@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Elizabeth White, Pat Romanski, Carmen Gonzalez

Related Topics: @CloudExpo

@CloudExpo: Blog Feed Post

Don’t Depend on Trust to Protect Data in the Cloud

Startup Porticor addresses key management

In one survey after another, we see that security concerns are a top inhibitor to cloud adoption. Companies want to get the flexibility and cost advantages of cloud computing, but there’s often trepidation about putting data on servers that are outside a company’s own data center. Cloud security is an issue of trust and control.

Startup company Porticor just released a product that addresses the concern about data at rest in the cloud: a split key encryption solution where the cloud customer is the only one who ever knows the master key.

The basic problem of encrypting data in the cloud is where to store the keys. An enterprise wouldn’t want to store the keys on a disk in the cloud; they could be vulnerable to hackers. Allowing the vendor to store the keys means putting trust in a third party. An organization could bring the keys back into its data center, but that seems to negate some of the advantage of outsourcing data center services to the cloud.

Porticor uses the metaphor of the Swiss banker to explain its offering. Think of a personalized bank vault that has two keys: one is held by the customer, and the other is held by the “banker,” or in this case, the Porticor Virtual Key Management Service.  The customer actually has one key per project, which is usually an application. Porticor has thousands of keys, one for each file or disk belonging to that project.

Here’s the unique part of the solution. The keys, which are split between the customer and Porticor, are themselves encrypted by the customer’s master key, which only the customer holds and knows. Therefore, Porticor holds project keys but it can’t read them because they are encrypted. The only additional requirement on the enterprise end is to secure the master key.

Porticor’s solution works with any cloud implementation, but partnerships with Amazon Web Services (AWS) and RedHat facilitate implementation with those services.

For example, to set up encryption for a project on AWS servers, you would launch the web-based Porticor Virtual Private Data (VPD) and specify a preferred geographic location for data storage and create a master key.

After specifying the master key, the enterprise can create encrypted disks in its environment within AWS. The keys are created and split between the master key and the encrypted “banker’s” key. After that, the disks can be mounted and used.

It takes just minutes to create a trusted system that is completely controlled by the master key held only by the customer. Existing unsecured disks can be attached to the Porticor Virtual Private Data product and automatically detected and encrypted.

Porticor says this is military grade security since only one party – the customer – holds the master key to unlock the data. The master key only needs to be accessed when the entire server cluster is rebooted, which should be a rare occurrence. When new application servers are created, they inherit the encryption automatically through the VPD.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
ScaleMP is presenting at CloudEXPO 2019, held June 24-26 in Santa Clara, and we’d love to see you there. At the conference, we’ll demonstrate how ScaleMP is solving one of the most vexing challenges for cloud — memory cost and limit of scale — and how our innovative vSMP MemoryONE solution provides affordable larger server memory for the private and public cloud. Please visit us at Booth No. 519 to connect with our experts and learn more about vSMP MemoryONE and how it is already serving some of the world’s largest data centers. Click here to schedule a meeting with our experts and executives.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes.
When you're operating multiple services in production, building out forensics tools such as monitoring and observability becomes essential. Unfortunately, it is a real challenge balancing priorities between building new features and tools to help pinpoint root causes. Linkerd provides many of the tools you need to tame the chaos of operating microservices in a cloud native world. Because Linkerd is a transparent proxy that runs alongside your application, there are no code changes required. It even comes with Prometheus to store the metrics for you and pre-built Grafana dashboards to show exactly what is important for your services - success rate, latency, and throughput.
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application performance guarantees & data privacy.
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the benefits of the cloud without losing performance as containers become the new paradigm.