Cloud Key Management vs. Hardware-Based Key Managers
Cloud security is a top concern for any organization migrating to the cloud.
The threats are many.
For example, the fact your data resides in a shared, multi-tenant environment
is a threat that has become a reality with the latest Xen virtualization
bug, which allowed a malicious fully virtualized server to read data about
other virtualized systems running on the same physical hardware or the
Other threats to cloud security include internal employees and
The consensus is that data encryption is a critical first step to migrating
to the cloud; but in fact, encryption is the easy part. The real challenge
lies with the management of the encryption keys. Allowing your cloud provider
to encrypt your data and manage the encryption keys is as secure as parking
your car in a public parking... (more)
The US Federal Communications Commission has recently reported that "theft of
digital information has become the most commonly reported fraud, surpassing
physical theft." Businesses can do a lot to protect themselves. The FCC
issued a Tip Sheet for small businesses to promote employee security
training, firewalls, securing of WiFis, and more. But for business operating
in (or migrating to) cloud environments; data security, cloud computing
security issues, and challenges take on new meanings and require new
Security in the Cloud: Unique Challenges
In the cloud, data... (more)
Security Issues in Cloud Computing: Porticor’s AWS Experts Discuss
In a recent webinar, Porticor’s AWS cloud security experts took on the
security challenges companies face when migrating to AWS (and other IaaS
clouds) and offered alternatives that enable IT Directors to take advantage
of the cloud, while maintaining control of their data and its security.
Security Issues in Cloud Computing: Are you a TARGET?
We are all familiar with the infamous Target hack, which saw bad guys
accessing Target’s payment systems through access granted to an HVAC
subcontractor, and accessing paymen... (more)
Can You Own Your Public Cloud?
Public cloud computing is surging forward into healthcare, finance, and
utilities. Popular cloud based implementations run the gamut from big data
analysis to customer service applications, and everything in between. As more
and more sensitive data processing is done in the cloud, encryption of data
has become the obvious best practice. Google Compute Engine has provided data
encryption for some time; and in a recent interview, AWS’s CTO said
they’d like all data, or at least all sensitive business data, to be always
Encrypting data imm... (more)
By Lohit Mehta
Every organization should follow a proactive rather than a reactive approach
to protect against threats, risks, and vulnerabilities to which if their IT
infrastructure is exposed can lead to data loss, regulatory penalties,
lawsuits, and damaged reputation. Moving on the same lines, to reduce credit
card fraud via its exposure, a standard known as Payment Card Industry Data
Security Standard (PCI DSS) was formed.
Payment Card Industry Security Standards Council (PCI SSC) had developed a
standard known as PCI Data Security Standard (PCI DSS), which comprises... (more)