Enterprise customers and service providers running hybrid cloud environments -- some in Equinix data centers, and some on Amazon Web Services and other public clouds -- can now keep all their keys encrypted with a single system.
Equinix recently announced a new SmartKey solution for customers in its 190 data centers, public cloud providers, including AWS, Google Cloud Platform, IBM Cloud, Microsoft Azure, Oracle Cloud, and Alibaba Cloud, as well as SaaS providers, such as Salesforce, SAP, and ServiceNow.
They keys are encrypted using Intel SGX technology, and the solution is powered by Fortanix Runtime Encryption.
That means the keys are secured while at rest, in transit, and even while being used.
The Intel SGX technology came out about a year ago, and the Fortanix product was released last fall. Equinix is the first data center provider to build a key encryption product on top of the technology.
"I do believe it to be the first of its kind, and it's a very useful tool," said Christina Richmond, program VP for IDC's security services research practice.
Enterprise customers and service providers commonly use Equinix for hybrid cloud deployments, leveraging the company's high-speed connections between its data centers and the public clouds, said Lance Weaver, VP for product strategy and emerging services at Equinix.
"One of the challenges is how they can maintain control of the information they put into cloud providers," he said.
The SmartKey is a hardware security module that keeps the encryption keys close to where they are needed and allows customers to use a single platform for all their keys, no matter what cloud they're in, including on-premises clouds.
"And we do it in an as-a-service model, so it's easy to deploy and no equipment is needed," he added.
Weaver sees the encrypted-key functionally as a differentiating feature for his company's data centers.
However, while Equinix may be the first to offer such a service, it probably won't be alone for long, said Bob Laliberte, senior analyst at Enterprise Strategy Group. Although Equinix' global reach will be hard to match.
"Keep in mind, many of the large cloud providers provide a service similar for their own cloud – but not multiple clouds," he added. "So this would help reduce management overhead and separate the keys from the data."
According to ESG, organizations are increasingly moving product applications and data not just to cloud providers but to multiple providers. In addition, GDPR and other regulations make it important to ensure that data is protected and encrypted, Laliberte said.
"Organizations remain largely responsible for the security of their data in the cloud, yet they often find themselves making tradeoffs between security, simplicity, and scalability," Ketan Shah, VP of products at Fortanix, said. "This presents an opportunity for data center and cloud interconnectivity providers such as Equinix to offer unique value-added security solutions."
Meanwhile, both public clouds and third-party vendors offer their own key management solutions, though none so far using the Intel SGX hardware-based security feature.
Alibaba Cloud Key Management, Amazon Key Management Service, Google Cloud Key Management Service, Huawei Cloud Key Management Service via Cryptsoft, and Microsoft Azure KeyVault are all options available from the major cloud providers, according to Robert Westervelt, research director in IDC's data security practice.
"The key difference between cloud service provider key management services and those from Equinix and others is that cloud service provider solutions like Amazon's KMAAS do not typically support multiple clouds," he said. "Equinix may be especially attractive, because it can support a variety of cloud services."