Welcome!

Every Cloud needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Gilad Parann-Nissany

As the infrastructure cloud market (IaaS and PaaS) continues to grow rapidly, we are seeing quite a few customers who are delivering an application – whether it is a mission-critical or SaaS application – and basing their solution on VMware. Some of these are deploying VMware in their private data center, while others are leveraging the cloud model and “renting” capacity from a public VMware-based cloud provider. In a way, both of these scenarios are public: in many of the cases the “private cloud” scenario serves users who belong to different organizations, so from the user point of view the scenario is “public”. As a result, these customers have many of the same security concerns (see here for a deeper discussion of that point). When considering deployment of a cloud encryption solution in these environments, we have seen several options. Physical solutions Phys... (more)

Cloud Compliance in IaaS Is Mainly Your Responsibility

Cloud compliance is always a hot topic, but recent updates to the HIPAA and PCI regulations, have further enhanced the need to clarify some important points around cloud compliance and regulatory compliance. In this blog post, I would like to address some issues as highlighted in the valuable PCI DSS Cloud Computing Guidelines (available here), around compliance and Infrastructure as a Service cloud computing. (While the trigger is the PCI guideline, the discussion applies to HIPAA as well). Your cloud type dictates the amount of control you have First and foremost, the level of c... (more)

Key Management and Encryption in VMware-Based Clouds

VMware is without a doubt a major platform for private as well as public cloud deployments. But as in any other cloud-based system, data security, and more specifically cloud encryption and key management are fundamental building blocks. Cloud key management and encryption requirements We have found that external users have many of the same security requirements, whether the cloud is public or private: from an external user’s point of view, the differences between public and private clouds are technical details, and the user requires the same guarantees from the provider. In pa... (more)

Network World Product of the week 11.12.12

          Product name – Porticor Virtual Private Data System Key features – Porticor now implements partially homomorphic encryption technology and split-key encryption so organizations can fully trust their cloud data is secure and cannot be compromised while stored or being accessed. More info. The post Network World Product of the week 11.12.12 appeared first on Porticor Cloud Security. ... (more)

Cloud Security and the Omnibus HIPAA

The new and enhanced HIPAA omnibus standard brings an interesting question with regards to cloud security and the shared responsibility model in IaaS clouds. Since the release of the HIPAA omnibus, we’ve received many questions around “BAA” agreements, and how the responsibility split actually happens between (for example) the cloud provider and an ISV providing a healthcare application in an IaaS environment. Cloud HIPAA compliance still requires a shared responsibility model Without getting to the details of what a “Business Associate Agreement” means, I’ll simply say that the u... (more)