|By Gilad Parann-Nissany||
|December 12, 2011 12:15 PM EST||
Back in 2009, Amazon introduced its Virtual Private Cloud offering, allowing customers an isolated virtual environment tied up to your on-premise network using VPN. VPC is a great step towards privacy in a public cloud, as it essentially put the instances access control back in the hands of the corporate security group. But it’s important to point out the fact that VPC is not 100% isolated. It is implemented using dynamic VLANS techniques, and isolated on the hypervisor level, meaning you can still potentially share the hardware with your biggest competitor. Earlier this year AWS have announced a dedicated VPC compute instance, allowing customers exclusive use of the hardware, but the network layer is still virtualized, and your data is still hosted outside your control. So what can be done to mitigate data privacy concerns in AWS VPC?
Cloud encryption to the rescue
Encrypting data at rest becomes a critical element in securing and truly isolating your data from your virtual neighbors. While VPC is certainly more private than the public EC2 offering, you still need to maintain privacy and control of your data. Another critical point to remember is that not all AWS functionality is offered on VPC. Snapshots for example are stored in AWS Simple Storage Service (S3) outside your VPC account, and unless explicitly encrypted by you, your data is now stored unencrypted outside your VPC account.
But cloud encryption doesn’t come cheap. It requires encryption expertise, it’s not scalable, and requires a key management deployment back in your data center. Right? Wrong!
Cloud encryption and cloud key management have evolved dramatically since the data-center-encryption-techniques days, allowing you to create an encrypted environment in minutes, manage your keys in a secured and automated manner in your cloud account, and securely manage an encrypted snapshots lifecycle. Porticor for example, is a leading cloud security company tailored specifically to the public (and VPC) cloud. The Porticor solution “injects” a virtual security appliance to your cloud account, allowing you to create encrypted cloud storage within minutes. Porticor have also redesigned key management for the cloud, allowing an automated, and highly secured key management system inside your cloud. With regards to the VPC scenarios described above, Porticor can be integrated in a “simple” critical data encryption scenario (securing a specific database, or managing the encrypted snapshots lifecycle), or deployed in a more demanding environment, integrated using its API’s with your orchestration system of choice.
- Database Security in the Cloud
- Disruptive Innovations and the 'Internet of Things' | @ThingsExpo [#IoT]
- Securing Cloud Data from Cybercrime, Intrusion and Surveillance
- Cloud Computing Security Issues and Challenges By @GiladPN | @CloudExpo [#Cloud]
- MySQL in the Cloud
- Cloud Security – Implementing a Secure Cloud Backup Case Study
- Four Great Tips: Cloud Security for Big Data
- Answering Common Cloud Security Questions from CIOs
- Securing Your ‘Data at Rest’ in the Cloud
- Encrypted Cloud Storage – The Missing Piece