The new SmartKey service allows enterprises to globally manage encryption keys across multiple, disparate regions, countries, and cloud service providers. It comes barely two months after former Equinix CEO Steve Smith said the company would expand into security and storage services over the next several years.
According to the data center company’s own research, the next three years will see about 50 percent growth in the traffic capacity needed by enterprises to directly connect with, and exchange data across, multiple clouds, IT providers, and third-party network destinations.
But dispersing data across multiple clouds and third-party providers creates security and compliances challenges.
“Encryption becomes one of the key control mechanisms and one of the best practices from a security standpoint,” said Lance Weaver, VP of emerging services at Equinix. “Every time you use encryption, you use an encryption key.”
Forty-one percent of companies have a consistent enterprise-wide encryption strategy, up from 37 percent in 2015 and 15 percent in 2005, according to a recent study by the Ponemon Institute. The same study found 46 percent perform encryption on premise prior to sending data to the cloud with keys they generate and manage, while 21 percent allow encryption in the cloud but with keys that are generated and managed on premises.
“The fundamental question is: what do I do with all these keys?” Weaver said. “How do I manage them? How do I ensure a consistent methodology for applying them?”
Equinix’s new key and encryption service takes care of this, he added. It simplifies key management in hybrid and multi-cloud environments. And it eliminates the need to purchase and deploy specialized key management hardware.
While many cloud providers offer key management services natively within their clouds, “from a security perspective, there’s real value in separating the keys from the locks,” Weaver said. Storing encrypted data and the encryption key in the same cloud can result in lost data and keys in the case of a breach, he explained.
The new service uses Intel SGX and Fortanix software. Intel SGX (stands for software guard extensions) protects select code and data from disclosure or modification. Fortanix’s Runtime Encryption software ensures the privacy of keys.
“Intel and Fortanix protect the customer’s information so that we, as a service provider, do not have access to this information,” Weaver said.
Colocation at an Equinix data center is not required to use the service, which can be purchased as a SaaS. Or Equinix customers can access it as a cloud service using private connections via the Equinix Cloud Exchange Fabric.