Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, Cloud Security Journal , Secure Cloud Computing

Blog Feed Post

Encrypted Database in the Cloud: Practical Considerations

Which database brands are open and tested with these techniques?

Recently, in our post on Database security in the cloud, we reviewed the threats against database installations in the cloud and best practices for protecting your data. A number of customers have asked us follow-on questions:

  • Which database brands are open and tested with these techniques?
  • What are the most significant gotchas?
  • What performance, scalability and fail-safe characteristics can they expect when securing their database in the cloud?

We have found that all the major relational database brands (MySQL, Oracle, Microsoft SQL Server, and IBM DB2, among others) can work well in this scenario. Essentially, the approach places an encrypted disk “under” the database engine, and from the engine point of view the encryption is transparent. This meshes well with most OLTP implementations and is extremely cost effective as well as simple to use.

In terms of gotchas and common errors, they are actually what you would expect. This is probably because the basic technique for encrypting databases in the cloud meshes well with common techniques that people use in data centers as well. The most significant step is simply to place the data files that underlie the database in a well defined folder, and make sure that folder is on your encrypted disk. Here are two examples for MySQL on Ubuntu, and Oracle.

Everybody asks the performance question. Again this is straightforward. It is a direct consequence of the cloud topology.

First, assess the expected throughput of your database. Second, assess the throughput possible in your cloud’s network. If the latter is higher than the former, the basics are in place.

Now you need to make sure your Encryption Appliance (for example, see Porticor) is able to handle that throughput. You need a supplier that can give you a range of sizes from free evaluation, through small testing projects to the largest behemoths.

Very important is the ability to scale securely, and to ensure fail-over. You need an approach that supports multi-instance clusters, is able to manage encryption keys securely in this clustered scenario, and is amenable to well-known techniques such as RAID.

If you follow these guidelines and bring up your encrypted database in the cloud, you’ll get a robust and enterprise-worthy implementation.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.