Welcome!

@CloudExpo Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Containers Expo Blog, Release Management , Cloud Security

@CloudExpo: Blog Feed Post

Transparent Data Encryption in the Cloud

Database products that support TDE

Transparent Data Encryption (TDE), sometimes also called Transparent Database Encryption, is one way to encrypt database content. TDE offers encryption at a column, table, and tablespace level. This makes TDE one of the more highly configurable ways to encrypt database content, though some of these configuration options come with a performance price.

While TDE is well known in the Data Center, bringing it to the realm of Cloud Data Security does involve some new technical and operational questions.

Database products that support TDE
TDE is available as an “enterprise level” feature of Oracle Enterprise Edition and Microsoft SQL Server Enterprise Edition. Of course this carries a price premium.

With the MySQL open source database, it is possible to encrypt files that represent tables – using ecryptfs - which simulates some of the table-level features of TDE but usually not all the detailed column-level, row-level and tablespace capabilties.

Cloud security is only as good as its weakest link

Like any encryption technology, TDE is only as secure as the encryption keys. You have to keep your keys in a safe place. You need a Cloud Key Management solution that can support TDE and should supply the encryption keys for the column, table, or tablespace encryption.

Transparent Data Encryption in the Cloud

Cloud key management can be the weak link in Cloud

Encryption solutions

This is actually the trickiest security question when implementing TDE in the cloud, and requires thought and expertise. For example, TDE encryption keys are often kept in a database “wallet”, which is itself often a file on a disk. This approach may break in the cloud. The concern is that hackers will attack the virtual disk in the cloud, get from that to the wallet and through that to the data.

You may find yourself implementing TDE, only to discover that the scenario above invalidates your approach.

Fortunately, solid Cloud Key Management with Cloud Encryption is now available, using split-key encryption to ensure there is no single place that can be attacked. This best practice can be integrated with TDE.

Balancing your cloud encryption, flexibility and performance requirements

As mentioned above, TDE does involve a tradeoff. It is more highly configurable but also more complex, and some of its options carry a performance price.

Alternative Cloud Encryption solutions can offer Full Disk Encryption, which may be more highly performant and is certainly simpler to configure. As always, you must choose.

The best of all worlds is obviously a solution that supports both out of the box Full Disk Encryption and can work with TDE. Porticor is the solution to consider for this kind of Cloud Encryption.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
Today, we have more data to manage than ever. We also have better algorithms that help us access our data faster. Cloud is the driving force behind many of the data warehouse advancements we have enjoyed in recent years. But what are the best practices for storing data in the cloud for machine learning and data science applications?