Just like in life, trust is a critical factor in cloud computing. Throughout my journey developing SaaS based products, one question I have constantly heard from potential clients is “where is the data stored?” and “Can I limit your employees’ access to our sensitive data?”. According to a report by Enterprise Strategy Group, data security is creating “fear and trust issues” for IT security professionals. And, with the new normal of remote work leading to continued acceleration of SaaS apps, this mistrust around cloud and security will only continue to increase.
When data is inside your enterprise datacenter, you somehow seem to trust your employees, IT infrastructure and IT security tools. Whether or not it is warranted, it is often the opposite with SaaS. When the data moves to cloud-infrastructure, access and security decisions are mostly in the hands of the SaaS provider. The level of trust with that provider depends on how you perceive the third party or even the very concept of ‘cloud”.
Zero Trust Approach
So, what is the way forward here? What if enterprises take an approach where they do not trust anyone. Most security experts agree that the traditional castle-and-moat approach of defining a secure perimeter is no long a viable option. This approach focuses on protecting the perimeter and always trusting what’s inside the network. Zero trust security is an attitude that focuses on ‘Never trust, always verify’. Introduced by Forrester in 2010, the significance of this approach to security has been increasing following publicized data breaches. Zero trust architecture ensures that data and access across the network is based on well-defined parameters like role-based access, monitoring and logging on network and data access and proper authentication.
Read more: Zero Trust – The Importance of Cryptography, Key Management, and Confidential Computing
SaaS Data Breaches
One thing that is clear is that there are continued incidents of SaaS data breaches. In April 2020, over 500,000 user accounts of Zoom were exposed compromising email addresses, passwords etc. And in another instance, in March this year, Whisper, an anonymous secret-sharing app, was alerted to a security failure that exposed user content and profile information in connection to messages – including nicknames, stated ages, location data, and group memberships – caused by a database left open and exposed online.
Data is the most valuable asset for any business. Taking a cue from the ‘zero trust’ approach to security, SaaS vendors can gain more customer trust by giving control of the ownership and access to the data to its real owner, the enterprise. When it comes to SaaS apps, this approach starts with the focus on enterprises owning their data encryption keys and managing their access controls.
A zero-trust approach to data security for SaaS apps should include the following:
Bring-Your-Own-Keys (BYOK) and Bring-Your-Own-Key-Management-Systems (BYOKMS): SaaS providers should be able to provide options to customers to manage cryptographic keys. Key management needs to be done by an approved third-party system with the customer being the sole owner. While many cloud service providers have allowed customers to bring their own keys (BYOK), Google Cloud Platform is the first public cloud provider enabling customers to bring their own key management system (BYOKMS) where encryption keys can be stored in their own data centers with a single point of management and auditability. Keys should be retrieved by the application securely from the customer and once retrieved, the keys can be used by the application and disposed of post usage. With this approach, customers can revoke keys and deprovision the application, to prevent malicious use. The improved security controls provided under this framework ensure that customers provide access to only authorized users. But the best part is that now customers can be assured that the SaaS vendor cannot decrypt the data independently nor can a breach of the SaaS provider system result in leaking enterprise data, leading to greater trust in the provider and reduced risk to the SaaS platform.
Access control: Enterprises need to properly manage user access to data. Single sign-on is required more than ever. It helps with establishing the identity of a user and sharing of information based on which subsystem needs access to the data. Integrating the customer controlled third-party Key management system with Single sign -on is crucial. KMS should offer role-based access control (RBAC) and further fine-grained access control at the key level. Documenting and implementing which roles can access the KMS, what functions can these roles execute (storage, generation of keys etc.) is most needed. A more granular user and group level access should be defined at a key level.
Encrypting data in use and Confidential computing: Confidential computing focuses on securing data while it is in use, during processing in the memory by the host CPU. It makes use of a trusted execution environment (TEE) or enclave to isolate data and application code from the operating system, hypervisor, and potentially malicious root users. Confidential computing technologies are helping us evolve from computing in the clear to encrypting data while in use, lessening the need for trust in HW/SW stacks and operators and complementing existing security measures protecting data at rest and data in transit. SaaS solutions can process sensitive information inside secure enclaves using confidential computing.
Learn more about Confidential Computing
While delivering a lecture at Davos, Marc Benioff, CEO of Salesforce said, “trust has to be the highest value in your company, and if it’s not then something bad is going to happen to you.”
Salesforce is the perfect example for a SaaS provider that has gone an extra mile in enhancing customer trust. They recently introduced Salesforce Shield that provides options to its customers to protect, restore and archive salesforce data, provide support for customer owned encryption keys, SSO and multi-factor authentication. A similar example is SAP. They offer SAP Data Custodian key management service as an additional feature part of Data Custodian Solutions to enable their customers to manage encryption keys.
SaaS providers can rely on Equinix SmartKey to provide their customers with a cloud independent customer owned key management. In collaboration with Fortanix , Equinix has developed a multi-site, multi-tenant, horizontally scalable service that is tailored to SaaS providers. SaaS customers can now have a cloud-independent, key management and cryptography service hosted on Platform Equinix™, Equinix’s global interconnection and data center platform. Customers benefit from strong SLAs backed by the world-class infrastructure and connectivity from Equinix.
- Business Insights, 2020: https://businessinsights.bitdefender.com/data-cloud-fear-trust-issues-security-professionals
- Psychology Today, 2014: https://www.psychologytoday.com/us/blog/tech-support/201403/the-trouble-trust
- Forbes, 2019: https://www.forbes.com/sites/insights-vmwaresecurity/2019/06/12/zero-trust-the-modern-approach-to-cybersecurity/#6b15e2e44e9d
- Palo Alto Networks: https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture