|By Gilad Parann-Nissany||
|December 23, 2012 09:28 AM EST||
(Originally posted by Rake Narang at Info Security Products Guide)
Porticor is the leader in cloud security, delivering secure, easy to use, scalable solutions for data encryption and key management. Porticor enables companies of all sizes to keep their data safe, comply with regulatory standards, and streamline operations.
Founded in 2010 by experts in security, cloud computing and cryptography, Porticor protects critical data in public, private and hybrid clouds. Within minutes, customers can encrypt their entire data layer using proven encryption algorithms. Porticor VPD™ is built for homomorphic split-key encryption, a breakthrough technology offering the convenience of cloud-based key management without sacrificing trust.
In the following interview, Gilad Parann-Nissany, Chief Execeutive Officer of Porticor Cloud Security, discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, the future for cloud security and why enterprises will be willing to outsource their security requirements.
Rake Narang, Editor-in-Chief: What are the top 5 issues you hear from customers regarding cloud security?
Gilad Parann-Nissany: Customers we talk to are pretty consistent, usually raising these data security concerns:
- High Security
- Regulatory Compliance
- Flexible deployment & provisioning
- Dealing with Complexity
- Effective Key Management
There is a strong industry consensus that security, along with regulatory compliance, is the #1 barrier to adoption of cloud computing. Underlining these concerns is the need to establish trust – an organization can outsource its storage or its compute resources, but it cannot outsource confidentiality!
At the same time, companies are attracted to cloud computing for its advantages: flexibility, elasticity and the pay-as-you-go economic model. Customers in the cloud can bring up servers and storage in minutes, and they expect a security solution to provide the same high degree of automation and management.
Customers cannot accept a tradeoff between security and flexibility. They expect the security vendor to deliver the best of both worlds – a strong data security solution which does not compromise the cloud values of flexibility and elasticity. This is not an easy task.
What’s required is a solution to “all of the above”: up in minutes; pay as you go; using the strongest proven encryption algorithms; and ensuring auditability and regulatory compliance.
The needed breakthrough should mean customers’ data is always encrypted, and the master encryption keys are themselves encrypted, even when in use. Key splitting and homomorphic technologies are the secret sauce that can solve this challenge. And this creates trust.
Rake Narang: What’s the future for cloud security? Why will enterprises be willing to outsource their security requirements?
Gilad Parann-Nissany: At the highest level, the message of the cloud is freedom to focus on organizational core strengths and outsource non-core activities like purchasing servers and deployment. In the same way, it makes sense to outsource security.
Nevertheless, achieving data security in the cloud is a difficult challenge. It’s a little like having your cake and eating it; Enterprises want trust and outsourcing at the same time.
We are seeing great investment by cloud providers and security vendors, and the direction is promising. In some ways, because it allows better management and flexible control of resources, cloud computing can be more secure than traditional IT. This was recently recognized by the NSA director and U.S. Cyber Command commander, Gen. Keith Alexander.
In other ways, fundamental breakthroughs in technology are still needed. We see these coming from the fields of key-splitting technology and homomorphic encryption. If these are properly implemented, they allow you to be in the cloud without losing control, because sensitive data or keys are encrypted even when in use in the cloud, which means cloud providers cannot know them, and even security vendors never know them.
This is the kind of breakthrough that enables trust. Your “security cake” remains whole, and you still enjoy your slice of pay-as-you-go.
So the future of the cloud security industry is rosy, because it is precisely on trend: enterprises will want to outsource complexity to experts who can deliver breakthroughs, while maintaining the confidentiality of information.
Rake Narang: So focusing on cloud security, when is it possible to use classic solutions and where is it necessary to implement new solutions?
Gilad Parann-Nissany: Cloud computing is not one technology; it is the confluence of many advances in virtualization, service enablement, operations, commoditization and industrialized environments. Many well-known technologies from previous innovation rounds – continue to work in the cloud.
This is just as true in the security market, where technologies like firewalls, virtual private networks or data leak prevention – remain very relevant. With these, the right strategy for Enterprises may be evolution: this often involves taking an existing approach, deploying it in the cloud, and then – crucially – wrapping it in an API (application program interface) so that it can be automated in the cloud’s industrialized environment.
But some areas do require new solutions.
The role of encryption changes, since data is no longer between the “four walls” of the enterprise
Encryption Keys management is critical, since keys cannot be simply stored in the cloud
New cloud storage technologies, i.e. distributed data storage, require security
New data protection measures emerge, for example fragmenting data in many pieces in the cloud
Hypervisors and virtual machines are an area of ongoing research
Physical security of cloud environments is required
The community has provided useful results for hypervisor security, and the best cloud providers do a great job of physical security. Yet new technologies, such as split-key management and homomorphic encryption, have a critical role to play. This will, for the first time, enable enterprises to outsource the complexity while keeping control and confidentiality.
Company: Porticor Cloud Security
Tel Aviv, Israel
Founded in: 2010
CEO: Gilad Parann-Nissany
Products and Services: Porticor® Virtual Private Data™ system
Company’s Goals: Enable trusted cloud computing, especially by securing data at rest, for companies of all sizes. We do this by providing, for the first time, an encryption and key management system that does not expose customer data or keys to cloud or security providers, while offering the highest degree of security, the quickest and most cost-effective operations, and excellent performance.
About Gilad Parann-Nissany
A pioneer of Cloud Computing, Gilad has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business), contributed to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st – a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Data Security.
Today, IT is not just a cost center. IT is an enabler and driver of business. With the emergence of the hybrid cloud paradigm, IT now has increasingly more capabilities to create new strategic opportunities for a business. Hybrid cloud allows an organization to utilize multi-tenant public clouds, dedicated private clouds, bare metal hosting, and the associated support and services for the right use cases through an on-demand, XaaS model. This model of IT creates tremendous opportunities for busi...
Mar. 27, 2015 05:00 PM EDT Reads: 2,901
Hosted PaaS providers have given independent developers and startups huge advantages in efficiency and reduced time-to-market over their more process-bound counterparts in enterprises. Software frameworks are now available that allow enterprise IT departments to provide these same advantages for developers in their own organization. In his workshop session at DevOps Summit, Troy Topnik, ActiveState’s Technical Product Manager, will show how on-prem or cloud-hosted Private PaaS can enable organ...
Mar. 27, 2015 04:45 PM EDT Reads: 657
In today's digital world, change is the one constant. Disruptive innovations like cloud, mobility, social media, and the Internet of Things have reshaped the market and set new standards in customer expectations. To remain competitive, businesses must tap the potential of emerging technologies and markets through the rapid release of new products and services. However, the rigid and siloed structures of traditional IT platforms and processes are slowing them down – resulting in lengthy delivery ...
Mar. 27, 2015 04:30 PM EDT Reads: 1,563
Modern Systems announced completion of a successful project with its new Rapid Program Modernization (eavRPMa"c) software. The eavRPMa"c technology architecturally transforms legacy applications, enabling faster feature development and reducing time-to-market for critical software updates. Working with Modern Systems, the University of California at Santa Barbara (UCSB) leveraged eavRPMa"c to transform its Student Information System from Software AG's Natural syntax to a modern application lev...
Mar. 27, 2015 04:24 PM EDT Reads: 259
Business as usual for IT is evolving into a “Make or Buy” decision on a service-by-service conversation with input from the LOBs. How does your organization move forward with cloud? In his general session at 16th Cloud Expo, Paul Maravei, Regional Sales Manager, Hybrid Cloud and Managed Services at Cisco, discusses how Cisco and its partners offer a market-leading portfolio and ecosystem of cloud infrastructure and application services that allow you to uniquely and securely combine cloud busi...
Mar. 27, 2015 04:15 PM EDT Reads: 1,116
Docker is an excellent platform for organizations interested in running microservices. It offers portability and consistency between development and production environments, quick provisioning times, and a simple way to isolate services. In his session at DevOps Summit at 16th Cloud Expo, Shannon Williams, co-founder of Rancher Labs, will walk through these and other benefits of using Docker to run microservices, and provide an overview of RancherOS, a minimalist distribution of Linux designed...
Mar. 27, 2015 04:15 PM EDT Reads: 2,312
Businesses are looking to empower employees and departments to do more, go faster, and streamline their processes. For all workers – but mobile workers especially – utilizing the cloud to reconnect documents and improve processes without destructing existing workflows can have a dramatic impact on productivity. In his session at 16th Cloud Expo, Mark Grilli, vice president of Acrobat Solutions marketing at Adobe Systems Incorporated, will outline new ways that the cloud is changing the way peo...
Mar. 27, 2015 04:00 PM EDT Reads: 1,123
Sonus Networks introduced the Sonus WebRTC Services Solution, a virtualized Web Real-Time Communications (WebRTC) offer, purpose-built for the Cloud. The WebRTC Services Solution provides signaling from WebRTC-to-WebRTC applications and interworking from WebRTC-to-Session Initiation Protocol (SIP), delivering advanced real-time communications capabilities on mobile applications and on websites, which are accessible via a browser.
Mar. 27, 2015 04:00 PM EDT Reads: 1,639
SYS-CON Events announced today that Aria Systems, the leading innovator in recurring revenue, has been named “Bronze Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Proven by the world’s most demanding enterprises, including AAA NCNU, Constant Contact, Falck, Hootsuite, Pitney Bowes, Telekom Denmark, and VMware, Aria helps enterprises grow their recurring revenue businesses. With Aria’s end-to-end active monetization platform, g...
Mar. 27, 2015 04:00 PM EDT Reads: 1,484
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes ...
Mar. 27, 2015 03:30 PM EDT Reads: 2,091
SYS-CON Events announced today that Akana, formerly SOA Software, has been named “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Akana’s comprehensive suite of API Management, API Security, Integrated SOA Governance, and Cloud Integration solutions helps businesses accelerate digital transformation by securely extending their reach across multiple channels – mobile, cloud and Internet of Thi...
Mar. 27, 2015 03:15 PM EDT Reads: 1,348
Are your applications getting in the way of your business strategy? It’s time to rethink your IT approach. In his session at 16th Cloud Expo, Madhukar Kumar, Vice President, Product Management at Liaison Technologies, will discuss a new data-centric approach to IT that allows your data, not applications, to inform business strategy. By moving away from an application-centric IT model where data integration and analysis are subservient to the constraints of applications, your organization will b...
Mar. 27, 2015 03:15 PM EDT Reads: 2,445
WSM International has launched a DevOps services division that offers assessment, consulting and implementation to large enterprises and organizations with complex infrastructures. The concept of DevOps is to blend information technology (IT) software development with operations to optimize the computing infrastructure according to the specific needs of the organization. According to a recent press release from Gartner, "By 2016, DevOps will evolve from a niche strategy employed by large cloud ...
Mar. 27, 2015 03:00 PM EDT Reads: 1,042
SYS-CON Events announced today that QTS Realty Trust, one of the nation’s largest and fastest-growing providers of data center facilities and cloud services and a leader in security and compliance, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. QTS Realty Trust, Inc. (NYSE: QTS) is a leading national provider of data center solutions and fully managed services, and a leader in security and compliance...
Mar. 27, 2015 03:00 PM EDT Reads: 1,095
SYS-CON Events announced today that Solgenia will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Solgenia is the global market leader in Cloud Collaboration and Cloud Infrastructure software solutions. Designed to “Bridge the Gap” between Personal and Professional S...
Mar. 27, 2015 03:00 PM EDT Reads: 2,614
SYS-CON Events announced today that WSM International (WSM), the world’s leading cloud and server migration services provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. WSM is a solutions integrator with a core focus on cloud and server migration, transformation and DevOps services.
Mar. 27, 2015 03:00 PM EDT Reads: 1,098
What’s inside the cloud? Hard work. Cloud operators know the world inside the datacenter is gritty. Vendor marketing speak and cloudwashing quickly melt in the heat of SLAs, uptime guarantees, and users who want it now. In his session at DevOps Summit, Hernan Alvarez, Chief Product Officer at Blue Box Group, will deliver an unvarnished look inside the world of cloud operators, from the perspective of someone who lives it. Attendees get a front-row look into the toolkits and processes that enabl...
Mar. 27, 2015 03:00 PM EDT Reads: 1,439
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make sm...
Mar. 27, 2015 03:00 PM EDT Reads: 3,334
The WebRTC Summit 2014 New York, to be held June 9-11, 2015, at the Javits Center in New York, NY, announces that its Call for Papers is open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 16th International Cloud Expo, @ThingsExpo, Big Data Expo, and DevOps Summit.
Mar. 27, 2015 03:00 PM EDT Reads: 1,316
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
Mar. 27, 2015 03:00 PM EDT Reads: 2,912