Equinix: 5 things we learned from our customers about multicloud security
FYI, this story is more than a year old
You learn a lot from your customers, especially how they use your products and what they find useful.
At least that is what we experienced during our Equinix SmartKey public beta trial with dozens of enterprise and service provider participants.
Equinix SmartKey, powered by Fortanix, is based on Intel® Software Guard Extensions (SGX) and is available to anyone, even companies that aren’t Equinix colocation customers.
It’s a hardware security module (HSM)-as-a-Service that provides secure key management and cryptography services to protect data in public, private, hybrid or multicloud environments. Equinix SmartKey on Platform Equinix simplifies the provisioning and control of encryption keys.
It provides cloud scalability, secure key storage, encryption and tokenization services that address performance and governance, risk and compliance requirements at the digital edge, close to clouds, carriers and counterparties.
Here are five things we learned from our Equinix SmartKey public beta trial customers:1. Cloud service providers (CSPs) see synergy between the HSM-as-a-Service Model and cloud governance and compliance:
Many of our customers don’t want to use legacy HSM solutions for the new applications they are running in the cloud and are looking for a more agile HSM service that also supports Bring Your Own Key (BYOK) that they can run across hybrid and multicloud environments without adding significant latency.
Equinix SmartKey supports an HSM as-a-Service delivery model that makes it easier for CSPs to refer their customers to us for a consistently secure cloud service to protect their distributed data in a multicloud, hybrid environment.
SmartKey is delivered from the cloud, but the keys and the data are not in the same location or at the CSPs, ensuring a more secure cloud/data environment for their customers.
This includes CSPs who are looking to help their customers comply with the General Data Protection Regulation (GDPR) by providing an independent key management service that keeps keys and data within a specific country’s jurisdiction, without storing those keys and data with a CSP.2. Secure transaction processing is a great use case, especially for financial and payment services customers:
With millions of transactions going through the cloud each day and new modes of digital transaction processing such as blockchain coming into vogue, data security becomes paramount for banking, trading, payment processing, retail and insurance companies.
Equinix SmartKey can provide cryptographic operations for transaction or credit data as it traverses between hybrid and multicloud infrastructures and on-premises data centers.3. Runtime encryption plugins make it faster to develop and protect custom code or business logic to process data from clouds:
Many customers want to run specific algorithms to process data in public clouds that they can’t get today from an off-the-shelf HSM solutions or from their CSP. Equinix SmartKey’s plugin capability enables customers to run these algorithms and other business logic in a secure environment within a secure enclave.
In addition, SmartKey’s built-in encryption, key management and tokenization capabilities support a variety of interfaces, such as RESTful APIs, PKCS#11, CNG, JCE, KMIP, for fast development and time-to-market.
In some cases, this has reduced the turnaround time from weeks and months to days.
The Equinix SmartKey API-kit also provides our customer’s DevOps teams with easy integration tools for other leading public cloud, data services and SaaS application providers.4. Partner certificate authority is an important “must have”:
An enterprise may have hundreds of servers with web certificates and require trusted partners to access data and applications from those servers.
Equinix SmartKey enables customers to protect private keys from those web servers using Certificate Authority (CA). For example, SSL transactions is one use case where you’d want a distributed denial of service (DDoS) partner to be allowed to intercept data traffic to inspect packets for potential malware attacks.
By being able to screen the packets, they can use intelligent analytics to isolate and quarantine “bad” packets.
However, they can only do that if they have access to the private keys. Equinix SmartKey provides security partners the ability to terminate SSL sessions for real-time packet inspections and DDoS protection while protecting what matters most – the private keys.5. Many of our customers prefer private versus public interconnection:
We developed Equinix SmartKey so that it can be used over the public internet to interconnect with multiple CSPs and network service providers (NSPs).
However, we learned that many of our customers preferred the private and proximate interconnection that is enabled by our Equinix Cloud Exchange (ECX) Fabric.
The ECX Fabric is based on software-defined networking (SDN) technology and provides a stable interconnection backbone across our global Equinix data centers in North America and EMEA (APAC is coming online later this year).
Our customers can quickly spin up multiple virtual connections and gain high-performance, low-latency interconnection between Equinix SmartKey and their cloud, network, data or security provider of choice, on a global scale.
Article by Imam Sheikh, Equinix Blog Network