Welcome!

@CloudExpo Authors: Yeshim Deniz, Pat Romanski, Elizabeth White, Zakia Bouachraoui, Liz McMillan

Related Topics: @CloudExpo, Containers Expo Blog, Cloud Security

@CloudExpo: Blog Post

AWS Security Tips By @Porticor | @CloudExpo [#Cloud]

Find an encryption solution that uses the industry’s strongest algorithms, such as AES-256, to encrypt the data layer

AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt

In a recent interview at AWS re:Invent, the vice president of AWS security engineering and the chief information security officer of Amazon Web Services, Stephen Schmidt, had these cloud security tips for AWS customers:

1. Understand your part of the shared responsibility model

“It’s a shared responsibility. We are responsible for the bottom layer. We are responsible from the floor of the data center up to the hypervisor,” said Schmidt.

According to FierceCIO, this means that “deploying a cloud infrastructure doesn’t automatically release the enterprise from duty of managing their security. Indeed, there is certainly a lot of attack surface above the hypervisor that enterprises need to harden.”

Schmidt further warned that companies who are migrating from a hosting company may be at greatest risk of erring in the shared security model.

How can you make sure your company plays it safe? Read on for Schmidt’s insights.

encryption key management Cloud Key Management AWS security AWS Encryption  AWS security CISO AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt

2. Proper encryption is critical

When asked how companies can protect themselves, Schmidt says “They need to properly scope encryption [and] use encryption where it is available.”

According to another expert, BBC.com writer Paul Rubens, “Even if cloud service providers are infiltrated or compelled to disclose data, for example, whatever is encrypted will remain unreadable to unauthorized viewers as long as enterprises retain control of their encryption keys. Additionally, placing the focus on the data rather than on infrastructure helps ensure that data will remain safe even if hardware vulnerabilities are exploited.”

“Encryption is a vital component of a strong security posture for any size organization, and it should be a standard offering within the cloud,” Chris Cicotte, EMC CISSP VCP cloud architect/SP specialist, said. He added, “The threat landscape has already begun to evolve, and from an overall security perspective, we need to take a proactive approach by layering in technologies like encryption at every layer.”

Find an encryption solution that uses the industry’s strongest algorithms, such as AES-256, to encrypt the data layer. All projects (typically each project is an application) should be cryptographically separated from each other, and a secure protocol used to ensure trust among project instances.

Furthermore, ensure that backup snapshots and encrypted disks can be locked if the data is not in use.

3. Key management is key

Beyond encryption, Schmidt encourages businesses not to discount the importance of key management. “They need to make sure that they have a plan in place to rotate their credentials on Amazon. They are the keys to your interaction with us,” he said, using AWS as an example.

To maintain compliance with industry regulations like HIPAA, PCI DSS, and general data security, the industry’s premier solutions are a pair of innovations: split key encryption and homomorphic key management.

Ariel Dan, Co-Founder and EVP of Porticor Cloud Security added: “In cloud computing there’s a need for a split-knowledge approach. We believe that there’s a need for a sophisticated and cloud-based approach to encryption; for example using split key and homomorphic key management techniques. Split key encryption protects keys and guarantees they remain under customer control and are never exposed in storage; and with homomorphic key encryption, the keys are protected – even while they are in use.”

4. Limit employees’ permissions

In AWS and in enterprise IT departments in general, Schmidt recommends the minimum amount of permissions because “it just makes business sense.” He should know! His background includes over 6 years securing Amazon and a 10 year stint with the FBI before that.

Sources:

http://www.fiercecio.com/story/amazon-web-services-ciso-securing-cloud/2014-12-01

http://www.enterprisenetworkingplanet.com/netsecur/cloud-computing-demands-cloud-data-encryption.html

http://www.porticor.com/technology/

The post AWS Security Tips from Amazon Web Services CISO, Stephen Schmidt appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

CloudEXPO Stories
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
On-premise or off, you have powerful tools available to maximize the value of your infrastructure and you demand more visibility and operational control. Fortunately, data center management tools keep a vigil on memory contestation, power, thermal consumption, server health, and utilization, allowing better control no matter your cloud's shape. In this session, learn how Intel software tools enable real-time monitoring and precise management to lower operational costs and optimize infrastructure for today even as you're forecasting for tomorrow.
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical Infrastructure as a Service cloud provider but it's been designed around data privacy," explained Julian Box, CEO and co-founder of Calligo, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leading global enterprises use Isomorphic technology to reduce costs and improve productivity, developing & deploying sophisticated business applications with unprecedented ease and simplicity.
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.