Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, SOA & WOA Magazine, Amazon Cloud Journal

Blog Feed Post

P for Cloud Privacy? Thoughts on Amazon Web Services VPC Security

Cloud encryption to the rescue

Back in 2009, Amazon introduced its Virtual Private Cloud offering, allowing customers an isolated virtual environment tied up to your on-premise network using VPN. VPC is a great step towards privacy in a public cloud, as it essentially put the instances access control back in the hands of the corporate security group. But it’s important to point out the fact that VPC is not 100% isolated. It is implemented using dynamic VLANS techniques, and isolated on the hypervisor level, meaning you can still potentially share the hardware with your biggest competitor. Earlier this year AWS have announced a dedicated VPC compute instance, allowing customers exclusive use of the hardware, but the network layer is still virtualized, and your data is still hosted outside your control. So what can be done to mitigate data privacy concerns in AWS VPC?

Cloud encryption to the rescue
Encrypting data at rest becomes a critical element in securing and truly isolating your data from your virtual neighbors. While VPC is certainly more private than the public EC2 offering, you still need to maintain privacy and control of your data.  Another critical point to remember is that not all AWS functionality is offered on VPC. Snapshots for example are stored in AWS Simple Storage Service (S3) outside your VPC account, and unless explicitly encrypted by you, your data is now stored unencrypted outside your VPC account.

Cloud Privacy means keeping out the hackers

Cloud Privacy goes together well with Virtual Private Networks, keeping out the hackers

But cloud encryption doesn’t come cheap. It requires encryption expertise, it’s not scalable, and requires a key management deployment back in your data center. Right? Wrong!

Cloud encryption and cloud key management have evolved dramatically since the data-center-encryption-techniques days, allowing you to create an encrypted environment in minutes, manage your keys in a secured and automated manner in your cloud account, and securely manage an encrypted snapshots lifecycle. Porticor for example, is a leading cloud security company tailored specifically to the public (and VPC) cloud. The Porticor solution “injects” a virtual security appliance to your cloud account, allowing you to create encrypted cloud storage within minutes. Porticor have also redesigned key management for the cloud, allowing an automated, and highly secured key management system inside your cloud. With regards to the VPC scenarios described above, Porticor can be integrated in a “simple” critical data encryption scenario (securing a specific database, or managing the encrypted snapshots lifecycle), or deployed in a more demanding environment, integrated using its API’s with your orchestration system of choice.

Ariel Dan is co-founder, VP marketing and Sales at Porticor cloud security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.