Welcome!

Virtualization Authors: David Tishgart, Elizabeth White, Esmeralda Swartz, Pat Romanski, Marten Terpstra

Related Topics: Cloud Expo

Cloud Expo: Blog Feed Post

Cloud Compliance Starts with Split Knowledge

The truth about cloud encryption, split-knowledge and key splitting

The lack of ability to achieve compliance in a cloud environment is one of the main factors slowing or stopping enterprises from migrating to the cloud. But cloud advantages, specifically the significant flexibility, push more and more organizations to open up to the cloud and demand cloud security assurances from their cloud and service providers.

Cloud disaster recovery is 2013’s cloud poster child

One prime example for what seems to be a hot cloud trend in 2013 is cloud disaster recovery. The overwhelming cost of implementing and maintaining a live disaster recovery site, combined with the fact that cloud infrastructure is highly scalable and flexible (an enterprise may deploy its DR applications on a small virtual instance and automatically scale up once a disaster actually happens) will drive fast adoption of cloud disaster recovery in 2013. This is where cloud security kicks in. Sensitive and regulated data requires cloud security and compliance. But cloud security issues require a different approach.

The truth about cloud encryption, split-knowledge and key splitting

Data encryption is a critical requirement for cloud compliance, and most cloud providers are delivering data encryption in one form or another. Unfortunately, that’s far from enough. Cloud encryption provided by your cloud service is similar to leaving your safety deposit-box key with your banker – you lose control. Regulations such as PCI ,HIPAA and others, are relating to the issue of split-knowledge and require that regulated data will be secured by splitting a “secret” between at least two entities (for example the customer and the cloud provider). Going back to cloud encryption; the “secret” is the encryption keys which should somehow be split between the two parties securely.

Split-Key encryption is available today

Most encryption solution providers are still pitching yesterday’s pitch. They claim that key management cannot be done in-cloud, and requires an enterprise on-premise key management solution for true security. While such solution is indeed secure, it significantly reduces the cloud infrastructure flexibility, and forces an enterprise back to the data center with its key management server. But new cloud key-management technologies do exist. Porticor Cloud Security is one example.

Porticor’s Virtual Private Data system offers the convenience of cloud-based hosted key management without sacrificing trust by requiring someone else to manage the keys. Porticor uses split-key encryption technology, and simultaneously encrypts the key shares using homomorphic technology – even when they are in use, hence protecting the keys and guarantees they remain under customer control and are never exposed. To read more about Porticor click here for the white paper.

The post Cloud Compliance Starts with Split Knowledge appeared first on Porticor Cloud Security.

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.