Protect Your Cloud DR Workloads using Kindite’s Runtime Encryption
- Itsik Musseri
- 1 minute read
Disaster recovery is a critical business requirement, but it must be robust and efficient. Organizations are under pressure to maintain access to critical data whilst ensuring continued protection. Even though many organizations are still reluctant to migrate production workloads to the public cloud, they are willing to move to a cloud environment for disaster recovery needs.
However, there are still security considerations that must be taken into account when using a cloud DR solution, especially when preparing to the day the cloud DR site will become the production site when a fail-over is required. This article will look at the security gaps one should be aware of when creating a Cloud disaster recovery environment and how Kindite encryption can cross the chasm to more efficient, reliable, and appropriate data protection in the cloud.
During Failover - Protection of Data at Rest is not Enough
At the heart of effective cloud DR is data protection and availability. The type of measures chosen to protect these data are informed by the dynamic lifecycle view of data. Data that resides in a cloud repository is ‘data at rest’ and is, therefore, rightly, encrypted; encryption works great for cloud environments used for disaster recovery as long as those systems are static. The keyword in the sentence is ‘static’. Problems arise once the disaster recovery workload has to function. During fail-over, it no longer acts as an ‘at rest’ system and encrypted data needs to be decrypted in order to be accessed by the cloud compute infrastructure - a process which potentially exposes our data, as well as encryption keys to the cloud infrastructure.
The scenario described above happens during a fail-over. When production environments are switched to a cloud environment, critical data and keys are potentially exposed via the cloud compute infrastructure to whichever adversary has access to the cloud DR environments, which now acts as the production environment. Therefore, data-at-rest encryption becomes less relevant.
To account for the dynamic nature of data protected using a cloud DR approach, you need to have a dynamic approach to encryption. Data should never be viewed as only ever static. By introducing a disaster recovery event, you change the status of data and it no longer exists only at rest - therefore, the relevancy of runtime encryption increases.
To learn more about Kindite's approach within the DR workloads context click here