|By Gilad Parann-Nissany||
|March 28, 2012 08:00 AM EDT||
Cloud computing brings many advantages including elasticity, flexibility, and pay-per-use. But when looking at cloud security, and specifically encrypted cloud storage the picture is much more complex.
Cloud security (in IaaS and PaaS scenarios) is a shared responsibility. The cloud provider is responsible for securing the datacenter premise, the virtualization layer, and the Host OS, but it is the cloud customer’s responsibility to secure the host OS, work with an encrypted cloud storage and secure the application level.
Cloud data security threats
Some aspects of securing virtual servers and storage are not dramatically different from securing a physical server and the same basic rules still apply. Enforcing a strong access control policy, disabling unnecessary ports, and hardening the application layer are still valid and necessary actions when it comes to securing your virtual environment.
But in addition to traditional threats, new cloud-related threats should be considered as part of your security strategy. Shared compute resources, the “cloud insider” threat, malicious snapshotting of virtual disks and cloud hijacking are all new risks associated with the cloud. As a result, creating and maintaining an encryption policy and using encrypted cloud storage become must-have items in the cloud (we’ve discussed the new cloud security threats in depth in this blog).
In addition to the above threats, legal considerations such as the USA Patriot Act or the EU Data Protection directives are another aspect of managing responsibility and trust. Companies migrating their data to the cloud want to know that their data will not be exposed to unexpected or unwanted parties through court orders, and therefore, they are expected to think through issues around the Patriot Act and other legal frameworks.
Encrypted cloud storage should be a top priority
Encrypted cloud storage mitigates the above threats by keeping your data private at all times, but managing your keys in the cloud can be challenging unless a new approach to cloud key management is adopted. We at Porticor have taken a different approach to encrypted cloud storage and key management for the cloud. Our virtual key management system, which we often allude to as the Swiss Banker approach, enables you to securely maintain your keys in the cloud, while not compromising the security of your keys and your data. For further reading, please refer to our key management white paper.
To conclude; cloud security should include a blend of traditional security elements combined with “cloud-adjusted” security technologies. Encrypted cloud storage should be a key part of your cloud security strategy due to the new cloud threat vectors (but also due to regulations such as the Patriot Act).
- Database Security in the Cloud
- Disruptive Innovations and the 'Internet of Things' | @ThingsExpo [#IoT]
- Securing Cloud Data from Cybercrime, Intrusion and Surveillance
- Cloud Computing Security Issues and Challenges By @GiladPN | @CloudExpo [#Cloud]
- MySQL in the Cloud
- Cloud Security – Implementing a Secure Cloud Backup Case Study
- Four Great Tips: Cloud Security for Big Data
- Answering Common Cloud Security Questions from CIOs
- Securing Your ‘Data at Rest’ in the Cloud
- Encrypted Cloud Storage – The Missing Piece