Welcome!

@CloudExpo Authors: Carmen Gonzalez, Pat Romanski, Yeshim Deniz, Elizabeth White, Liz McMillan

Related Topics: @CloudExpo, Containers Expo Blog, Cloud Security

@CloudExpo: Blog Post

AWS Security Tips By @Porticor | @CloudExpo [#Cloud]

Find an encryption solution that uses the industry’s strongest algorithms, such as AES-256, to encrypt the data layer

AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt

In a recent interview at AWS re:Invent, the vice president of AWS security engineering and the chief information security officer of Amazon Web Services, Stephen Schmidt, had these cloud security tips for AWS customers:

1. Understand your part of the shared responsibility model

“It’s a shared responsibility. We are responsible for the bottom layer. We are responsible from the floor of the data center up to the hypervisor,” said Schmidt.

According to FierceCIO, this means that “deploying a cloud infrastructure doesn’t automatically release the enterprise from duty of managing their security. Indeed, there is certainly a lot of attack surface above the hypervisor that enterprises need to harden.”

Schmidt further warned that companies who are migrating from a hosting company may be at greatest risk of erring in the shared security model.

How can you make sure your company plays it safe? Read on for Schmidt’s insights.

encryption key management Cloud Key Management AWS security AWS Encryption  AWS security CISO AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt

2. Proper encryption is critical

When asked how companies can protect themselves, Schmidt says “They need to properly scope encryption [and] use encryption where it is available.”

According to another expert, BBC.com writer Paul Rubens, “Even if cloud service providers are infiltrated or compelled to disclose data, for example, whatever is encrypted will remain unreadable to unauthorized viewers as long as enterprises retain control of their encryption keys. Additionally, placing the focus on the data rather than on infrastructure helps ensure that data will remain safe even if hardware vulnerabilities are exploited.”

“Encryption is a vital component of a strong security posture for any size organization, and it should be a standard offering within the cloud,” Chris Cicotte, EMC CISSP VCP cloud architect/SP specialist, said. He added, “The threat landscape has already begun to evolve, and from an overall security perspective, we need to take a proactive approach by layering in technologies like encryption at every layer.”

Find an encryption solution that uses the industry’s strongest algorithms, such as AES-256, to encrypt the data layer. All projects (typically each project is an application) should be cryptographically separated from each other, and a secure protocol used to ensure trust among project instances.

Furthermore, ensure that backup snapshots and encrypted disks can be locked if the data is not in use.

3. Key management is key

Beyond encryption, Schmidt encourages businesses not to discount the importance of key management. “They need to make sure that they have a plan in place to rotate their credentials on Amazon. They are the keys to your interaction with us,” he said, using AWS as an example.

To maintain compliance with industry regulations like HIPAA, PCI DSS, and general data security, the industry’s premier solutions are a pair of innovations: split key encryption and homomorphic key management.

Ariel Dan, Co-Founder and EVP of Porticor Cloud Security added: “In cloud computing there’s a need for a split-knowledge approach. We believe that there’s a need for a sophisticated and cloud-based approach to encryption; for example using split key and homomorphic key management techniques. Split key encryption protects keys and guarantees they remain under customer control and are never exposed in storage; and with homomorphic key encryption, the keys are protected – even while they are in use.”

4. Limit employees’ permissions

In AWS and in enterprise IT departments in general, Schmidt recommends the minimum amount of permissions because “it just makes business sense.” He should know! His background includes over 6 years securing Amazon and a 10 year stint with the FBI before that.

Sources:

http://www.fiercecio.com/story/amazon-web-services-ciso-securing-cloud/2014-12-01

http://www.enterprisenetworkingplanet.com/netsecur/cloud-computing-demands-cloud-data-encryption.html

http://www.porticor.com/technology/

The post AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
Ivo Lukas is the Founder/CEO for 24Notion. 24Notion is the first integrated marketing/digital PR & lifestyle agency with special emphasis on giving back to the global communities. With a broad understanding the art of non- traditional marketing, new media, communications and social influence. 24Notion ranked #12 in Corporate Philanthropy nominated by Portland Business Journal Book of List.
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.
Mid-sized companies will be pleased with StorageCraft's low cost for this solution compared to others in the market. There are no startup fees, our solution has a predictable monthly cost, highly competitive pricing and offers ongoing value for our partners month after month. By enabling pooling and StorageCraft's 30-days of free virtualization the company removes several concerns surrounding machine size management and disaster recovery testing costs that add to the complexity of implementing a disaster recovery solution. In addition, their One-Click orchestration makes it simple to recover when needed, as all the work to setup a network and different connections is already complete.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a member of the Society of Information Management (SIM) Atlanta Chapter. She received a Business and Economics degree with a minor in Computer Science from St. Andrews Presbyterian University (Laurinburg, North Carolina). She resides in metro-Atlanta (Georgia).