The Sirion Blog
NEWS, IDEAS, AND INSIGHTS FROM THE SIRION TEAM
Sirion is Now BYOK-ready
Our Customers Are Now Co-owners of Their Data’s Security
There’s a silent battle that’s raging just under the surface between governments, corporations, and private citizens. All of them are looking for the answer to that million-dollar question: Does data hosted on the cloud belong to the people who create it or the services that host it?
However, the real question is: Who can you trust with your data?
There is no doubt that the cloud is here to stay. By the end of 2020, as much as 85 percent of organizations are expected to shift most of their workload to the cloud. Currently, 7 out of 10 companies are running at least half of their workloads on the cloud.
Businesses everywhere are increasingly migrating data out of on-premise systems to cut costs and gain efficiency by banking on the cloud’s promise of flexible and scalable on-demand computing. Each time this happens, your data lands up in the hands of a third-party cloud service provider. It again goes back to the same question: how can I trust my SaaS (or any other hosted service) provider to protect my data?
At SirionLabs, we believe that trust is both a strong enabler and serious inhibitor when it comes to cloud services adoption. And why not? 70% of organizations hosting data or workloads in the public cloud have experienced a security incident. The average SaaS provider is likely to use a single encryption key to secure all its customers’ data, making it even more likely that one breach can affect more than one organization.
Your Data, Your Key
Imagine the sort of chaos that would ensue if – instead of every family having a distinct set of keys for their own homes – every house in an entire neighborhood shared a common key. A laughable but an equally frightening idea, right? So isn’t it obvious that having a common encryption key for your data on the cloud is not the best way to ensure better security?
Keeping this in mind, we are offering our customers a bring-your-own-key (BYOK) option. This feature allows our customers to generate and supply their own tenant secret to create encryption keys, giving them greater ownership of data security. Our customers can either opt to use Sirion’s own built-in key management infrastructure or leverage the new BYOK service to manage tenant secrets externally.
Sirion’s BYOK System
In the latter case, they can choose to partner with a third-party encryption solution provider, use their own hardware security module infrastructure (HMS) or rely on an open source crypto library such as OpenSSL. This approach to BYOK not only returns control of the data back to into the hands of customers but also helps them strike the necessary balance between ease of use, flexibility, and compliance with industry data security standards.
Since our customers use Sirion to actively collaborate with entities outside their organizations – such as contractors, partners or vendors – they can use Sirion’s EKM feature to cut off access to their data if they ever experience a security threat or detect suspicious activity. In addition to controlling the encryption keys, our customers can also gain greater visibility into activity within Sirion by accessing detailed usage logs, which show when and where their data is being accessed, so that they can proactively respond to risks and anomalies.
Field-level Encryption within Sirion
In addition, we have also introduced field-level encryption to help our customers gain better control over who gets to see what within Sirion. Now system administrators can simply define which data fields will be visible to a user based on their role within the organization’s hierarchy, which is authenticated against the enterprise active directory using the user’s single sign-on credentials. Data fields hidden from a specific role group will also not be accessible or visible through any related dashboards or analytics.
If you want to learn more about this feature or request a demo, please drop us a line at email@example.com. We would be happy to assist.