|By Gilad Parann-Nissany||
|June 26, 2014 11:00 AM EDT||
Strong data encryption is a critical line of defense against cyber criminals and spies. Amazon has always taken care of the front lines with their strong infrastructure with security mechanisms like multi-factor access control systems in AWS datacenters, availability zones, built-in firewalls, private subnets, etc.
Now, with the addition of Server Side Encryption with Customer-Provided Keys, Amazon protects the data you store with Amazon S3 server side encryption. Even better, Amazon encrypts your data using a key you provide; a key that is never stored by Amazon. Thus, they have successfully protected your data from prying eyes – even their own.
The result is that you no longer need to lose sleep over storing encryption keys with Amazon. You can easily encrypt your data with your own key. Thanks to Amazon, encrypting is easy and secure!
How do you manage your Amazon S3 encryption keys?
Herein lies the real issue now facing each of AWS’s customers. Amazon has provided you with an excellent arsenal: strong infrastructure, easy encryption. But your part of the shared responsibility model is to properly manage your encryption keys. You need:
- A way to randomly and securely generate Amazon S3 encryption keys
- A controlled system to store, manage, and retrieve the many keys required for each S3 object
- A system that ensures that keys are kept within your control; thus complying with regulations like HIPAA and PCI.
- A software-defined automated solution that eliminates the need for cumbersome, non-scalable, and expensive hardware security modules (HSMs)
AWS Encryption Key Management: What are the options?
You have three options when it comes to managing encryption keys for AWS.
1. Hardware security modules (HSMs)
HSMs are reasonably secure. To manage keys outside the cloud, an HSM is a great option. Unfortunately, in cloud scenarios, they have major drawbacks. First, being hardware based, they limit the benefits of the cloud, especially auto provisioning, orchestration and geographic dispersion. Also, they are far more expensive than software-defined solutions.
2. Cloud-based HSMs
Still based on hardware, cloud-based HSMs offer limited scaling and do not support auto-provisioning. Because they are complex systems, operational overhead is high, and involves up-front costs. Also, with cloud-based HSMs, you still deal with the problems of securing a key cache in the cloud and access credentials.
3. Software-defined key management
To work with your software-based cloud-computing scenario, the best option is a software-defined cloud key management system. Such a system enables you to consume key management as a service, while ensuring data security that is stronger than hardware. It can be automated with a RESTful API. Its benefits are much like those which prompted you to migrate to cloud storage: scalability, flexibility, and agility. Software-defined key management costs a fraction of hardware-based modules and is more effective at securing your cloud data. Furthermore, it is compliant with laws and industry regulations. Two examples for such systems are Porticor Cloud Security, and HP Atalla Cloud Encryption
Key Management for Amazon S3 Server Side Encryption
Amazon, one of the most customer-centric companies in the world, has developed a cloud computing system that is great for customers. They provide you with a safe place to put your data. Now, they even provide you with a way to protect the data you put there. The only thing they can’t do (and rightfully so) is protect that protection.
Managing the encryption keys remains your responsibility because it must be your responsibility to ensure the integrity and ownership of your data. If Amazon could manage the encryption keys for you, they would . . . but by doing so, they would puncture a hole in your security (and defy regulations like HIPAA and PCI).
Encryption key management remains solely your discretion and the only way to do it in a manner that is secure, compliant, and cost-effective is with software-defined key management.
For a detailed technical example and an implementation sample, see this post.
The post Amazon S3 Server Side Encryption & Software Defined Key Management appeared first on Porticor Cloud Security.
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...
Oct. 23, 2016 04:15 PM EDT Reads: 1,470
SYS-CON Events announced today that Coalfire will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, health...
Oct. 23, 2016 03:30 PM EDT Reads: 1,511
As ridesharing competitors and enhanced services increase, notable changes are occurring in the transportation model. Despite the cost-effective means and flexibility of ridesharing, both drivers and users will need to be aware of the connected environment and how it will impact the ridesharing experience. In his session at @ThingsExpo, Timothy Evavold, Executive Director Automotive at Covisint, will discuss key challenges and solutions to powering a ride sharing and/or multimodal model in the a...
Oct. 23, 2016 03:30 PM EDT Reads: 1,469
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, will contrast how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He will show the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He will also have live demos of building immutable pipe...
Oct. 23, 2016 03:15 PM EDT Reads: 1,531
A completely new computing platform is on the horizon. They’re called Microservers by some, ARM Servers by others, and sometimes even ARM-based Servers. No matter what you call them, Microservers will have a huge impact on the data center and on server computing in general. Although few people are familiar with Microservers today, their impact will be felt very soon. This is a new category of computing platform that is available today and is predicted to have triple-digit growth rates for some ...
Oct. 23, 2016 03:00 PM EDT Reads: 34,022
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Oct. 23, 2016 02:30 PM EDT Reads: 1,359
SYS-CON Events announced today that Transparent Cloud Computing (T-Cloud) Consortium will exhibit at the 19th International Cloud Expo®, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The Transparent Cloud Computing Consortium (T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data proces...
Oct. 23, 2016 02:15 PM EDT Reads: 1,315
SYS-CON Events announced today that Cemware will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Use MATLAB functions by just visiting website mathfreeon.com. MATLAB compatible, freely usable, online platform services. As of October 2016, 80,000 users from 180 countries are enjoying our platform service.
Oct. 23, 2016 02:15 PM EDT Reads: 766
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Oct. 23, 2016 02:00 PM EDT Reads: 4,439
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Oct. 23, 2016 01:00 PM EDT Reads: 1,780
Governments around the world are adopting Safe Harbor privacy provisions to protect customer data from leaving sovereign territories. Increasingly, global companies are required to create new instances of their server clusters in multiple countries to keep abreast of these new Safe Harbor laws. Is it worth it? In his session at 19th Cloud Expo, Adam Rogers, Managing Director of Anexia, Inc., will discuss how to keep your data legal and still stay in business.
Oct. 23, 2016 12:45 PM EDT Reads: 1,426
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
Oct. 23, 2016 12:45 PM EDT Reads: 972
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
Oct. 23, 2016 12:30 PM EDT Reads: 4,514
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
Oct. 23, 2016 12:00 PM EDT Reads: 8,354
@ThingsExpo has been named the Top 5 Most Influential M2M Brand by Onalytica in the ‘Machine to Machine: Top 100 Influencers and Brands.' Onalytica analyzed the online debate on M2M by looking at over 85,000 tweets to provide the most influential individuals and brands that drive the discussion. According to Onalytica the "analysis showed a very engaged community with a lot of interactive tweets. The M2M discussion seems to be more fragmented and driven by some of the major brands present in the...
Oct. 23, 2016 11:30 AM EDT Reads: 11,328
Successful transition from traditional IT to cloud computing requires three key ingredients: an IT architecture that allows companies to extend their internal best practices to the cloud, a cost point that allows economies of scale, and automated processes that manage risk exposure and maintain regulatory compliance with industry regulations (FFIEC, PCI-DSS, HIPAA, FISMA). The unique combination of VMware, the IBM Cloud, and Cloud Raxak, a 2016 Gartner Cool Vendor in IT Automation, provides a co...
Oct. 23, 2016 11:15 AM EDT Reads: 1,182
In the next forty months – just over three years – businesses will undergo extraordinary changes. The exponential growth of digitization and machine learning will see a step function change in how businesses create value, satisfy customers, and outperform their competition. In the next forty months companies will take the actions that will see them get to the next level of the game called Capitalism. Or they won’t – game over. The winners of today and tomorrow think differently, follow different...
Oct. 23, 2016 11:00 AM EDT Reads: 942
In an era of historic innovation fueled by unprecedented access to data and technology, the low cost and risk of entering new markets has leveled the playing field for business. Today, any ambitious innovator can easily introduce a new application or product that can reinvent business models and transform the client experience. In their Day 2 Keynote at 19th Cloud Expo, Mercer Rowe, IBM Vice President of Strategic Alliances, and Raejeanne Skillern, Intel Vice President of Data Center Group and ...
Oct. 23, 2016 10:30 AM EDT Reads: 1,464
"Avere Systems is a hybrid cloud solution provider. We have customers that want to use cloud storage and we have customers that want to take advantage of cloud compute," explained Rebecca Thompson, VP of Marketing at Avere Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Oct. 23, 2016 10:00 AM EDT Reads: 4,009
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Oct. 23, 2016 09:45 AM EDT Reads: 801