As You Move to the Cloud, Make Sure Your PKI Goes with You

This blog was originally published by Entrust here.

Written by Samantha Mabey, Product Marketing Management Director, Certificate Solutions at Entrust.

I’m sure most of us have heard the buzz around “multi-cloud” or “hybrid cloud.” But what exactly does it mean? And more importantly, what does it mean when it comes to security?

First, what does it mean: Multi and hybrid cloud are essentially the use of public cloud – like AWS and/or Google Cloud – along with a traditional datacenter or your own on-premises IT infrastructure, then making those work together to do whatever your business goal is.

Many organizations have been looking at cloud migration and a cloud strategy for a while. In fact, a recent trends report from 451 Research (COVID Update – 2020 Trends in Cloud & Managed Services Transformation) stated: “Hybrid/multi cloud is now a primary element of IT transformation (aspirationally, if not yet operationally).”

Although for the most part the cloud migration ball was already in motion, when the pandemic hit it meant IT departments had to ramp up their plans in order to support an almost entirely remote workforce overnight. Not surprisingly, one of the most effective ways to deliver services outside the four walls of an organization is via the cloud. That, along with several other benefits that come with hybrid cloud – such as reduced costs, connected user experiences, and managed components – have made adoption a no-brainer.

So, what does this mean for security? Well, if we take a look at IoT trends and the development in that space, we see a lot of similarities. With IoT, more devices, apps and workloads were outside the environment, so there became a need to deliver certificates and security for something that used to be in a building – a need for remote management, visibility, and security for something you no longer have physical access to. The same applies for multi and hybrid cloud.

In moving to the cloud you shouldn’t need to make any compromises in your security. But it does require a different type of security and set of considerations. If looking to adopt a high assurance cloud PKI, key features should include:

• Speed: the ability to deploy and expand within minutes, to quickly secure your business use cases
• Scale: a solution that is highly performant and cloud-native, that can grow as required with nearly limitless capacity
• Simplicity: a PKI that’s simple to deploy and adaptable, with managed components – easing the management and maintenance requirements, while also reducing your on premise footprint
• Secure: a solution that still provides the assurance level you expect of your PKI, with dedicated CAs and your keys protected in FIPS certified HSMs

If your cloud PKI can achieve all of that, then not only will your use cases and applications in the cloud be secure today, but it will also continue to enable your business in the future.