The US Federal Communications Commission has recently reported that "theft of
digital information has become the most commonly reported fraud, surpassing
physical theft." Businesses can do a lot to protect themselves. The FCC
issued a Tip Sheet for small businesses to promote employee security
training, firewalls, securing of WiFis, and more. But for business operating
in (or migrating to) cloud environments; data security, cloud computing
security issues, and challenges take on new meanings and require new
Security in the Cloud: Unique Challenges
In the cloud, data security poses new risks and challenges. We are no longer
concerned just with burglars breaking into our offices to steal computers,
but rather with the data belonging to complete systems deployed to the cloud.
When using public cloud infrastructure like that of AWS, VMware, Microsoft
More and more enterprises now rent space or servers on the cloud to store
data. However, the fact that such data remains outside the ambit of the
enterprise’s security system and invisible to the enterprise poses a
serious security headache.
Porticor Virtual Private Data, an Israeli based start-up now offers
technology that allows organizations to encrypt data held in the cloud.
The service, which includes a Virtual Appliance and an agent software, offers
standard AES 256 or Blowfish encryption that has a maximum key length of 2048
bits. A unique “split-key” method adds to the secu... (more)
The new and enhanced HIPAA omnibus standard brings an interesting question
with regards to cloud security and the shared responsibility model in IaaS
clouds. Since the release of the HIPAA omnibus, we’ve received many
questions around “BAA” agreements, and how the responsibility split
actually happens between (for example) the cloud provider and an ISV
providing a healthcare application in an IaaS environment.
Cloud HIPAA compliance still requires a shared responsibility model
Without getting to the details of what a “Business Associate Agreement”
means, I’ll simply say that the u... (more)
As the infrastructure cloud market (IaaS and PaaS) continues to grow rapidly,
we are seeing quite a few customers who are delivering an application –
whether it is a mission-critical or SaaS application – and basing their
solution on VMware.
Some of these are deploying VMware in their private data center, while others
are leveraging the cloud model and “renting” capacity from a public
VMware-based cloud provider. In a way, both of these scenarios are public: in
many of the cases the “private cloud” scenario serves users who belong to
different organizations, so from the user poi... (more)
By John Sotiropoulos - In my previous post (Cloud Data, Security, Privacy &
Confidentiality/ The ISV Perspective) I talked about the increasing exposure
of data, the changing landscape of data confidentiality and the need to
shield data rather than retreat into – largely mythical -“safe
heavens” of on premise. When storing data in the cloud, key management
becomes a critical aspect of data confidentiality and a new crop of vendors
are beginning to emerge simplifying encryption and key management.
Having looked at most of the new crop of cloud encryption vendors, we
liked Port... (more)