@CloudExpo Authors: Liz McMillan, Zakia Bouachraoui, Yeshim Deniz, Pat Romanski, Elizabeth White

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Blog Feed Post

Master Cloud Encryption Keys: The Heat Is On

Don’t keep your cloud encryption keys with Cloud Providers

Earlier this month, we discussed the effect of NSA Leaker, Edward Snowden and the Prism Scandal on the future of cloud security.  We asked (and answered) the question: What level of paranoia is justified in the wake of PRISM?  But it seems the scandal just grows and grows. We now hear that the Feds put heat on Web firms for master cloud encryption keys. It is unclear whether US authorities have the legal clout to obtain the master encryption keys that Cloud Providers use to shield customer data.  However, it is crystal clear that the government wants this right.  As the ripple effect of the scandal continues, we find ourselves being asked by customers: how do we make sure our keys are protected so that we can make sure our data is protected?

Cloud Security is special because Cloud Economics are special: if anyone (whether a commercial interest or the government) can get master encryption keys, they can scan massive amounts of cloud-based information, without regard to who owns it, and without the effort needed to open specific backdoors to specific resources.

Actually, we should give the USA credit: the current debate going on in the US could not happen in many other places around the world. In America, PRISM is a scandal; in other places, it happens without comment and on the largest possible scale. As a famous example, think of the Great Chinese Firewall.

The juxtaposition that compliance with regulations like PCI DSS and HIPAA that require you to protect your data and the government now trying to access the same encryption keys brings us back to the question of control.

Take back control – own your master keys
The obvious answer to privacy concerns is to keep your private things private. If you do not want anyone reading your data, keep it at home under lock and key. But in today’s modern lifestyle, where the web – in both private life and commerce – has become ubiquitous, locking up your data takes on a whole new meaning.

Ideally, you want to use the Cloud freely and at the same time, totally maintain your privacy. The perfect solution would be to use all the solutions from Cloud providers, but keep the master cloud encryption keys for yourself.

You do need to be careful though: many Cloud Providers actually have little incentive to hand you back control, because they themselves gain commercial advantage from scanning your data – for example, for advertising. And Cloud Providers do obey the law, which means they can fight legally up to a point, but if the law is on the government’s side – they must comply and hand over your private information.

The bottom line is – the only entity that has your own best cloud privacy interests at heart – is you.  And yours is the only entity that should control your master cloud encryption keys.  Not the government.  Not the cloud providers.  Only you.

But . . . how?

Technology for good and bad
Technology does have solutions. Emerging technical approaches allow you to keep your master keys to yourself, while still using them to encrypt your cloud-based data. You can use the cloud and still stay in control (read this white paper for additional details).

Beyond the tech stuff, the wider lesson: technology can be used for good or not, and it’s up to you to get proactive and use the right technologies so you can use the Web and the Cloud to the full extent, while keeping your private data – private.

The post Master Cloud Encryption Keys: The Heat is On appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will detail these pain points and explain how cloud can address them.
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-centric compute for the most data-intensive applications. Hyperconverged systems already in place can be revitalized with vendor-agnostic, PCIe-deployed, disaggregated approach to composable, maximizing the value of previous investments.
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed how this same philosophy can be applied to highly scaled applications, and can dramatically increase your resilience to failure.
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by sharing information within the building and with outside city infrastructure via real time shared cloud capabilities.
As Cybric's Chief Technology Officer, Mike D. Kail is responsible for the strategic vision and technical direction of the platform. Prior to founding Cybric, Mike was Yahoo's CIO and SVP of Infrastructure, where he led the IT and Data Center functions for the company. He has more than 24 years of IT Operations experience with a focus on highly-scalable architectures.