Moving from traditional on-premise solutions to cloud-based security

In this Help Net Security podcast recorded at RSA Conference 2019, Gary Marsden, Senior Director, Data Protection Services at Gemalto, talks about the feedback they’re getting from the market and how Gemalto is helping businesses with a move away from traditional on-premise solutions to cloud-based security.

move to cloud security

Here’s a transcript of the podcast for your convenience.

Hi, my name’s Gary Marsden, Senior Director for data protection services at Gemalto. I look after our transition for the move to cloud services away from our on-premises solution. I’m here today with Help Net Security to talk about how that transition is working, what we’re seeing in the market, the feedback we’re getting from the market and how Gemalto is helping businesses with that move away from traditional on-premises solutions to cloud-based security.

Today’s market

Let’s start off with what are we seeing in the market and what is the feedback from customers. Everybody is moving away to the cloud. We see it time and time again. Latest reports, 83 percent of businesses will have a cloud-based infrastructure by 2021. Whether it’s ’21, ’22, ’23, who knows. Whether it’s 83 percent, 90 percent, it’s irrelevant. The fact is that businesses are moving their infrastructures and their data across to the cloud.

What they need help with is how do they do that from a security perspective, and how do they do that in a migratory way. Because nobody is going to move everything across to the cloud, day one. They’re going to do it over a period of time, whether it’s one or two or three years, but they’ll certainly be doing that.

The problem that we’re hearing from the market is that, to make that happen, to get across to the cloud, they need a number of things. They need solutions that are affordable. They need solutions that are easy to deploy. They need solutions that will scale as they scale. That happens across either security, or data, or applications, and so there’s some important aspects that need to be looked at. Those businesses that are transitioning are worried about having too many cloud services.

Cloud accounts surge

I was speaking with a bank about 18 months ago, they had 2000 cloud accounts. Talk to them about six months ago, they had 7000 cloud accounts, and their question is: “How do I secure those infrastructures in a quick, simple and easy way? Because shadow IT means that more and more people are subscribing to cloud services and I can’t secure those. I can’t secure them because it requires a big upfront investment. I need lots of crypto ninjas making all of this technology work for me and everybody’s asking me to do everything day one.”

That’s not going to happen because businesses can’t afford to do that. They don’t have the skills. We know worldwide there’s a chronic skills shortage.

There’s a couple of challenges that we’ve set ourselves at Gemalto that I’m working with the team to work on. The first one of those is how do we simplify that technology. The second is how do we help companies migrate in a way that makes it simple, makes it hybrid, so they can meet those migrations.


First off, is the simplicity. Simplicity means that we need to move away from all of the three letter acronyms, the technology speak, the geek speak that we have, so that you no longer need to be a crypto ninja. We do that in a very simple and quite clever way, really. We’ve built an interface that allows you to go to a marketplace, pretty much like you do on your iPhone or your Android. You go to a marketplace and you can subscribe to those different services.

For example, if you had a CyberArk privileged account management solution, and you wanted to add additional security to manage the keys and hold the keys, what we’ve done is we’ve provided a simple way of point clicking, deploying that HSM for that cyber instance. You simply go to a CyberArk tile, it’s got the picture and the logo, you point and you click, and ask you some very simple questions that just about anybody could answer. You don’t need a degree in computer science to do it. It will deploy that HSM in approximately five minutes, rather than having to be a crypto ninja, having to buy all of the equipment up front, build the infrastructure, implement it, maintain it, support it. It’s all done for you.

move to cloud security

We get around that by reducing total cost of ownership, increasing the simplicity and making it a product for the future. We believe that’s going to change our industry quite incredibly. It’s going to make a massive difference in terms of making encryption and key management available for the mass market. We move away from just being big enterprises. We’re able to hit different markets and open up new markets for our channel partners.

That allows us to broaden the market scope and hopefully, in a few years’ time it’ll mean that encryption, and key management, and HSMs, which today are quite technical, and they’re there for enterprises, and they’re used by enterprises, they’ll actually find their way into smaller homes and make it available for small or medium sized businesses. They get the same advantages of protecting their data, complying with all of those requirements that there are in the world, like GDPR or notifiable data breach in Australia, those kinds of things. They can have the tools to do it. They’re no longer left alone and stranded. It makes life a lot easier. Simplicity, really important.

Creating hybrid infrastructures

Second thing to talk about, the second area of focus is creating environments, which means it’s easy to migrate and easy to integrate and that comes in two worlds. The first part of that world really, is to look at the integrations that you need to work with. A lot of our customers who are moving to the cloud want to make sure that, as they move to the cloud, they can take their keys with them or they can use exactly the same integrations in exactly the same applications that they’re using today.

Our big push and our big drive is to create hybrid infrastructures that will allow them to move from today’s world into tomorrow’s world. It allows them to use the keys, the infrastructures that they’re familiar with, to make sure that they can continue operating but they can take advantage of the cloud. Because every business that I talk to is going to do that in phases, in steps. I was talking with a very large financial services organization over lunch, and they have that same predicament. They’ve got tens, hundreds of different cloud services that they buy from different vendors.

How do they manage the keys across those different infrastructures? Because it’s going to end up in a hybrid world. There are some applications, and keys, and encryption in traditional on-premises solutions. They will probably remain there because they’re specific, they bespoke to that organization. And then you’ve got some applications that are in a public cloud. And then you’ve got some applications that are perhaps in a hosted environment, in virtual machines.

How do they manage that across all of those multiple environments in a quick, simple and easy way? How did they migrate from where they are today into those environments? How do they make sure that when they do that, they got the security that they need? That’s really where data protection on demand comes in.

move to cloud security

New integrations

This week what we’re announcing is some new integrations. I mentioned CyberArk for example. It’s a common application around the world. Also, we’ve announced new tiles, as we call them, those new things that you point and click and deploy. We’ve announced some new tiles for Microsoft, some new tiles for Oracle, and some additional capabilities for digital signing, which is incredibly important as we move forward, because we’re finding the applications that are being deployed into IoT devices, for example, need to be signed to make sure they’re authentic.

One of the things we’re doing this week is we’re announcing a relationship with a company called Keyfactor. They’re working with us on IoT PKI environments, to make sure that organizations can sign digitally those environments.

The other area that we’re finding organizations are really interested in, is looking at how do they secure certificates and PKI. That’s what we’ve introduced for Microsoft, it’s an ADCS tile that allows Active Directory Certificate Services to manage the master keys for those certificates and those encryption services. Some new things that are being launched that really take us a big step forward, in terms of simplicity and in terms of being able to help those organizations move across to the cloud.

What I’d like to say is that you can get access to all of the information we mentioned in a number of ways. The easiest way probably is to do a Google or a Bing search for Gemalto DPoD (Data Protection on Demand). Search Gemalto DPoD and that will take you to all of the links for Gemalto DPoD.

Don't miss