Welcome!

Cloud Expo Authors: Pat Romanski, Shelly Palmer, Carmen Gonzalez, Dana Gardner, Roger Strukhoff

Blog Feed Post

Amazon S3 Server Side Encryption & Software Defined Key Management

encryption key management Cloud Key Management AWS security AWS Encryption  amazon s3 server side encryption Amazon S3 Server Side Encryption & Software Defined Key ManagementStrong data encryption is a critical line of defense against cyber criminals and spies. Amazon has always taken care of the front lines with their strong infrastructure with security mechanisms like multi-factor access control systems in AWS datacenters, availability zones, built-in firewalls, private subnets, etc.

Now, with the addition of Server Side Encryption with Customer-Provided Keys, Amazon protects the data you store with Amazon S3 server side encryption. Even better, Amazon encrypts your data using a key you provide; a key that is never stored by Amazon. Thus, they have successfully protected your data from prying eyes – even their own.

The result is that you no longer need to lose sleep over storing encryption keys with Amazon. You can easily encrypt your data with your own key. Thanks to Amazon, encrypting is easy and secure!

How do you manage your Amazon S3 encryption keys?

Herein lies the real issue now facing each of AWS’s customers. Amazon has provided you with an excellent arsenal: strong infrastructure, easy encryption. But your part of the shared responsibility model is to properly manage your encryption keys. You need:

  • A way to randomly and securely generate Amazon S3 encryption keys
  • A controlled system to store, manage, and retrieve the many keys required for each S3 object
  • A system that ensures that keys are kept within your control; thus complying with regulations like HIPAA and PCI.
  • A software-defined automated solution that eliminates the need for cumbersome, non-scalable, and expensive hardware security modules (HSMs)

AWS Encryption Key Management: What are the options?

You have three options when it comes to managing encryption keys for AWS.

1.       Hardware security modules (HSMs)

HSMs are reasonably secure. To manage keys outside the cloud, an HSM is a great option. Unfortunately, in cloud scenarios, they have major drawbacks. First, being hardware based, they limit the benefits of the cloud, especially auto provisioning, orchestration and geographic dispersion. Also, they are far more expensive than software-defined solutions.

2.       Cloud-based HSMs

Still based on hardware, cloud-based HSMs offer limited scaling and do not support auto-provisioning. Because they are complex systems, operational overhead is high, and involves up-front costs. Also, with cloud-based HSMs, you still deal with the problems of securing a key cache in the cloud and access credentials.

3.       Software-defined key management

To work with your software-based cloud-computing scenario, the best option is a software-defined cloud key management system. Such a system enables you to consume key management as a service, while ensuring data security that is stronger than hardware. It can be automated with a RESTful API. Its benefits are much like those which prompted you to migrate to cloud storage: scalability, flexibility, and agility. Software-defined key management costs a fraction of hardware-based modules and is more effective at securing your cloud data. Furthermore, it is compliant with laws and industry regulations. Two examples for such systems are Porticor Cloud Security, and HP Atalla Cloud Encryption

Key Management for Amazon S3 Server Side Encryption

Amazon, one of the most customer-centric companies in the world, has developed a cloud computing system that is great for customers. They provide you with a safe place to put your data. Now, they even provide you with a way to protect the data you put there. The only thing they can’t do (and rightfully so) is protect that protection.

Managing the encryption keys remains your responsibility because it must be your responsibility to ensure the integrity and ownership of your data. If Amazon could manage the encryption keys for you, they would . . . but by doing so, they would puncture a hole in your security (and defy regulations like HIPAA and PCI).

Encryption key management remains solely your discretion and the only way to do it in a manner that is secure, compliant, and cost-effective is with software-defined key management.

For a detailed technical example and an implementation sample, see this post.

The post Amazon S3 Server Side Encryption & Software Defined Key Management appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@CloudExpo Stories
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In their General Session at 15th Cloud Expo, Phil Jackson, Development Community Advocate at SoftLayer, and Harold Hannon, Sr. Software Architect at SoftLayer, to discuss how to take advantage of a multitude of compute option...
Come learn about what you need to consider when moving your data to the cloud. In her session at 15th Cloud Expo, Skyla Loomis, a Program Director of Cloudant Development at Cloudant, will discuss the security, performance, and operational implications of keeping your data on premise, moving it to the cloud, or taking a hybrid approach. She will use real customer examples to illustrate the tradeoffs, key decision points, and how to be successful with a cloud or hybrid cloud solution.
In today's application economy, enterprise organizations realize that it's their applications that are the heart and soul of their business. If their application users have a bad experience, their revenue and reputation are at stake. In his session at 15th Cloud Expo, Anand Akela, Senior Director of Product Marketing for Application Performance Management at CA Technologies, will discuss how a user-centric Application Performance Management solution can help inspire your users with every appli...
With the explosion of the cloud, more businesses are transitioning to a recurring revenue model to generate reliable sales, grow profits, and open new markets. This opportunity requires businesses to get to market quickly with the pricing and packaging options customers want. In addition, you will want to take advantage of the ensuing tidal wave of data to more effectively upsell, cross-sell and manage your customers. All of this is possible, but only with the right approach. At 15th Cloud Exp...
Planning scalable environments isn't terribly difficult, but it does require a change of perspective. In his session at 15th Cloud Expo, Phil Jackson, Development Community Advocate for SoftLayer, will broaden your views to think on an Internet scale by dissecting a video publishing application built with The SoftLayer Platform, Message Queuing, Object Storage, and Drupal. By examining a scalable modular application build that can handle unpredictable traffic, attendees will able to grow your de...
The cloud provides an easy onramp to building and deploying Big Data solutions. Transitioning from initial deployment to large-scale, highly performant operations may not be as easy. In his session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, will discuss the benefits, weaknesses, and performance characteristics of public and bare metal cloud deployments that can help you make the right decisions.
Over the last few years the healthcare ecosystem has revolved around innovations in Electronic Health Record (HER) based systems. This evolution has helped us achieve much desired interoperability. Now the focus is shifting to other equally important aspects – scalability and performance. While applying cloud computing environments to the EHR systems, a special consideration needs to be given to the cloud enablement of Veterans Health Information Systems and Technology Architecture (VistA), i.e....
Cloud and Big Data present unique dilemmas: embracing the benefits of these new technologies while maintaining the security of your organization’s assets. When an outside party owns, controls and manages your infrastructure and computational resources, how can you be assured that sensitive data remains private and secure? How do you best protect data in mixed use cloud and big data infrastructure sets? Can you still satisfy the full range of reporting, compliance and regulatory requirements? I...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using...
Is your organization struggling to deal with skyrocketing volumes of digital assets? The amount of data is growing exponentially and organizations are having a hard time managing this growth. In his session at 15th Cloud Expo, Amar Kapadia, Senior Director of Open Cloud Strategy at Seagate, will walk through the essential considerations when developing a cloud storage strategy. In this discussion, you will understand the challenges IT is facing, why companies need to move to cloud, and how the...
If cloud computing benefits are so clear, why have so few enterprises migrated their mission-critical apps? The answer is often inertia and FUD. No one ever got fired for not moving to the cloud – not yet. In his session at 15th Cloud Expo, Michael Hoch, SVP, Cloud Advisory Service at Virtustream, will discuss the six key steps to justify and execute your MCA cloud migration.
The 16th International Cloud Expo announces that its Call for Papers is now open. 16th International Cloud Expo, to be held June 9–11, 2015, at the Javits Center in New York City brings together Cloud Computing, APM, APIs, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speak...
Most of today’s hardware manufacturers are building servers with at least one SATA Port, but not every systems engineer utilizes them. This is considered a loss in the game of maximizing potential storage space in a fixed unit. The SATADOM Series was created by Innodisk as a high-performance, small form factor boot drive with low power consumption to be plugged into the unused SATA port on your server board as an alternative to hard drive or USB boot-up. Built for 1U systems, this powerful devic...
SYS-CON Events announced today that Gridstore™, the leader in software-defined storage (SDS) purpose-built for Windows Servers and Hyper-V, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Gridstore™ is the leader in software-defined storage purpose built for virtualization that is designed to accelerate applications in virtualized environments. Using its patented Server-Side Virtual C...
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, has been named “Bronze Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Cloudian is a Foster City, Calif.-based software company specializing in cloud storage. Cloudian HyperStore® is an S3-compatible cloud object storage platform that enables service providers and enterprises to bui...
SYS-CON Events announced today that TechXtend (formerly Programmer’s Paradise), a leading value-added provider of server and storage virtualization, and r-evolution will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. TechXtend (formerly Programmer’s Paradise) is a leading value-added provider of software, systems and solutions for corporations, government organizations, and academic instit...
Every healthy ecosystem is diverse. This is especially true in cloud ecosystems, where portability and interoperability are more important than old enterprise models of proprietary ownership. In his session at 15th Cloud Expo, Mark Baker, Server Product Manager at Canonical/Ubuntu, will discuss how single vendors used to take the lead in creating and delivering technology, but in a cloud economy, where users want tools of their preference, when and where they need them, it makes no sense.
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, will discuss this shifting dynamic with ...
The emergence of cloud computing and Big Data warrants a greater role for the PMO to successfully manage enterprise transformation driven by these powerful trends. As the adoption of cloud-based services continues to grow, a governance model is needed to orchestrate enterprise cloud implementations and harness the power of Big Data analytics. In his session at 15th Cloud Expo, Mahesh Singh, President of BigData, Inc., to discuss how the Enterprise PMO takes center stage not only in developing th...
Cloud computing started a technology revolution; now DevOps is driving that revolution forward. By enabling new approaches to service delivery, cloud and DevOps together are delivering even greater speed, agility, and efficiency. No wonder leading innovators are adopting DevOps and cloud together! In his session at DevOps Summit, Andi Mann, Vice President of Strategic Solutions at CA Technologies, will explore the synergies in these two approaches, with practical tips, techniques, research dat...