Welcome!

Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Cloud Computing, Virtualization Magazine, Infrastructure On Demand, Cloudonomics Journal, Memopal, Cloud Hosting & Service Providers Journal, Cloud Backup and Recovery Journal, Platform as a Service, CIO/CTO Update, Java in the Cloud

Blog Feed Post

Encrypted Cloud Storage – The Missing Piece

Cloud computing brings many advantages including elasticity, flexibility, and pay-per-use

Cloud computing brings many advantages including elasticity, flexibility, and pay-per-use. But when looking at cloud security, and specifically encrypted cloud storage the picture is much more complex.

Cloud security (in IaaS and PaaS scenarios) is a shared responsibility. The cloud provider is responsible for securing the datacenter premise, the virtualization layer, and the Host OS, but it is the cloud customer’s responsibility to secure the host OS, work with an encrypted cloud storage and secure the application level.

Encrypted Cloud Storage – The missing piece

The missing piece by shel silverstein

Cloud data security threats
Some aspects of securing virtual servers and storage are not dramatically different from securing a physical server and the same basic rules still apply.  Enforcing a strong access control policy, disabling unnecessary ports, and hardening the application layer are still valid and necessary actions when it comes to securing your virtual environment.

But in addition to traditional threats, new cloud-related threats should be considered as part of your security strategy. Shared compute resources, the “cloud insider” threat, malicious snapshotting of virtual disks and cloud hijacking are all new risks associated with the cloud. As a result, creating and maintaining an encryption policy and using encrypted cloud storage become must-have items in the cloud (we’ve discussed the new cloud security threats in depth in this blog).

In addition to the above threats, legal considerations such as the USA Patriot Act or the EU Data Protection directives are another aspect of managing responsibility and trust. Companies migrating their data to the cloud want to know that their data will not be exposed to unexpected or unwanted parties through court orders, and therefore, they are expected to think through issues around the Patriot Act and other legal frameworks.

Encrypted cloud storage should be a top priority
Encrypted cloud storage mitigates the above threats by keeping your data private at all times, but managing your keys in the cloud can be challenging unless a new approach to cloud key management is adopted. We at Porticor have taken a different approach to encrypted cloud storage and key management for the cloud. Our virtual key management system, which we often allude to as the Swiss Banker approach, enables you to securely maintain your keys in the cloud, while not compromising the security of your keys and your data. For further reading, please refer to our key management white paper.

To conclude; cloud security should include a blend of traditional security elements combined with “cloud-adjusted” security technologies. Encrypted cloud storage should be a key part of your cloud security strategy due to the new cloud threat vectors (but also due to regulations such as the Patriot Act).

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.