Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Infrastructure On Demand, SaaS Journal, Infrastructure 2.0 Journal, SOA Best Practices Digest, SOA & WOA Magazine, SOA in the Cloud Expo, Government News, Facebook on Ulitzer, Google, Platform as a Service, Java in the Cloud

Blog Feed Post

Cloud Security, PRISM, and IaaS Encryption Thoughts

Cloud security is again a top concern for citizens and organizations alike

Cloud security is again a top concern for citizens and organizations alike. NSA’s PRISM program, and the fact that information residing in multiple cloud-based services have been allegedly analyzed by the NSA, raises many questions around cloud security not only for SaaS consumer portals (such as Facebook, Gmail and more), but also for Infrastructure as a Service (IaaS) cloud deployments such as Amazon Web Services. So far, it seems IaaS was not tapped as part of PRISM, but we are already hearing questions: how secure is the corporate information residing in Infrastructure as a Service, can the government lay its hands on that information without anyone knowing about it, and what can be done to keep control of our information in the cloud?

Encryption is only one part of the solution

Cloud Security Cloud Key Management Cloud Encryption  cloud cam Cloud security, PRISM, and IaaS encryption thoughtsIndeed, when looking at cloud security, cloud encryption is often one of the first solutions that come to mind. Encryption enables an organization to build “mathematical walls” around the data and therefore to keep prying eyes away from the sensitive data. But many tend to forget that encryption is only one part of the cloud security issue. The second and more complicated part is key management. Think about the following scenario: your information resides in cloud infrastructure, you encrypt your data, but the encryption key resides unencrypted in your virtual server or (even worse) with hardware owned by the cloud provider. In such a scenario – data encryption achieves very little.

Split-key management enables cloud security
To effectively encrypt and secure your cloud data, there’s a need for a different key management approach. One that is designed specifically for the cloud rather than “welded” to it.  An example for such technology is split-key encryption.  Split-key (as the name insinuates) splits an encryption key in two. One “half” is known only to the end user, while the second is known to an automated, secure key-management system. The two half keys are joined inside the customer’s IaaS account. These keys are always encrypted – even while in use – so the automated key management system actually never knows the keys.These techniques enable true cloud security by guaranteeing, for the first time, that the encryption keys are not visible to the IaaS provider, while running as a 100% cloud solution (to read more – download the white paper here).

Cloud security is achievable
To conclude this short article, we strongly believe that cloud security can be achieved, but to do so there’s a need for a new perspective and new tools designed for the cloud. Implementing traditional security systems, or trusting the cloud provider to secure your information for you, simply don’t cut it anymore.

Ariel Dan is co-founder at Porticor Cloud Security.

The post Cloud security, PRISM, and IaaS encryption thoughts appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.