Welcome!

@CloudExpo Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Greg Schulz, AppNeta Blog

Blog Feed Post

Can You Trust the Cloud?

Cloud Trust Cloud Security Cloud Encryption  trust cloud hand Can You Trust the Cloud?I am often asked by skeptics, cynics, doubters, and readers of sensational journalism if they can trust the cloud.  Sure, there have been data leaks, hacker intrusions, NSA spies, but can the cloud be trusted with your data?

YES

End of article.

Not really . . . yes, the cloud can definitely be trusted, but that doesn’t allow you to be foolish.  Metaphorically, you can trust your Volvo too – but you should still fasten your seat belt.  You are still responsible to protect yourself, and in the cloud computing scenario, that means that you are ultimately responsible to protect your data.  My advice is this:

Trust the cloud.  And take security measures to protect your data.

The level of security (in the form of cloud encryption) needed will depend on what you are planning to use the cloud for.

Individuals who want to securely store files on websites such as Dropbox or Google Docs need a minimal amount of security so that their information isn’t widely available. In recent years, the developers of these services added the necessary encryption to keep the average hacker out1.  

For those who want to power applications, databases or tools on a group of computers through the cloud, extra protection is needed since there are more entry points to protect. Companies that want to secure data in the cloud should work with a qualified cloud provider or cloud security vendor who will provide data encryption options to protect against internal and external threats as well as meet industry data privacy rules (PCI, HIPPA, etc.).

If you work with sensitive information that is protected by law or industry regulations, you require the highest level of protection. For example, companies in the healthcare industry must take care to encrypt private patient data in order to comply with HIPAA regulations2. Companies that accept credit card payments must comply with PCI regulations3.  For these companies, it is important to understand what the potential risks are and how to secure the data and adhere to the regulations.

So, which security measures should you take?

The CSA (Cloud Security Alliance) has identified a number of challenges to cloud computing security4:

  1. Data breaches – If a cloud service database isn’t designed properly, a hacker could get into customers’ data.
    Solution: Choose a cloud provider that allows maximum control over encryption keys.
  2. Data loss – A careless provider could lose data due to a hacker or natural disaster. This can be problematic for compliance with regulations as well as customer relations.
    Solution: Use encrypted backup where you control the encryption keys.
  3. Account or service traffic hijacking – If credentials are stolen, a hacker could carry out actions in the name of the company.
    Solution: Use two-factor authentication techniques wherever possible.
  4. Insecure interfaces and APIs – Third parties building on to existing APIs can weaken their security, especially if they require relinquishing of credentials. Solution: Understand the implications and risks of adding layers to APIs.
  5. Malicious insiders – If credentials are available to multiple employees within an organization, the company is susceptible to malicious insider attack. Solution: Keys should be available only at data-usage time.
  6. Cloud abuse – A hacker might use the cloud service in order to break a code he couldn’t get into on a standard computer. He might use it to propagate malware or share pirated software.
    Solution: Cloud providers must define abuse and determine how to identify it.
  7. Insufficient due diligence – Companies who don’t sufficiently understand the security issues inherent in cloud computing may unwittingly harm their own security.
    Solution: Allocation of resources for education and due diligence before getting started.
  8. Shared technology vulnerabilities – Cloud providers share platforms in order to save on costs, but this means that when one component is harmed, the others are vulnerable as well.
    Solution: a defensive, in-depth strategy, as well as monitoring.

 

That’s a lot of security measures!

It may seem safer just to stay out of the cloud, but for most businesses, this is likely to be impractical.  The cloud can handle a large amount of data at lower cost and increased flexibility.  Also, I would be remiss not to note that information stored on desktops is not necessarily secure either; hackers have been known to infiltrate data stored on physical computers and mobile devices as well.

 

Is there an easy way to protect myself?

Strong cloud encryption makes the cloud a safe environment for storing data (even for the most sensitive, regulated, protected data). Make sure to choose the level of encryption necessary for your data. If your company complies with HIPAA or PCI or handles customers’ private information, pick a cloud provider which uses split-key encryption (aka Homomorphic Key Encryption). This is a system which requires two keys to access data.  One key remains under your control as the owner of the data. When this master key is in use in the cloud, it is encrypted, thus ensuring that the cloud provider doesn’t have access to your data and neither does anyone who attempts to hack in. This will ensure safety in the cloud.

This is why I say that you can completely trust the cloud.  If you take the proper steps to protect yourself (a split-key seat belt, if you will), the cloud is not a menacing, dangerous place to store data.  It is, in fact: scalable, flexible, cost-effective, and a great solution, which can (and should!) be safe and secure.

The post Can You Trust the Cloud? appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
Some people worry that OpenStack is more flash then substance; however, for many customers this could not be farther from the truth. No other technology equalizes the playing field between vendors while giving your internal teams better access than ever to infrastructure when they need it. In his session at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will talk through some real-world OpenStack deployments and look into the ways this can benefit customers of all sizes....
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infrastructure through automation. Ayehu solutions have been deployed by major enterprises worldwide, and currently, support thousands of IT processes across the globe. The company has offices in New York, California, and Isr...
Zerto exhibited at SYS-CON's 18th International Cloud Expo®, which took place at the Javits Center in New York City, NY, in June 2016. Zerto is committed to keeping enterprise and cloud IT running 24/7 by providing innovative, simple, reliable and scalable business continuity software solutions. Through the Zerto Cloud Continuity Platform™, organizations can seamlessly move and protect virtualized workloads between public, private and hybrid clouds. The company’s flagship product, Zerto Virtual...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said "No to LUNs." With Tintri they manage only virtual machines, in a fraction of the footprint and at far lower cost than conventional storage. Tintri offers the choice of all-flash or hybrid-flash platform, converged or stand-alone structure and any hypervisor. Rather than obsess with storage, leaders focus on the business app...
Addteq is one of the top 10 Platinum Atlassian Experts who specialize in DevOps, custom and continuous integration, automation, plugin development, and consulting for midsize and global firms. Addteq firmly believes that automation is essential for successful software releases. Addteq centers its products and services around this fundamentally unique approach to delivering complete software release management solutions. With a combination of Addteq's services and our extensive list of partners,...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain.
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
Have you ever noticed how some IT people seem to lead successful, rewarding, and satisfying lives and careers, while others struggle? IT author and speaker Don Crawley uncovered the five principles that successful IT people use to build satisfying lives and careers and he shares them in this fast-paced, thought-provoking webinar. You'll learn the importance of striking a balance with technical skills and people skills, challenge your pre-existing ideas about IT customer service, and gain new in...
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed ...