Welcome!

@CloudExpo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Jason Bloomberg, Progress Blog

Related Topics: @CloudExpo, Microservices Expo, Microsoft Cloud, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Blog Feed Post

Five Cloud Encryption Tips

Encryption is one of the strongest security measures & its price-performance has become very attractive with the advent of cloud

A day doesn’t go by when we don’t hear about sensitive information being exposed or stolen. The culprits could be the government, professional hackers, careless employees with data on mobile devices, or internal employees with unauthorized access to data or unintentional release of data. It seems the wave of data breaches has gained momentum as data has moved from internal servers to the cloud; and access has gone mobile. Though the fact remains that there will be gaps in security, the goal of companies and IT departments should be to make those gaps as small and as difficult to take advantage of as possible.

Encryption has always been viewed as one of the strongest security measures, and its price-performance has become very attractive with the advent of cloud computing. This is because encryption is by far the best way to replace physical walls in the cloud.

Here are our top five cloud encryption tips (and we know a thing or two about encryption) to help protect your data:

1. Consider Encryption at rest, in use and in transit.
Data can be exposed when it is at rest in the cloud, on a virtual disk, in a cloud database, or in object storage. Eavesdropping may occur when data is being transmitted, perhaps from a user’s browser to your servers in the cloud, or between your cloud servers. Really nasty hackers may even try to gain access to your “root account” in a cloud server and look at the memory of your server while the data is being used and computation is going on. You should be aware of all these possibilities and choose solutions that address all of these risks.

2. Review your cloud encryption options and pick the strongest
Implementing encryption properly is tricky, and your best bet is to use a solution from the experts. Take a look at the encryption solutions available for your choice of cloud. Encryption is available for both private and public clouds – check the Amazon Marketplace, the VMware VSX, or whatever is appropriate for the cloud you are using. Whichever path you take, make sure the strongest encryption standards are used and regularly reviewed.

3. Define security responsibility
Many compliance regulations (like PCI and HIPAA) require data encryption at multiple touch points. That means it’s no longer the other guy’s (customer, provider, vendor, or all) problem, but yours. A full 39% of responses from the Ponemon Institute study hoped that if their cloud data was compromised the cloud provider would alert them – but actually it may be their own responsibility. More chillingly – yet realistically:42% said they wouldn’t know if their cloud server was hacked.

Taking responsibility for your data involves many precautions. Encryption in the cloud is one of the most important precautions, especially if you make sure to keep ownership of the encryption keys to yourself. As long as you own your encryption keys, you retain control of your data, even if bad things may happen.

4. Encrypt Encrypt 000000000 45 6E 63 72 79 70 74
Let’s just say that you’ve hardened the server from external hackers and they can’t access your data. That’s great! But, wait, what about internal employees?

What’s that you say? They are all trustworthy? Really? I bet that’s what Snowden’s boss thought too.

Trusting your employees is fine but it is best to be prepared for the worst, just in case. Choose STRONG encryption for your data to protect it from internal and external attacks, breaches, and theft. Only grant access to those who need it. Train them on how to deal with encrypted data, how to access it, where they can access it from, and have them follow the security procedures. Don’t forget to encrypt backups and snapshots. Encryption is especially great for maintaining control of multiple copies and backups – deleting the key for that particular data has the same effect as deleting all the copies, no matter where they have strayed.

5. Protect your keys
To give one key to the security vendor or cloud provider is to provide attackers one target to compromise. Strengthen your key security by using the strongest encryption key technology available, homomorphic key management. The technology provides two keys with an encrypted master given to the application/data owner, which stays encrypted while in-use. Even if the encrypted master is stolen the data still won’t be accessible.

Protecting your and your customer’s data is a part of doing business. Doing it wrong can hurt business and the bottom line. Put real procedures in place to protect the data and in-turn, the business. Preparing for the worst never seems necessary until it is necessary. After all, you don’t want to find out about a data breach to your data on the nightly news. Prepare and protect.

To find out more about cloud encryption tips and a white paper on key management click here.

The post 5 Cloud Encryption Tips appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
SYS-CON Events announced today that B2Cloud will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. B2Cloud specializes in IoT devices for preventive and predictive maintenance in any kind of equipment retrieving data like Energy consumption, working time, temperature, humidity, pressure, etc.
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, will discuss how data centers of the future will be managed, how th...
SYS-CON Events announced today that SIGMA Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. uLaser flow inspection device from the Japanese top share to Global Standard! Then, make the best use of data to flip to next page. For more information, visit http://www.sigma-k.co.jp/en/.
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
SYS-CON Events announced today that Suzuki Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Suzuki Inc. is a semiconductor-related business, including sales of consuming parts, parts repair, and maintenance for semiconductor manufacturing machines, etc. It is also a health care business providing experimental research for...
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp em...
Today companies are looking to achieve cloud-first digital agility to reduce time-to-market, optimize utilization of resources, and rapidly deliver disruptive business solutions. However, leveraging the benefits of cloud deployments can be complicated for companies with extensive legacy computing environments. In his session at 21st Cloud Expo, Craig Sproule, founder and CEO of Metavine, will outline the challenges enterprises face in migrating legacy solutions to the cloud. He will also prese...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Most of the time there is a lot of work involved to move to the cloud, and most of that isn't really related to AWS or Azure or Google Cloud. Before we talk about public cloud vendors and DevOps tools, there are usually several technical and non-technical challenges that are connected to it and that every company needs to solve to move to the cloud. In his session at 21st Cloud Expo, Stefano Bellasio, CEO and founder of Cloud Academy Inc., will discuss what the tools, disciplines, and cultural...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
Why Federal cloud? What is in Federal Clouds and integrations? This session will identify the process and the FedRAMP initiative. But is it sufficient? What is the remedy for keeping abreast of cutting-edge technology? In his session at 21st Cloud Expo, Rasananda Behera will examine the proposed solutions: Private or public or hybrid cloud Responsible governing bodies How can we accomplish?
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...