As the infrastructure cloud market (IaaS and PaaS) continues to grow rapidly,
we are seeing quite a few customers who are delivering an application –
whether it is a mission-critical or SaaS application – and basing their
solution on VMware.
Some of these are deploying VMware in their private data center, while others
are leveraging the cloud model and “renting” capacity from a public
VMware-based cloud provider. In a way, both of these scenarios are public: in
many of the cases the “private cloud” scenario serves users who belong to
different organizations, so from the user point of view the scenario is
“public”. As a result, these customers have many of the same security
concerns (see here for a deeper discussion of that point).
When considering deployment of a cloud encryption solution in these
environments, we have seen several options.
Cloud compliance is always a hot topic, but recent updates to the HIPAA and
PCI regulations, have further enhanced the need to clarify some important
points around cloud compliance and regulatory compliance. In this blog post,
I would like to address some issues as highlighted in the valuable PCI DSS
Cloud Computing Guidelines (available here), around compliance and
Infrastructure as a Service cloud computing. (While the trigger is the PCI
guideline, the discussion applies to HIPAA as well).
Your cloud type dictates the amount of control you have
First and foremost, the level of c... (more)
VMware is without a doubt a major platform for private as well as public
cloud deployments. But as in any other cloud-based system, data security, and
more specifically cloud encryption and key management are fundamental
Cloud key management and encryption requirements
We have found that external users have many of the same security
requirements, whether the cloud is public or private: from an external
user’s point of view, the differences between public and private clouds are
technical details, and the user requires the same guarantees from the
In pa... (more)
Product name – Porticor Virtual Private Data System
Key features – Porticor now implements partially homomorphic encryption
technology and split-key encryption so organizations can fully trust their
cloud data is secure and cannot be compromised while stored or being
accessed. More info.
The post Network World Product of the week 11.12.12 appeared first on
Porticor Cloud Security.
The new and enhanced HIPAA omnibus standard brings an interesting question
with regards to cloud security and the shared responsibility model in IaaS
clouds. Since the release of the HIPAA omnibus, we’ve received many
questions around “BAA” agreements, and how the responsibility split
actually happens between (for example) the cloud provider and an ISV
providing a healthcare application in an IaaS environment.
Cloud HIPAA compliance still requires a shared responsibility model
Without getting to the details of what a “Business Associate Agreement”
means, I’ll simply say that the u... (more)