Story image

Equinix: 5 things we learned from our customers about multicloud security

12 Apr 18

You learn a lot from your customers, especially how they use your products and what they find useful.

At least that is what we experienced during our Equinix SmartKey public beta trial with dozens of enterprise and service provider participants.

Equinix SmartKey, powered by Fortanix, is based on Intel® Software Guard Extensions (SGX) and is available to anyone, even companies that aren’t Equinix colocation customers.

It’s a hardware security module (HSM)-as-a-Service that provides secure key management and cryptography services to protect data in public, private, hybrid or multicloud environments. Equinix SmartKey on Platform Equinix simplifies the provisioning and control of encryption keys.

It provides cloud scalability, secure key storage, encryption and tokenization services that address performance and governance, risk and compliance requirements at the digital edge, close to clouds, carriers and counterparties.

Here are five things we learned from our Equinix SmartKey public beta trial customers:

1. Cloud service providers (CSPs) see synergy between the HSM-as-a-Service Model and cloud governance and compliance:

Many of our customers don’t want to use legacy HSM solutions for the new applications they are running in the cloud and are looking for a more agile HSM service that also supports Bring Your Own Key (BYOK) that they can run across hybrid and multicloud environments without adding significant latency.

Equinix SmartKey supports an HSM as-a-Service delivery model that makes it easier for CSPs to refer their customers to us for a consistently secure cloud service to protect their distributed data in a multicloud, hybrid environment.

SmartKey is delivered from the cloud, but the keys and the data are not in the same location or at the CSPs, ensuring a more secure cloud/data environment for their customers.

This includes CSPs who are looking to help their customers comply with the General Data Protection Regulation (GDPR) by providing an independent key management service that keeps keys and data within a specific country’s jurisdiction, without storing those keys and data with a CSP.

2. Secure transaction processing is a great use case, especially for financial and payment services customers:

With millions of transactions going through the cloud each day and new modes of digital transaction processing such as blockchain coming into vogue, data security becomes paramount for banking, trading, payment processing, retail and insurance companies.

Equinix SmartKey can provide cryptographic operations for transaction or credit data as it traverses between hybrid and multicloud infrastructures and on-premises data centers.

3. Runtime encryption plugins make it faster to develop and protect custom code or business logic to process data from clouds:

Many customers want to run specific algorithms to process data in public clouds that they can’t get today from an off-the-shelf HSM solutions or from their CSP. Equinix SmartKey’s plugin capability enables customers to run these algorithms and other business logic in a secure environment within a secure enclave.

In addition, SmartKey’s built-in encryption, key management and tokenization capabilities support a variety of interfaces, such as RESTful APIs, PKCS#11, CNG, JCE, KMIP, for fast development and time-to-market.

In some cases, this has reduced the turnaround time from weeks and months to days.

The Equinix SmartKey API-kit also provides our customer’s DevOps teams with easy integration tools for other leading public cloud, data services and SaaS application providers.

4. Partner certificate authority is an important “must have”:

An enterprise may have hundreds of servers with web certificates and require trusted partners to access data and applications from those servers.

Equinix SmartKey enables customers to protect private keys from those web servers using Certificate Authority (CA). For example, SSL transactions is one use case where you’d want a distributed denial of service (DDoS) partner to be allowed to intercept data traffic to inspect packets for potential malware attacks.

By being able to screen the packets, they can use intelligent analytics to isolate and quarantine “bad” packets.

However, they can only do that if they have access to the private keys. Equinix SmartKey provides security partners the ability to terminate SSL sessions for real-time packet inspections and DDoS protection while protecting what matters most – the private keys.

5. Many of our customers prefer private versus public interconnection:

We developed Equinix SmartKey so that it can be used over the public internet to interconnect with multiple CSPs and network service providers (NSPs).

However, we learned that many of our customers preferred the private and proximate interconnection that is enabled by our Equinix Cloud Exchange (ECX) Fabric.

The ECX Fabric is based on software-defined networking (SDN) technology and provides a stable interconnection backbone across our global Equinix data centers in North America and EMEA (APAC is coming online later this year).

Our customers can quickly spin up multiple virtual connections and gain high-performance, low-latency interconnection between Equinix SmartKey and their cloud, network, data or security provider of choice, on a global scale.

Article by Imam Sheikh, Equinix Blog Network 

Digital Realty nabs new executive appointment from Equinix
Keep your friends close and your enemies closer could be the game plan that Digital Realty is currently following.
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Microsoft invests in more Azure availability for Asia
Asia is proving to be a hot spot among the major cloud providers with new investments happening on a seemingly weekly basis.
Korean Air to close on-premises data centre within 3 years
One of the world’s top ten airlines has declared its going all-in with cloud and shutting down its on-premises infrastructure - the first in APAC to do so.
Industry cloud market forecast for ‘unusual’ growth
The market for industry cloud solutions is in good stead with that growth showing little signs of slowing.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.