Welcome!

@CloudExpo Authors: Elizabeth White, Yeshim Deniz, Ian Khan, Liz McMillan, Pat Romanski

Blog Feed Post

Can You Trust the Cloud?

Cloud Trust Cloud Security Cloud Encryption  trust cloud hand Can You Trust the Cloud?I am often asked by skeptics, cynics, doubters, and readers of sensational journalism if they can trust the cloud.  Sure, there have been data leaks, hacker intrusions, NSA spies, but can the cloud be trusted with your data?

YES

End of article.

Not really . . . yes, the cloud can definitely be trusted, but that doesn’t allow you to be foolish.  Metaphorically, you can trust your Volvo too – but you should still fasten your seat belt.  You are still responsible to protect yourself, and in the cloud computing scenario, that means that you are ultimately responsible to protect your data.  My advice is this:

Trust the cloud.  And take security measures to protect your data.

The level of security (in the form of cloud encryption) needed will depend on what you are planning to use the cloud for.

Individuals who want to securely store files on websites such as Dropbox or Google Docs need a minimal amount of security so that their information isn’t widely available. In recent years, the developers of these services added the necessary encryption to keep the average hacker out1.  

For those who want to power applications, databases or tools on a group of computers through the cloud, extra protection is needed since there are more entry points to protect. Companies that want to secure data in the cloud should work with a qualified cloud provider or cloud security vendor who will provide data encryption options to protect against internal and external threats as well as meet industry data privacy rules (PCI, HIPPA, etc.).

If you work with sensitive information that is protected by law or industry regulations, you require the highest level of protection. For example, companies in the healthcare industry must take care to encrypt private patient data in order to comply with HIPAA regulations2. Companies that accept credit card payments must comply with PCI regulations3.  For these companies, it is important to understand what the potential risks are and how to secure the data and adhere to the regulations.

So, which security measures should you take?

The CSA (Cloud Security Alliance) has identified a number of challenges to cloud computing security4:

  1. Data breaches – If a cloud service database isn’t designed properly, a hacker could get into customers’ data.
    Solution: Choose a cloud provider that allows maximum control over encryption keys.
  2. Data loss – A careless provider could lose data due to a hacker or natural disaster. This can be problematic for compliance with regulations as well as customer relations.
    Solution: Use encrypted backup where you control the encryption keys.
  3. Account or service traffic hijacking – If credentials are stolen, a hacker could carry out actions in the name of the company.
    Solution: Use two-factor authentication techniques wherever possible.
  4. Insecure interfaces and APIs – Third parties building on to existing APIs can weaken their security, especially if they require relinquishing of credentials. Solution: Understand the implications and risks of adding layers to APIs.
  5. Malicious insiders – If credentials are available to multiple employees within an organization, the company is susceptible to malicious insider attack. Solution: Keys should be available only at data-usage time.
  6. Cloud abuse – A hacker might use the cloud service in order to break a code he couldn’t get into on a standard computer. He might use it to propagate malware or share pirated software.
    Solution: Cloud providers must define abuse and determine how to identify it.
  7. Insufficient due diligence – Companies who don’t sufficiently understand the security issues inherent in cloud computing may unwittingly harm their own security.
    Solution: Allocation of resources for education and due diligence before getting started.
  8. Shared technology vulnerabilities – Cloud providers share platforms in order to save on costs, but this means that when one component is harmed, the others are vulnerable as well.
    Solution: a defensive, in-depth strategy, as well as monitoring.

 

That’s a lot of security measures!

It may seem safer just to stay out of the cloud, but for most businesses, this is likely to be impractical.  The cloud can handle a large amount of data at lower cost and increased flexibility.  Also, I would be remiss not to note that information stored on desktops is not necessarily secure either; hackers have been known to infiltrate data stored on physical computers and mobile devices as well.

 

Is there an easy way to protect myself?

Strong cloud encryption makes the cloud a safe environment for storing data (even for the most sensitive, regulated, protected data). Make sure to choose the level of encryption necessary for your data. If your company complies with HIPAA or PCI or handles customers’ private information, pick a cloud provider which uses split-key encryption (aka Homomorphic Key Encryption). This is a system which requires two keys to access data.  One key remains under your control as the owner of the data. When this master key is in use in the cloud, it is encrypted, thus ensuring that the cloud provider doesn’t have access to your data and neither does anyone who attempts to hack in. This will ensure safety in the cloud.

This is why I say that you can completely trust the cloud.  If you take the proper steps to protect yourself (a split-key seat belt, if you will), the cloud is not a menacing, dangerous place to store data.  It is, in fact: scalable, flexible, cost-effective, and a great solution, which can (and should!) be safe and secure.

The post Can You Trust the Cloud? appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
SYS-CON Events announced today that Interface Masters Technologies, a leader in Network Visibility and Uptime Solutions, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Interface Masters Technologies is a leading vendor in the network monitoring and high speed networking markets. Based in the heart of Silicon Valley, Interface Masters' expertise lies in Gigabit, 10 Gigabit and 40 Gigabit Eth...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lea...
SYS-CON Events announced today that Sheng Liang to Keynote at SYS-CON's 19th Cloud Expo, which will take place on November 1-3, 2016 at the Santa Clara Convention Center in Santa Clara, California.
In his session at @ThingsExpo, Kausik Sridharabalan, founder and CTO of Pulzze Systems, Inc., will focus on key challenges in building an Internet of Things solution infrastructure. He will shed light on efficient ways of defining interactions within IoT solutions, leading to cost and time reduction. He will also introduce ways to handle data and how one can develop IoT solutions that are lean, flexible and configurable, thus making IoT infrastructure agile and scalable.
Just over a week ago I received a long and loud sustained applause for a presentation I delivered at this year’s Cloud Expo in Santa Clara. I was extremely pleased with the turnout and had some very good conversations with many of the attendees. Over the next few days I had many more meaningful conversations and was not only happy with the results but also learned a few new things. Here is everything I learned in those three days distilled into three short points.
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, provided tips on how to be successful in large scale machine learning...
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, will discuss recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model f...
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service. In his session at 19th Cloud Exp...
Digitization is driving a fundamental change in society that is transforming the way businesses work with their customers, their supply chains and their people. Digital transformation leverages DevOps best practices, such as Agile Parallel Development, Continuous Delivery and Agile Operations to capitalize on opportunities and create competitive differentiation in the application economy. However, information security has been notably absent from the DevOps movement. Speed doesn’t have to negat...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports. The session will include a working demo and a technical d...
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
Your business relies on your applications and your employees to stay in business. Whether you develop apps or manage business critical apps that help fuel your business, what happens when users experience sluggish performance? You and all technical teams across the organization – application, network, operations, among others, as well as, those outside the organization, like ISPs and third-party providers – are called in to solve the problem.
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
Digital transformation is too big and important for our future success to not understand the rules that apply to it. The first three rules for winning in this age of hyper-digital transformation are: Advantages in speed, analytics and operational tempos must be captured by implementing an optimized information logistics system (OILS) Real-time operational tempos (IT, people and business processes) must be achieved Businesses that can "analyze data and act and with speed" will dominate those t...
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone. Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Adobe is changing the world though digital experiences. Adobe helps customers develop and deliver high-impact experiences that differentiate brands, build loyalty, and drive revenue across every screen, including smartphones, computers, tablets and TVs. Adobe content solutions are used daily by millions of companies worldwide-from publishers and broadcasters, to enterprises, marketing agencies and household-name brands. Building on its established design leadership, Adobe enables customers not o...