Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Cloud Security Journal , Secure Cloud Computing

Blog Feed Post

Cloud Encryption and Security Tips

Data in a public cloud is more vulnerable to some attacks compared with data stored in a data center

One of these days your company will start shifting compute resources to the cloud, and as you probably know, the many advantages cloud computing has to offer still leave the responsibility for data security and data compliance on you and your security team.

Cloud Security tip #1: START FROM THE DATA when considering the cloud provider. You should ask your cloud provider what mechanisms he has in place to secure your data, ask about data security best practice and which security vendors are supporting his cloud and can provide security and encryption services for you out of the gate.

Data in a public cloud is more vulnerable to some attacks compared with data stored in a data center. New risk vectors exploiting the shared infrastructure and resources, the insider threat, or cloud-account hijacking exist. These are either new threats, or old threats that are qualitatively different for data in the cloud. Data encryption in the cloud mitigates many of these, and is therefore top priority. But encryption doesn’t come easy in a cloud infrastructure. Encryption in the cloud could be cost intensive and timely if not done effectively.

Cloud Security tip #2: Choose the data encryption strategy wisely. Understand how you would like to approach data encryption: Will you implement encryption using the tools provided by your cloud provider, or will you use a third party vendor? In order to do so you need to get to the details of your cloud technology, and your technical team capabilities. If you’re implementing a small server project in the cloud and have great security skills in-house, you might want to secure your virtual server yourself; but if the plan is to aggressively grow in the cloud, adding many servers and applications, a security vendor approach would prove to be more effective. (And if you’re a software vendor developing your application in the cloud – you’ll find my previous blog regarding cloud encryption and key management for software vendors relevant)

Now that you’ve chosen your cloud provider, and have a concrete encryption strategy in place, let’s talk about the encryption keys. How will you keep your encryption keys private in a public cloud? The common approach recommended by most security vendors is to keep your keys away from the cloud for security reasons. This approach is a result of migrating the traditional PKI infrastructure to the cloud as-is, and will force you to use a third party SaaS vendor to manage your keys, or to install a key management server back in your datacenter. But there’s a third option for key-management in the cloud:

Cloud Security tip #3: Be the master of your (cloud) domain. As mentioned above, the current approach is to store the encryption keys as far as possible from your cloud, meaning you will need to invest additional resources and manage yet another system in or outside your datacenter. You should know that there are alternatives. Companies such as Porticor have developed a unique key management platform tailored for the cloud, enabling you to store your encryption keys in your cloud, without compromising the security of your keys. For additional reading you can download the Porticor Key Management white paper

Summary
Many companies are shifting (or will do so very soon) compute resources to the cloud. When moving to the cloud, the security manager should be involved as early as possible and understand who the cloud provider is, what are the provided security tools, and what vendors are supporting the cloud infrastructure. Data encryption in the cloud is a must have due to the new attack vectors, therefore the data encryption strategy is critical, alongside the key management strategy which should be cloud enabled and flexible as the cloud itself.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.