Cloud Data Protection for Regulated Manufacturers

With Blue Coat regulated manufacturers can finally realize the efficiency benefits of public cloud SaaS use

"With Blue Coat, Siemens can control data used in SaaS applications and enforce data residency without limiting the functionality and usability of the cloud for our business."
- Peter Gapp , Vice President of IT, Applications and Data Governance, Siemens AG

Overview:

Manufacturers face some unique challenges when they consider cloud adoption. Like their peers in other industries, they find the efficiency and cost benefits of the cloud appealing. But they face cloud adoption issues such as:

  • Sector specific regulations. For example, manufacturers in the defense sector may need to comply with ITAR and EAR requirements that specify how data must be treated in hosted 3rd party environments, like cloud applications. Similar requirements exist in the Healthcare industry (e.g. HIPAA in the United States).
  • Data Residency & Sovereignty. Manufactures with global operations know that they face a tangles web of data privacy and residency requirements which could make it difficult to move data across borders. How can they centralize on a single cloud Gateway in the face of these restrictions?
  • PCI DSS. Many manufactures maintain payment card and bank details (accounts, routing numbers, etc.) of their customers and suppliers. These details need to be protected in the systems in which they reside, including cloud systems.
  • IP Protection. The loss of intellectual property is a critical concern in the manufacturing sector, perhaps more than any other vertical. Cloud use introduces new concerns associated with where IP data is stored and who has access to it.

 

Blue Coat Solution:

The issues that manufacturers face are diverse and complicated when they consider compliance challenges associated with cloud use. The loss of control on data that is typically associated with the use of cloud applications is such a large issue that it blocks many organizations from moving to the cloud. But with Blue Coat, manufacturers realize that they can use the cloud while maintaining full control of the sensitive data that is most important to them – regulated information and strategic IP.

Customer Case Study:

Global Leader in Energy, Healthcare and Infrastructure Manufacturing Global Cloud Roll-out Made a Reality Thanks to Blue Coat – Regulated Data Stays in Local Geographies

Challenges

This global diversified manufacturer had long sought to move to a single cloud Gateway to manage their enterprise Sales operations around the globe. But after years of effort, there were division in many countries, such as China, that were still utilizing outdated on-premise systems. Why? Because of data privacy regulations that made it impossible to move certain types of data across borders. The cloud solution selected by this manufacturer had its primary data center locations in the United States, which made adoption of the SaaS CRM solution impossible for the operations in some countries. So a hodge-podge of CRM systems remained in place, with the associated inefficiencies that one would typically see in this sort of environment.

Requirements

The global CRM project team began to look for a solution that would allow the company to realize the original objective of the program – a single, centralized managed cloud-based CRM Gateway that could be used to effectively manage its enterprise B2B Sales operations. The solution team had to develop a solution that enabled each of the countries facing data residency challenges to use a U.S.-based cloud while keeping all regulated data local in the countries where the enterprise clients were being managed. All regulated data needed to stay completely out of the cloud, never crossing borders. And the cloud CRM application’s functionality could not be adversely impacted. Sales executives, Finance and Executive Management required full access to the information just as if it where all truly stored in the cloud.

Solution

The project team discovered a new solution area that Gartner and Forrester have named Cloud Data Protection Gateways and explored it as a possible way to solve the problem. Analysis of the sector quickly led them to Blue Coat. Meetings with their compliance teams and 3rd party auditors/assessors led them down the path of exploring tokenization as a means of satisfying the data residency issues that had been blocking some specific regions from adopting the cloud application. Blue Coat’s strong security proposition (ability to use non-mathematically generated tokens) while simultaneously preserving the cloud application functionality that was important to the manufacturer’s end-users was the important differentiator of the solution. In fact, the strong tokenization approach that is used within the Blue Coat Cloud Data Protection Gateway was the only obfuscation method that the regulators in some countries would approve.

In the cloud-based CRM system, regulated documents and data fields containing sensitive data that cannot cross a border are replaced with a surrogate token before they leave the manufacturer’s datacenter. Only the replacement token is processed and stored in the US-based cloud infrastructure, so the enterprise and their auditors are assured that information is meaningless if it is accessed by any unauthorized individual or parties. Indeed, since the token vault remains in the "home" country, the auditor’s view is that the data has never actually gone to the cloud at all. And best of all, the Gateway ensures that the critical application functionality that the organization depends on, such as the ability to Search on Customer Names and related identifiers that have been obfuscated, is retained.

Resources

Cloud Data Protection Gateway Datasheet
Cloud Data Protection Gateway Encryption Solution Brief
Cloud Data Protection Gateway Tokenization Solution Brief