Cloud Provider’s Data-At-Rest Encryption Offering Is A Trap

We live in a multi-cloud world with lots of choices. Businesses are trying to focus on their core competencies as opposed to spending their resources to train staff on every cloud platform. However, cloud vendor lock-in risk is real. This risk is going to grow in magnitude as enterprises adopt workload based cloud computing model. There are several different types of lock-ins and they are:

Application lock-in

Infrastructure lock-in

Data lock-in

Let’s look at the data lock-in more closely. Several issues arise when you have to move your data from one cloud vendor’s servers to another. However, these issues become significantly more difficult to overcome when you are dealing with regulated data. Here are some of the challenges associated with switching a cloud platform if you are using data-at-rest encryption offering of your cloud provider:

Who is responsible for data extraction?
Is disk partition large enough to decrypt your data set before the move?
Where will the data be stored during transition?
How will you secure the data during transition?
Will you be violating your business partner agreement?
Does data-at-rest encryption offered by the new vendor require you to make changes to your application, process or procedures?
How long will it take to encrypt the data again?
How will the change impact your cost?

All of these issues can be avoided by using data-at-rest encryption offering of an independent third party provider e.g. Server General. All our customers have to do is to copy their encrypted bits (i.e. their encrypted data sets) over to the new server deployed on the new cloud platform. That’s it. No need to decrypt their data first, no need to move their encryption keys, no need to learn a new data-at-rest system, no need to change their data encryption policies, no breaking of business agreements (related to HIPAA or others), no increase in cost…everything remains the same since Server General data-at-rest solution is a cloud vendor-neutral solution and can be used to protect data stored within a Linux server deployed on any cloud platform – AWS, GCE, Rackspace, Azure or within your own data center.

So customers who want to preserve their ability to move from one cloud platform to another should avoid purchasing their compute resources and their data-at-rest encryption service from the same vendor.