Welcome!

@CloudExpo Authors: Yeshim Deniz, Zakia Bouachraoui, Elizabeth White, Liz McMillan, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @DXWorldExpo

@CloudExpo: Blog Feed Post

Cloud Encryption: How to Choose an IaaS Encryption Solution

Instance managed encryption means the encryption keys are kept on the virtual disk

During the past month or so, Rich Mogull, analyst and CEO of securosis has published multiple blogs on cloud encryption best practices, specifically in infrastructure clouds. The final blog IaaS Encryption: How to Choose, provides a good opportunity for us to touch and expand on some of the volume storage cloud security points highlighted on Rich’s article:

“Always use external key management. Instance-managed encryption is only acceptable for test/development systems you know will never go into production”

Instance managed encryption means the encryption keys are kept on the virtual disk. In other words, anyone with access to your cloud instance, has access to your encryption keys – hence to your data. In addition, specific cloud operations, such as disk snapshots, will snapshot the encryption keys with it.

Cloud Security Cloud Key Management Cloud Encryption  clouds 250X188 Cloud Encryption: How to choose an IaaS encryption solution“For sensitive data in public cloud computing choose a system with protection for keys in volatile memory (RAM). Don’t use a cloud’s native encryption capabilities if you have any concern that a cloud administrator is a risk”

As I see it, there are two great points here, one relates to cloud security concerns, the second is interesting for compliance reasons. Protecting keys in RAM (the security concern) is actually not a simple thing to achieve.  We have worked extremely hard to create a mechanism which keeps the encryption keys encrypted themselves, even while in use in RAM.  To do so, we have used partially homomorphic encryption techniques (fancy name, I know…), a world first implementation of such technology to a cloud security product (you can read more about it here, or download the Porticor white paper for additional information). Now for the second point; using the IaaS provider’s native cloud encryption capabilities means there’s a risk that someone (an employee) within the cloud data center can potentially read your data. While an obvious security risk, this is also a compliance issue as certain regulations (for example PCI) mention separation of duties as a core compliance requirement.

“Pick a product designed to handle the more dynamic cloud computing environment. Specifically one with workflow for rapidly provisioning keys to cloud instances and API support for the cloud platform you use”

I couldn’t agree more. Traditional, “on-premise” encryption and key management systems are not built for the cloud. As a result, many of the cloud most significant advantages, such as scalability and flexibility might not function well (dare I say not function at all) with such encryption systems. A cloud encryption system should seamlessly integrate with your cloud design, and integrate with any automation process you have in place. An API is important as an integration point between your cloud systems and (for example) an orchestration system.  In such scenario you can automate encryption together with the rest of the IaaS system, spin up new or down new encrypted disks, encrypt S3 objects, and even automatically feed encryption keys to specific SaaS applications (I will discuss cloud encryption keys security and split-key encryption in one of my next blogs).

Ariel Dan is co-founder at Porticor Cloud Security.

The post Cloud Encryption: How to choose an IaaS encryption solution appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundation of software-defined infrastructure, Nutanix has rapidly expanded into full application lifecycle management across any infrastructure or cloud .Join us as we delve into how the Nutanix Developer Stack makes it easy to build hybrid cloud applications by weaving DBaaS, micro segmentation, event driven lifecycle operations, and both financial and cloud governance together into a single unified st...
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings on all ticket types where you can save significant amount of money by purchasing your conference tickets today.
Organize your corporate travel faster, at lower cost. Hotailors is a next-gen AI-powered travel platform. What is Hotailors? Hotailors is a platform for organising business travels that grants access to the best real-time offers from 2.000.000+ hotels and 700+ airlines in the whole world. Thanks to our solution you can plan, book & expense business trips in less than 5 minutes. Accordingly to your travel policy, budget limits and cashless for your employees. With our reporting, integrations and real-time analytics, you can easily control your travel policy, reduce spendings and increase the efficiency of your company. Hotailors ia an artificial intelligence powered marketplace for business travels. Friendly to use technology based on artificial intelligence to plan, book and expense business travel in 5 minutes. Within one login on one dashboard, user has access to almos...
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | DevOpsSUMMIT | CloudEXPO New York will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018. Polish Digital Transformation companies which will exhibit at CloudEXPO | DevOpsSUMMIT | DXWorldEXPO include All in Mobile, dhosting, Cryptomage, Perfect Gym, Polcom, Apius Technologies, Aplisens, ELZAB SA, TELDAT, and Rebug.io.
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments that frequently get lost in the hype. The panel will discuss their perspective on what they see as they key challenges and/or impediments to adoption, and how they see those issues could be resolved or mitigated.