|By Gilad Parann-Nissany||
|December 23, 2012 09:28 AM EST||
(Originally posted by Rake Narang at Info Security Products Guide)
Porticor is the leader in cloud security, delivering secure, easy to use, scalable solutions for data encryption and key management. Porticor enables companies of all sizes to keep their data safe, comply with regulatory standards, and streamline operations.
Founded in 2010 by experts in security, cloud computing and cryptography, Porticor protects critical data in public, private and hybrid clouds. Within minutes, customers can encrypt their entire data layer using proven encryption algorithms. Porticor VPD™ is built for homomorphic split-key encryption, a breakthrough technology offering the convenience of cloud-based key management without sacrificing trust.
In the following interview, Gilad Parann-Nissany, Chief Execeutive Officer of Porticor Cloud Security, discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, the future for cloud security and why enterprises will be willing to outsource their security requirements.
Rake Narang, Editor-in-Chief: What are the top 5 issues you hear from customers regarding cloud security?
Gilad Parann-Nissany: Customers we talk to are pretty consistent, usually raising these data security concerns:
- High Security
- Regulatory Compliance
- Flexible deployment & provisioning
- Dealing with Complexity
- Effective Key Management
There is a strong industry consensus that security, along with regulatory compliance, is the #1 barrier to adoption of cloud computing. Underlining these concerns is the need to establish trust – an organization can outsource its storage or its compute resources, but it cannot outsource confidentiality!
At the same time, companies are attracted to cloud computing for its advantages: flexibility, elasticity and the pay-as-you-go economic model. Customers in the cloud can bring up servers and storage in minutes, and they expect a security solution to provide the same high degree of automation and management.
Customers cannot accept a tradeoff between security and flexibility. They expect the security vendor to deliver the best of both worlds – a strong data security solution which does not compromise the cloud values of flexibility and elasticity. This is not an easy task.
What’s required is a solution to “all of the above”: up in minutes; pay as you go; using the strongest proven encryption algorithms; and ensuring auditability and regulatory compliance.
The needed breakthrough should mean customers’ data is always encrypted, and the master encryption keys are themselves encrypted, even when in use. Key splitting and homomorphic technologies are the secret sauce that can solve this challenge. And this creates trust.
Rake Narang: What’s the future for cloud security? Why will enterprises be willing to outsource their security requirements?
Gilad Parann-Nissany: At the highest level, the message of the cloud is freedom to focus on organizational core strengths and outsource non-core activities like purchasing servers and deployment. In the same way, it makes sense to outsource security.
Nevertheless, achieving data security in the cloud is a difficult challenge. It’s a little like having your cake and eating it; Enterprises want trust and outsourcing at the same time.
We are seeing great investment by cloud providers and security vendors, and the direction is promising. In some ways, because it allows better management and flexible control of resources, cloud computing can be more secure than traditional IT. This was recently recognized by the NSA director and U.S. Cyber Command commander, Gen. Keith Alexander.
In other ways, fundamental breakthroughs in technology are still needed. We see these coming from the fields of key-splitting technology and homomorphic encryption. If these are properly implemented, they allow you to be in the cloud without losing control, because sensitive data or keys are encrypted even when in use in the cloud, which means cloud providers cannot know them, and even security vendors never know them.
This is the kind of breakthrough that enables trust. Your “security cake” remains whole, and you still enjoy your slice of pay-as-you-go.
So the future of the cloud security industry is rosy, because it is precisely on trend: enterprises will want to outsource complexity to experts who can deliver breakthroughs, while maintaining the confidentiality of information.
Rake Narang: So focusing on cloud security, when is it possible to use classic solutions and where is it necessary to implement new solutions?
Gilad Parann-Nissany: Cloud computing is not one technology; it is the confluence of many advances in virtualization, service enablement, operations, commoditization and industrialized environments. Many well-known technologies from previous innovation rounds – continue to work in the cloud.
This is just as true in the security market, where technologies like firewalls, virtual private networks or data leak prevention – remain very relevant. With these, the right strategy for Enterprises may be evolution: this often involves taking an existing approach, deploying it in the cloud, and then – crucially – wrapping it in an API (application program interface) so that it can be automated in the cloud’s industrialized environment.
But some areas do require new solutions.
The role of encryption changes, since data is no longer between the “four walls” of the enterprise
Encryption Keys management is critical, since keys cannot be simply stored in the cloud
New cloud storage technologies, i.e. distributed data storage, require security
New data protection measures emerge, for example fragmenting data in many pieces in the cloud
Hypervisors and virtual machines are an area of ongoing research
Physical security of cloud environments is required
The community has provided useful results for hypervisor security, and the best cloud providers do a great job of physical security. Yet new technologies, such as split-key management and homomorphic encryption, have a critical role to play. This will, for the first time, enable enterprises to outsource the complexity while keeping control and confidentiality.
Company: Porticor Cloud Security
Tel Aviv, Israel
Founded in: 2010
CEO: Gilad Parann-Nissany
Products and Services: Porticor® Virtual Private Data™ system
Company’s Goals: Enable trusted cloud computing, especially by securing data at rest, for companies of all sizes. We do this by providing, for the first time, an encryption and key management system that does not expose customer data or keys to cloud or security providers, while offering the highest degree of security, the quickest and most cost-effective operations, and excellent performance.
About Gilad Parann-Nissany
A pioneer of Cloud Computing, Gilad has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business), contributed to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st – a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Data Security.
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
Jul. 28, 2016 12:00 PM EDT Reads: 1,214
IoT generates lots of temporal data. But how do you unlock its value? You need to discover patterns that are repeatable in vast quantities of data, understand their meaning, and implement scalable monitoring across multiple data streams in order to monetize the discoveries and insights. Motif discovery and deep learning platforms are emerging to visualize sensor data, to search for patterns and to build application that can monitor real time streams efficiently. In his session at @ThingsExpo, ...
Jul. 28, 2016 11:15 AM EDT Reads: 1,127
Ovum, a leading technology analyst firm, has published an in-depth report, Ovum Decision Matrix: Selecting a DevOps Release Management Solution, 2016–17. The report focuses on the automation aspects of DevOps, Release Management and compares solutions from the leading vendors.
Jul. 28, 2016 11:00 AM EDT Reads: 1,785
Continuous testing helps bridge the gap between developing quickly and maintaining high quality products. But to implement continuous testing, CTOs must take a strategic approach to building a testing infrastructure and toolset that empowers their team to move fast. Download our guide to laying the groundwork for a scalable continuous testing strategy.
Jul. 28, 2016 11:00 AM EDT Reads: 2,043
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
Jul. 28, 2016 11:00 AM EDT Reads: 1,111
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Jul. 28, 2016 10:45 AM EDT Reads: 1,265
Choosing the right cloud for your workloads is a balancing act that can cost your organization time, money and aggravation - unless you get it right the first time. Economics, speed, performance, accessibility, administrative needs and security all play a vital role in dictating your approach to the cloud. Without knowing the right questions to ask, you could wind up paying for capacity you'll never need or underestimating the resources required to run your applications.
Jul. 28, 2016 10:45 AM EDT Reads: 564
Up until last year, enterprises that were looking into cloud services usually undertook a long-term pilot with one of the large cloud providers, running test and dev workloads in the cloud. With cloud’s transition to mainstream adoption in 2015, and with enterprises migrating more and more workloads into the cloud and in between public and private environments, the single-provider approach must be revisited. In his session at 18th Cloud Expo, Yoav Mor, multi-cloud solution evangelist at Cloudy...
Jul. 28, 2016 10:41 AM EDT Reads: 240
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
Jul. 28, 2016 10:30 AM EDT Reads: 782
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
Jul. 28, 2016 09:30 AM EDT Reads: 1,402
Security, data privacy, reliability, and regulatory compliance are critical factors when evaluating whether to move business applications from in-house, client-hosted environments to a cloud platform. Quality assurance plays a vital role in ensuring that the appropriate level of risk assessment, verification, and validation takes place to ensure business continuity during the migration to a new cloud platform.
Jul. 28, 2016 09:28 AM EDT Reads: 271
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...
Jul. 28, 2016 09:00 AM EDT Reads: 1,608
[webcast] Mastering DevOps Automation | @DevOpsSummit @IBMDevOps #IBM #Cloud #DevOps #ContinuousDelivery
Deploying applications in hybrid cloud environments is hard work. Your team spends most of the time maintaining your infrastructure, configuring dev/test and production environments, and deploying applications across environments – which can be both time consuming and error prone. But what if you could automate provisioning and deployment to deliver error free environments faster? What could you do with your free time?
Jul. 28, 2016 08:30 AM EDT Reads: 364
"We formed Formation several years ago to really address the need for bring complete modernization and software-defined storage to the more classic private cloud marketplace," stated Mark Lewis, Chairman and CEO of Formation Data Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Jul. 28, 2016 08:30 AM EDT Reads: 1,683
[guide] Cloud Analytics for Dummies | @CloudExpo @Informatica #API #Cloud #Analytics #BusinessIntelligence
Cloud analytics is dramatically altering business intelligence. Some businesses will capitalize on these promising new technologies and gain key insights that’ll help them gain competitive advantage. And others won’t. Whether you’re a business leader, an IT manager, or an analyst, we want to help you and the people you need to influence with a free copy of “Cloud Analytics for Dummies,” the essential guide to this explosive new space for business intelligence.
Jul. 28, 2016 07:45 AM EDT Reads: 924
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet a...
Jul. 28, 2016 07:30 AM EDT Reads: 533
Ixia (Nasdaq: XXIA) has announced that NoviFlow Inc.has deployed IxNetwork® to validate the company’s designs and accelerate the delivery of its proven, reliable products. Based in Montréal, NoviFlow Inc. supports network carriers, hyperscale data center operators, and enterprises seeking greater network control and flexibility, network scalability, and the capacity to handle extremely large numbers of flows, while maintaining maximum network performance. To meet these requirements, NoviFlow in...
Jul. 28, 2016 07:15 AM EDT Reads: 701
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busin...
Jul. 28, 2016 06:45 AM EDT Reads: 1,867
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
Jul. 28, 2016 06:45 AM EDT Reads: 1,568
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Jul. 28, 2016 05:45 AM EDT Reads: 2,329