Securing Sensitive Data in Pivotal Cloud Foundry

by Mark Royle on May 9, 2019

The Cloud Security Challenge

It’s no secret that cloud technology usage is pervasive among enterprises. According to the 2019 Thales Data Threat Report-Global Edition, some 90 percent of 1,200 responding data security professionals worldwide report their organizations are using the cloud.

While the agility and cost-saving benefits of cloud technologies are compelling, the need to protect sensitive application data remains. According to CBS News:

More than 540 million records about Facebook users were publicly exposed on Amazon’s cloud computing service, according to a cybersecurity research firm. A report out Wednesday by UpGuard said two third-party Facebook app developers posted the records in plain sight, causing yet another major data breach for the world’s biggest social network.^[1]

And, as if in response, the 2019 Thales Data Threat report observes:

… Organizations already appear to be confident in placing sensitive data in the cloud. This creates an environment in which sensitive data is moving further away from the traditional enterprise data controls in which organizations have already invested. Data must be protected where it sits, in the data center, in the cloud, or at its termination point.^[2]

Sponsorships Available

The challenge is to implement robust data security without adversely affecting operational performance. Fortunately, transparent data encryption can protect sensitive data without slowing down operations and does not require changing services and applications.

Pivotal Cloud Foundry

Pivotal Cloud Foundry (PCF) is a cloud platform that lets anyone deploy network apps or services and make them available to the world in a few minutes. When an app becomes popular, the cloud easily scales it to handle more traffic, replacing with a few keystrokes the build-out and migration efforts that once took months. PCF is an open source platform that you can deploy to run your apps on your own computing infrastructure, or deploy on an IaaS like Azure, AWS, GCP,vSphere or OpenStack. You can also use a PaaS deployed by a commercial CF cloud provider. Enterprises have adopted PCF to boost software-developer productivity, reduce operational cost, and create an environment for innovation to scale.

Vormetric Transparent Encryption

When combined with the PCF platform, Thales’s Vormetric Transparent Encryption (VTE) for PCF protects data stored within PCF MySQL server with file-level encryption and access control. This effectively limits data file access to only allowed users and groups. The combination enables organizations to meet compliance requirements while following best practices for data security, including preventing access by administrators of the Pivotal environment.

The Thales solution is a BOSH add-on and supports multi-tenancy. A Registration Service maps tenant organizations and spaces as defined in Pivotal Apps Manager to domains within a Vormetric data security management environment. Once registered, the Vormetic tile protects directories and files based on pre-configured encryption keys and policies. Domains within this management environment can isolate management of data security policies and keys for specific PCF instances to specific organizations or business units.

To learn more about this effective way to protect data in the PCF, please visit our website. And follow Thales on Twitter, LinkedIn, and Facebook.

^[1]https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/

^[2]2019 Thales Data Threat Report

The post Securing Sensitive Data in Pivotal Cloud Foundry appeared first on Data Security Blog | Thales eSecurity.