Welcome!

Cloud Expo Authors: Carmen Gonzalez, Elizabeth White, Roger Strukhoff, Jason Bloomberg, Glenn Rossman

Blog Feed Post

What’s the future for cloud security and why enterprises will be willing to outsource their security requirements

(Originally posted by Rake Narang at Info Security Products Guide)

Porticor is the leader in cloud security, delivering secure, easy to use, scalable solutions for data encryption and key management. Porticor enables companies of all sizes to keep their data safe, comply with regulatory standards, and streamline operations.

Founded in 2010 by experts in security, cloud computing and cryptography, Porticor protects critical data in public, private and hybrid clouds. Within minutes, customers can encrypt their entire data layer using proven encryption algorithms. Porticor VPD™ is built for homomorphic split-key encryption, a breakthrough technology offering the convenience of cloud-based key management without sacrificing trust.

In the following interview, Gilad Parann-Nissany, Chief Execeutive Officer of Porticor Cloud Security, discusses 1:1 with Rake Narang, Editor-in-Chief of Info Security Products Guide, the future for cloud security and why enterprises will be willing to outsource their security requirements.

Rake Narang, Editor-in-Chief: What are the top 5 issues you hear from customers regarding cloud security?

Gilad Parann-Nissany: Customers we talk to are pretty consistent, usually raising these data security concerns:

  • High Security
  • Regulatory Compliance
  • Flexible deployment & provisioning
  • Dealing with Complexity
  • Effective Key Management

There is a strong industry consensus that security, along with regulatory compliance, is the #1 barrier to adoption of cloud computing. Underlining these concerns is the need to establish trust – an organization can outsource its storage or its compute resources, but it cannot outsource confidentiality!

At the same time, companies are attracted to cloud computing for its advantages: flexibility, elasticity and the pay-as-you-go economic model. Customers in the cloud can bring up servers and storage in minutes, and they expect a security solution to provide the same high degree of automation and management.

Customers cannot accept a tradeoff between security and flexibility. They expect the security vendor to deliver the best of both worlds – a strong data security solution which does not compromise the cloud values of flexibility and elasticity. This is not an easy task.

What’s required is a solution to “all of the above”: up in minutes; pay as you go; using the strongest proven encryption algorithms; and ensuring auditability and regulatory compliance.

The needed breakthrough should mean customers’ data is always encrypted, and the master encryption keys are themselves encrypted, even when in use. Key splitting and homomorphic technologies are the secret sauce that can solve this challenge. And this creates trust.

Rake Narang: What’s the future for cloud security? Why will enterprises be willing to outsource their security requirements?

Gilad Parann-Nissany: At the highest level, the message of the cloud is freedom to focus on organizational core strengths and outsource non-core activities like purchasing servers and deployment. In the same way, it makes sense to outsource security.

Nevertheless, achieving data security in the cloud is a difficult challenge. It’s a little like having your cake and eating it; Enterprises want trust and outsourcing at the same time.

We are seeing great investment by cloud providers and security vendors, and the direction is promising. In some ways, because it allows better management and flexible control of resources, cloud computing can be more secure than traditional IT. This was recently recognized by the NSA director and U.S. Cyber Command commander, Gen. Keith Alexander.

In other ways, fundamental breakthroughs in technology are still needed. We see these coming from the fields of key-splitting technology and homomorphic encryption. If these are properly implemented, they allow you to be in the cloud without losing control, because sensitive data or keys are encrypted even when in use in the cloud, which means cloud providers cannot know them, and even security vendors never know them.

This is the kind of breakthrough that enables trust. Your “security cake” remains whole, and you still enjoy your slice of pay-as-you-go.

So the future of the cloud security industry is rosy, because it is precisely on trend: enterprises will want to outsource complexity to experts who can deliver breakthroughs, while maintaining the confidentiality of information.

Rake Narang: So focusing on cloud security, when is it possible to use classic solutions and where is it necessary to implement new solutions?

Gilad Parann-Nissany: Cloud computing is not one technology; it is the confluence of many advances in virtualization, service enablement, operations, commoditization and industrialized environments. Many well-known technologies from previous innovation rounds – continue to work in the cloud.

This is just as true in the security market, where technologies like firewalls, virtual private networks or data leak prevention – remain very relevant. With these, the right strategy for Enterprises may be evolution: this often involves taking an existing approach, deploying it in the cloud, and then – crucially – wrapping it in an API (application program interface) so that it can be automated in the cloud’s industrialized environment.

But some areas do require new solutions.

The role of encryption changes, since data is no longer between the “four walls” of the enterprise
Encryption Keys management is critical, since keys cannot be simply stored in the cloud
New cloud storage technologies, i.e. distributed data storage, require security
New data protection measures emerge, for example fragmenting data in many pieces in the cloud
Hypervisors and virtual machines are an area of ongoing research
Physical security of cloud environments is required
The community has provided useful results for hypervisor security, and the best cloud providers do a great job of physical security. Yet new technologies, such as split-key management and homomorphic encryption, have a critical role to play. This will, for the first time, enable enterprises to outsource the complexity while keeping control and confidentiality.

Company: Porticor Cloud Security
Tel Aviv, Israel

Founded in: 2010
CEO: Gilad Parann-Nissany
Products and Services: Porticor® Virtual Private Data™ system

Company’s Goals: Enable trusted cloud computing, especially by securing data at rest, for companies of all sizes. We do this by providing, for the first time, an encryption and key management system that does not expose customer data or keys to cloud or security providers, while offering the highest degree of security, the quickest and most cost-effective operations, and excellent performance.

About Gilad Parann-Nissany Gilad Parann Nissany100x133 What’s the future for cloud security and why enterprises will be willing to outsource their security requirements

A pioneer of Cloud Computing, Gilad has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business), contributed to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st – a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Data Security.

The post What’s the future for cloud security and why enterprises will be willing to outsource their security requirements appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In their General Session at 15th Cloud Expo, Phil Jackson, Development Community Advocate at SoftLayer, and Harold Hannon, Sr. Software Architect at SoftLayer, to discuss how to take advantage of a multitude of compute option...
Come learn about what you need to consider when moving your data to the cloud. In her session at 15th Cloud Expo, Skyla Loomis, a Program Director of Cloudant Development at Cloudant, will discuss the security, performance, and operational implications of keeping your data on premise, moving it to the cloud, or taking a hybrid approach. She will use real customer examples to illustrate the tradeoffs, key decision points, and how to be successful with a cloud or hybrid cloud solution.
In today's application economy, enterprise organizations realize that it's their applications that are the heart and soul of their business. If their application users have a bad experience, their revenue and reputation are at stake. In his session at 15th Cloud Expo, Anand Akela, Senior Director of Product Marketing for Application Performance Management at CA Technologies, will discuss how a user-centric Application Performance Management solution can help inspire your users with every appli...
With the explosion of the cloud, more businesses are transitioning to a recurring revenue model to generate reliable sales, grow profits, and open new markets. This opportunity requires businesses to get to market quickly with the pricing and packaging options customers want. In addition, you will want to take advantage of the ensuing tidal wave of data to more effectively upsell, cross-sell and manage your customers. All of this is possible, but only with the right approach. At 15th Cloud Exp...
Planning scalable environments isn't terribly difficult, but it does require a change of perspective. In his session at 15th Cloud Expo, Phil Jackson, Development Community Advocate for SoftLayer, will broaden your views to think on an Internet scale by dissecting a video publishing application built with The SoftLayer Platform, Message Queuing, Object Storage, and Drupal. By examining a scalable modular application build that can handle unpredictable traffic, attendees will able to grow your de...
The cloud provides an easy onramp to building and deploying Big Data solutions. Transitioning from initial deployment to large-scale, highly performant operations may not be as easy. In his session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, will discuss the benefits, weaknesses, and performance characteristics of public and bare metal cloud deployments that can help you make the right decisions.
Over the last few years the healthcare ecosystem has revolved around innovations in Electronic Health Record (HER) based systems. This evolution has helped us achieve much desired interoperability. Now the focus is shifting to other equally important aspects – scalability and performance. While applying cloud computing environments to the EHR systems, a special consideration needs to be given to the cloud enablement of Veterans Health Information Systems and Technology Architecture (VistA), i.e....
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization’s assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? I...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using...
Is your organization struggling to deal with skyrocketing volumes of digital assets? The amount of data is growing exponentially and organizations are having a hard time managing this growth. In his session at 15th Cloud Expo, Amar Kapadia, Senior Director of Open Cloud Strategy at Seagate, will walk through the essential considerations when developing a cloud storage strategy. In this discussion, you will understand the challenges IT is facing, why companies need to move to cloud, and how the...
If cloud computing benefits are so clear, why have so few enterprises migrated their mission-critical apps? The answer is often inertia and FUD. No one ever got fired for not moving to the cloud – not yet. In his session at 15th Cloud Expo, Michael Hoch, SVP, Cloud Advisory Service at Virtustream, will discuss the six key steps to justify and execute your MCA cloud migration.
The 16th International Cloud Expo announces that its Call for Papers is now open. 16th International Cloud Expo, to be held June 9–11, 2015, at the Javits Center in New York City brings together Cloud Computing, APM, APIs, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speak...
Most of today’s hardware manufacturers are building servers with at least one SATA Port, but not every systems engineer utilizes them. This is considered a loss in the game of maximizing potential storage space in a fixed unit. The SATADOM Series was created by Innodisk as a high-performance, small form factor boot drive with low power consumption to be plugged into the unused SATA port on your server board as an alternative to hard drive or USB boot-up. Built for 1U systems, this powerful devic...
SYS-CON Events announced today that Gridstore™, the leader in software-defined storage (SDS) purpose-built for Windows Servers and Hyper-V, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Gridstore™ is the leader in software-defined storage purpose built for virtualization that is designed to accelerate applications in virtualized environments. Using its patented Server-Side Virtual C...
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Cloudian is a Foster City, Calif.-based software company specializing in cloud storage. Cloudian HyperStore® is an S3-compatible cloud object storage platform that enables service providers and enterprises to bui...
SYS-CON Events announced today that TechXtend (formerly Programmer’s Paradise), a leading value-added provider of server and storage virtualization, and r-evolution will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. TechXtend (formerly Programmer’s Paradise) is a leading value-added provider of software, systems and solutions for corporations, government organizations, and academic instit...
Every healthy ecosystem is diverse. This is especially true in cloud ecosystems, where portability and interoperability are more important than old enterprise models of proprietary ownership. In his session at 15th Cloud Expo, Mark Baker, Server Product Manager at Canonical/Ubuntu, will discuss how single vendors used to take the lead in creating and delivering technology, but in a cloud economy, where users want tools of their preference, when and where they need them, it makes no sense.
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, will discuss this shifting dynamic with ...
The emergence of cloud computing and Big Data warrants a greater role for the PMO to successfully manage enterprise transformation driven by these powerful trends. As the adoption of cloud-based services continues to grow, a governance model is needed to orchestrate enterprise cloud implementations and harness the power of Big Data analytics. In his session at 15th Cloud Expo, Mahesh Singh, President of BigData, Inc., to discuss how the Enterprise PMO takes center stage not only in developing th...
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research dat...