The New Reality
Cloud hosting providers, along with the databases and applications that run on cloud-hosted infrastructure, do a great job of providing as good or better security controls as their prospective customers enjoy today on-premise. However, this is often not enough for many customers who need additional safeguards for PII/PHI data hosted in the cloud. Data privacy regulations are also not making life easier: ‘Protection by Design & Default’ and ‘Right of Access’ are just two such regulations, not to mention needing to be mindful of the level of access permitted certain kinds of users. There are privileged users with access to infrastructure (DBAs, SysAdmins) who shouldn’t see sensitive data, whereas there are users who are authorized to view that sensitive data. In short, users should be exposed to data on a "need-to-know" basis, irrespective of the tool they are using.
The Solution: Qlik, SecuPi and Snowflake
Qlik, SecuPi and Snowflake provide full coverage for data protection from ingestion to consumption. SecuPi enforcement points on Qlik Replicate can encrypt sensitive columns during the data loading process (while holding encryption keys on-prem or in any cloud Key Management System). Data remains encrypted from on-premise environment(s) until landing on Snowflake where the data is stored at rest encrypted. The same SecuPi enforcement points on Qlik Sense then ensure that the data is decrypted only when consumed back on-prem by authorized users. This Hold Your Own Key data protection model, invented by SecuPi, is used by some of the most regulated organizations to comply with CCPA, GDPR, HIPAA, and other financial services privacy regulations.
Curious to learn more? Read the full whitepaper.