Interxion, one of Europe’s largest data center providers, announced an encryption key management service Wednesday designed to work in cloud and hybrid environments, becoming the latest leading colocation provider to launch such a service.
Equinix, the largest colocation provider in the world, announced a similar service earlier this year, based on the Fortanix platform, which uses Intel SGX secure enclaves for an additional layer of protection.
As colocation data centers where many players in the ecosystem interconnect increasingly become places where enterprises go to connect their networks to cloud providers, they also become a logical place to manage encryption keys for multiple clouds centrally.
Like Equinix’s service, Interxion's Key Guardian is hardware-based, which allows companies to use a single system for their cloud, hybrid, and on-premises environments.
The underlying hardware security module (HSM) technology that enables Interxion’s solution is from Gemalto, Thales-e-Security, and Utimaco. Customers can choose among them, Patrick Lastennet, Interxion's director of enterprise, said.
"Not only is it pure hardware, but it's dedicated," he added. "We don't do any multi-tenant HSMs."
It's a convenient service for customers who already use Interxion data centers, but it’s available to anyone, he said.
Customers have been trying out the system since December. One of them is Blockchain HELIX, a digital identity company, which was looking to ensure security of its online identity infrastructure platform.
"We established a key creation process based on a mobile app last year, but we needed to bring it to the next level," Oliver Naegele, the company's founder and CEO, said. "We are facing new problems and challenges as we are entering new ground. This makes it extremely important to work with professional partners and not get targeted with avoidable problems."
Opting to use Interxion's service meant that Naegele and his company could focus on their core mission.
"Traditional on-prem HSMs are as secure as the staff that is maintaining and operating them," he said. "HSMs need to fulfill so many certifications and standards that need to be passed with audits. This is a huge challenge for companies."
Security experts agree that key management is a big challenge for companies, and a hybrid environment just makes it that much harder.
The global enterprise key management market was $933 million in 2017, according to Research and Markets, and will grow to more than $2.3 billion by 2022.
"This is definitely a growing market," Kevin Bocek, VP of security strategy and threat intelligence at Venafi, a Salt Lake City-based security vendor, said. "But it’s going to undergo a huge growth spurt as vendors begin to deliver solutions that move beyond key management to address security and automation requirements.”
Just to having a secure place to store keys is not enough, he said. Key management solutions need to be able to manage encryption keys and certificates in the cloud and in data centers, work with virtual machines, and allow companies to consistently update keys to stay secure.
"Key management is a top issue for a lot of our clients," Andrew Howard, CTO at Kudelski Security, said. "People are using encryption all over the place, so now you have keys all over your environment. Provisioning, deprovisioning, key rotation -- all these topics are now reemerging."
And most companies want to use just one key management system, he said, or at least limit the number of different systems they use, so they don't have rogue keys on their hands.
Cloud service providers often provide their own key management tools for their customers.
But giving up control of keys isn't always the best option, Jason Hart, CTO of data protection at Gemalto, said.
"Without owning the keys, enterprises cannot truly have total control of the data," he said.
In addition, regulations sometimes require that enterprises control encryption keys for certain types of data.
"That's why enterprises need a centralized crypto and key management platform that they manage and that will be completely independent from the cloud service they use," he said. "There's a saying in the security industry: amateurs talk about encryption, professionals talk about key management."