Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Gilad Parann-Nissany

MySQL is probably the most popular open source database. While there is a wealth of discussion online for MySQL database encryption,doing it right in a cloud computing environment is tricky. The discussion here is quite long, and contains a lot of interesting details. So if you want a spoiler: it is possible to achieve true confidentiality for your MySQL database today; using the industry best practice which is split-key encryption. Here’s why. Cloud encryption for MySQL – Setting your goals Before talking tech, it’s actually essential to understand what your goals are, and then how they relate to the technical solution for your MySQL database. Sometimes it is hard to get transparency when it comes to what goals are achievable with different techniques. The classic goals of any information security solution are “CIA”, meaning Confidentiality: your data cannot be rea... (more)

Cloud Encryption and Process-Level Control

We recently received a request for help. An enterprise had been trying to secure their data on the “process level” and gotten into some difficulties. They asked us to jump in and help them out. What is a “process”? If you know a bit about software and operating systems (OS), you’ve heard about “processes”. Modern operating systems, such as Linux or Windows, will run your software applications inside separate processes. This is an OS technique for isolating different software. For example you can make sure that whatever your web server is doing – it cannot touch the memory of your ... (more)

Porticor Named 2012 Best Cloud Security Products Award Finalist

TEL AVIV, Israel – April 18, 2012 – Porticor®, the leading cloud data security company delivering the only cloud-based data encryption solution that infuses trust into the cloud by ensuring customer keys are never exposed, today announced that Network Products Guide, an industry leading technology research and advisory guide, has named the Porticor Virtual Private Data™ (Porticor VPD™) system as a finalist in the 7th Annual 2012 Hot Companies and Best Products Awards Program in the Cloud Security Product Category. Network Products Guide’s industry and peer awards honor achieveme... (more)

Cloud Encryption at The Application Level For Cloud Security And Full Compliance

It’s a common sense fact that a cloud encryption solution needs to fit the specifics of a requirement. Some scenarios need out-of-the-box solutions that require no changes to existing application code. Other scenarios demand changes to application code. A recent article by Ken Smith pointed out the limitations of out-of-the-box solutions, and militated for application-level code implementing cloud encryption solutions. Application-level solutions do have definite benefits for compliance requirements. If you want to be sure that cloud database administrators cannot read sensitive... (more)

Master Cloud Encryption Keys: The Heat Is On

Earlier this month, we discussed the effect of NSA Leaker, Edward Snowden and the Prism Scandal on the future of cloud security.  We asked (and answered) the question: What level of paranoia is justified in the wake of PRISM?  But it seems the scandal just grows and grows. We now hear that the Feds put heat on Web firms for master cloud encryption keys. It is unclear whether US authorities have the legal clout to obtain the master encryption keys that Cloud Providers use to shield customer data.  However, it is crystal clear that the government wants this right.  As the ripple ef... (more)