@CloudExpo Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Elizabeth White, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Machine Learning , Cloud Security

@CloudExpo: Blog Feed Post

Encrypted Cloud Storage – The Missing Piece

Cloud computing brings many advantages including elasticity, flexibility, and pay-per-use

Cloud computing brings many advantages including elasticity, flexibility, and pay-per-use. But when looking at cloud security, and specifically encrypted cloud storage the picture is much more complex.

Cloud security (in IaaS and PaaS scenarios) is a shared responsibility. The cloud provider is responsible for securing the datacenter premise, the virtualization layer, and the Host OS, but it is the cloud customer’s responsibility to secure the host OS, work with an encrypted cloud storage and secure the application level.

Encrypted Cloud Storage – The missing piece

The missing piece by shel silverstein

Cloud data security threats
Some aspects of securing virtual servers and storage are not dramatically different from securing a physical server and the same basic rules still apply.  Enforcing a strong access control policy, disabling unnecessary ports, and hardening the application layer are still valid and necessary actions when it comes to securing your virtual environment.

But in addition to traditional threats, new cloud-related threats should be considered as part of your security strategy. Shared compute resources, the “cloud insider” threat, malicious snapshotting of virtual disks and cloud hijacking are all new risks associated with the cloud. As a result, creating and maintaining an encryption policy and using encrypted cloud storage become must-have items in the cloud (we’ve discussed the new cloud security threats in depth in this blog).

In addition to the above threats, legal considerations such as the USA Patriot Act or the EU Data Protection directives are another aspect of managing responsibility and trust. Companies migrating their data to the cloud want to know that their data will not be exposed to unexpected or unwanted parties through court orders, and therefore, they are expected to think through issues around the Patriot Act and other legal frameworks.

Encrypted cloud storage should be a top priority
Encrypted cloud storage mitigates the above threats by keeping your data private at all times, but managing your keys in the cloud can be challenging unless a new approach to cloud key management is adopted. We at Porticor have taken a different approach to encrypted cloud storage and key management for the cloud. Our virtual key management system, which we often allude to as the Swiss Banker approach, enables you to securely maintain your keys in the cloud, while not compromising the security of your keys and your data. For further reading, please refer to our key management white paper.

To conclude; cloud security should include a blend of traditional security elements combined with “cloud-adjusted” security technologies. Encrypted cloud storage should be a key part of your cloud security strategy due to the new cloud threat vectors (but also due to regulations such as the Patriot Act).

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the massive amount of information associated with these devices. Ed presented sought out sessions at CloudEXPO Silicon Valley 2017 and CloudEXPO New York 2017. He is a regular contributor to Cloud Computing Journal.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business outcomes to drive data, analytics and technology decisions that underpin an organization's digital transformation strategy.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight and has been quoted or published in Time, CIO, Computerworld, USA Today and Forbes.
CI/CD is conceptually straightforward, yet often technically intricate to implement since it requires time and opportunities to develop intimate understanding on not only DevOps processes and operations, but likely product integrations with multiple platforms. This session intends to bridge the gap by offering an intense learning experience while witnessing the processes and operations to build from zero to a simple, yet functional CI/CD pipeline integrated with Jenkins, Github, Docker and Azure.