers and hosting facilities to deliver, support and operate equipment. Fortunately, even high-assurance security solutions, such as hardware security modules (HSMs), are now available as cloud services, and can be accessed remotely. When employees are not on their organization’s network, central IT’s control can be compromised. For example, many companies that require VPN access to monitor all access from employee devices have enabled split tunneling in order to alleviate the data traffic bottleneck on their perimeter security devices. In addition, other compliance rules may be eased so IT can address application performance issues remote workers are experiencing. The last gasp of “traditional” on-premises data centers This year at RSA, 451 Research put solid data around what we all know…the traditional IT data center infrastructure is vanishing. This data was collected ahead of the COVID-19 crisis, but from all news reports, this pandemic will only accelerate the demise of the traditional data center architecture (see chart below). For over a decade, IT has been rapidly migrating to public clouds and hosted services, and what remains on-premises is highly virtualized and operated as a private cloud. With an increased number of employees working from home, the IT department is still seen as the department most likely to be needed on site. Actually, the opposite is true, as many IT organizations have been ahead of the curve. A 2019 survey of full time workers in the U.S., states that the department with the greatest remote representation is IT and facilities. Gone are the days of “on-premises only” monitoring and management of enterprise technology. Modern solutions are capable of being fully managed from an IT professionals’ kitchen, den, or basement. It really doesn’t matter as long as security operations can provide business continuity. To deliver a secure environment that is operational with a growing number of remote workers, a modern architecture needs to be cloud-ready or cloud-native, and when hardware is required, it must support dark data center operations. Hardware Security Modules (HSMs) play a critical role As enterprises step up their cybersecurity efforts to protect the rapid deployment of disparate IT systems, the need to establish confidentiality and integrity across applications, users, and devices is essential. To accomplish this, organizations must ensure their encryption keys remain secure for their PKI, document signing, and encryption infrastructure. This means HSMs play an increasingly significant role in safeguarding sensitive key materials that are used to protect important collaboration tools, document sharing and online transactions. Today’s leading HSMs negate the need for an IT professional to physically go a data center by providing secure options to remotely provision, monitor and manage cryptographic keys. This can be accomplished with on-premises hardware that supports dark data center management or cloud HSM services. No matter which deployment option you choose, be sure to select a solution that you can move between on-premises and cloud-native solutions without changing the HSM client. This will save you development and testing time down the road. Having a common client also gives organizations the agility to develop cloud HSM services, easily migrate to existing on-premises HSMs, and scale using cloud HSM services when demand grows faster than you can acquire, rack and stack new hardware. Learn more about the range of Thales HSM solutions, including: Thales Data Protection on Demand (DPoD)-a cloud-based platform providing a wide range of on-demand HSM services through a simple online marketplace. Thales Luna Network HSMs– high-assurance, tamper-resistant, network-attached appliances offering market-leading performance that is securely operational in dark data centers and hosting facilities. Thales Hybrid Luna HSM– a true hybrid HSM for distributing workloads between on-premises and cloud-based environments, including maintaining a real-time, cloud-based backup of an organization’s cryptographic objects.