It’s certainly better for data sovereignty and some prefer it for security too.
AWS has stated that it is facing stiff opposition from on-premises infrastructure in a recent Competition and Markets Authority (CMA) case. This could simply be AWS supporting its position that it provides a suitably flexible service that customers are able to move some or all of their IT back on-premises if they so desire. However, there are a growing number of high-profile cases where organisations are moving back in-house – a process now termed cloud repatriation. One organisation says that it saved $1 million after a cloud hosting bill for $3.2m prompted them to undertake a cloud repatriation project; they expect to save $10 million over the next five years.
Is this just the latest chapter in the in-house versus out-sourced trend? Those who have been in IT or business services for any length of time will have seen such cycles played out before, so could it be that after the rush to push everything into the cloud, we are now seeing a correction?
Public Cloud restricts Data Sovereignty capabilities
Organisations are starting to not only add up the financial costs but also consider the potential risks due to the lack of flexibility with having all their data and workflows in the cloud. Data sovereignty is becoming increasingly important as the assumption that ‘globalisation is always the answer’ looks somewhat shaky given current global political frictions and uncertainty. Recently, Microsoft admitted that it couldn’t guarantee UK data sovereignty, even for UK government customers. Which instantly begs the question: Where should particularly sensitive data be stored, which really shouldn’t be leaving sovereign soil?
In the same article The Register quoted a senior research director for EMEA at IDC, stating that cloud repatriation is becoming more common. However, a more important trend in EMEA is that over half of companies still have a preference to deploy workloads into their private infrastructure, rather than the public cloud.
This chimes well with our own experience of providing secure communications solutions for higher assurance customers, where the ability to provide an on-premises solution is paramount.
On-premises – the extra facilities
The option to deploy the Armour® Secure Communications Platform in-house provides many security benefits that are not offered by the mass-adoption collaboration products or free-to-use consumer apps. An on-premises deployment renders communications completely private not just secure and sovereign. You can add your own protective measures to anonymise traffic and ensure only you have access to the meta data which could give a potential attacker or eavesdropper so much potentially useful information.”
This deployment option puts our customers in complete total control of their data; they know exactly where it is being stored, and have total control over who has access to it.
Suitable for higher assurance video conferencing
Security conscious organisations such as government departments, the military, defence contractors and public sector bodies all need products designed with their specific requirements in mind. The Armour Secure Communications platform is built to give organisations control of where they deploy and where their data resides, with both secure hosted and on-premises options available. It addresses issues such as GDPR and industry-specific regulations including DPA 2018 Part 3 as cloud-based providers often cannot satisfy sovereign needs.
Armour Recall™ captures, retains and archives data to ensure organisations keep control of their data, can prove compliance and can respond to Freedom of Information requests.
Armour Unity™ delivers secure conferencing in an easy-to-use app for mobile use and is available in several configurations to ensure the level of security matches the sensitivity of the conversation.
Armour Connect™ provides voice and video interoperability with unified comms systems, and Armour Bridge™ delivers messaging interoperability with other messaging apps,
Total control of data
Strict security measures within Armour give the organisation total control over data. For example, constraining message retention, Message Burn (automatically deleting messages after a set time), controlling features like forwarding/sharing data, and erasing all data in the event of device (or user) compromise.
Mitigate impersonation-based attacks with identity-based authentication
Users and call groups are centrally managed, such that people can only join and use the app by invitation. Identity-based authentication (using NCSC’s MIKEY-SAKKE protocol) means that users can be confident when using the platform that they are communicating with who they think they are. In this way Armour addresses the issue of identity-spoofing and ghost-callers, including AI-generated deepfakes.
Federated secure communications – share confidential information
The Armour Platform can provide a multi-domain, multi-organisation structure with strictly siloed security making it suitable for federated secure communications between Armour communities. This means that different police forces, government departments or social services (for example) using Armour are able to communicate, once Admins have set up the appropriate links between the groups of users, while each organisation retains total control over its own user lifecycles.
Cloud repatriation puts you back in control of sensitive data
Analysts agree that the cloud is here to stay, but organisations are now taking a more considered approach when it comes to deciding which workflows and data they commit to the public cloud. When it comes to data security and protecting sensitive information there is no one-size-fits-all.
For more information about protecting your sensitive communications, particularly for higher assurance requirements, contact us today: sales@armourcomms.com or visit us at SDSC UK stand 29B, where we’ll be showing our new Armour Unity secure conferencing capabilities and our Advanced Mobile Solutions.