Click here to close now.

Welcome!

@ContainersExpo Blog Authors: Elizabeth White, Yeshim Deniz, Carmen Gonzalez, David Sprott, Liz McMillan

Blog Feed Post

Living with Spies in the Cloud: Protecting Your Privacy with Cloud Encryption

 

NSA Cloud Security Cloud Privacy Cloud Encryption  NSA Living with Spies in the Cloud: Protecting Your Privacy with Cloud Encryption

NSA and Cloud Encryption

The firestorm in the press, driven by the Snowden revelations, keeps growing. As the astonishing leaks get published, we discover that the USA’s National Security Agency (NSA) has a full-fledged program in place, spending hundreds of millions of dollars, to tap into Internet communications and get around the encryption that protects data on the internet.

Both laymen and experts are far from calm. The scandal is both a crisis of public trust in the government, and a technical challenge for the security industry. Technology businesses are worried about the possible fall out to trust, adoption and dollar revenues.

So can we live with it, and how?

What can you trust?

The cautious assessment of experts is that the math underlying modern cryptography remains trustworthy. This is important: it means that the techniques, like AES, that underlie the encryption of data on the internet, are good ones. There are speculations to the contrary, but the main verified information is that the NSA gets around these mathematical techniques instead of breaking them directly. Several ways to get around the math:

  • Steal the keys – any encryption standard is only as good as the key to the encryption; if the keys are stolen, messages can be deciphered and read
  • Influence large corporations to hand over the keys used by their customer base
  • Influence large corporations to code back-doors into their implementations of the math, which are then in unwitting use by companies and consumers

Do I really care?

Suppose you do have sensitive data – personal health information, financial data, intellectual property, or personal information of any kind – should you be worried?

The approach taken by the NSA can be likened to a very wide fish net. They try to tap into everything – all of the emails from everyone, all of the instant messages from everyone, all of the online phone calls from everyone, all of the data stored by everyone. After collecting as much as possible, they have software that sifts through these masses of data, and tries to find the things of real interest. This may be an email between terrorists or drug dealers.

This does mean that your personal email was caught by that wide fish net too. It was then discarded as too boring, by the software that sifts through all the data. Problem is, big government really is big, and it seems that the data collected by the NSA is finding its way to many other branches of government. Tax collectors? Local police? Some of this has already been verified (e.g. the IRS) and some of it can be speculated. The NSA may think you are boring, but does the IRS?

The economics of self-knowledge

Know thyself. If you are on a target list by the NSA (or any other big government), then you are worth their time. This means they may spend the time to hack your computers and steal your keys and your data. They may even spend the time to break into your office or home, and bug your computer. If you are on a target list by the NSA – this post is not for you. As I sarcastically suggested in a recent post, your best bet is to get a safe house in Pakistan.

For the rest of us, the key lies in breaking the economics of surveillance. The wide fish net works well, because it makes economic sense – it is very cheap to grab everyone and only later sift through the information. The key to your personal privacy is to raise the cost of grabbing your private data.

This can be achieved in a cost effective way. As mentioned above, the math behind modern encryption is still pretty good. To make use of that fact, you should use an encryption solution built specifically for the cloud, using encryption code that has been extensively reviewed by a large number of people, and you should make sure that the encryption keys are under your control.

One main reason that the NSA approach has been so scarily effective, is that your encryption keys are usually controlled and owned by big cloud providers. The NSA needs to get the keys only from them, and then it can trawl everybody.

If you take back the encryption keys – it is no longer economic for the NSA to net you, because they need to treat you as an individual. That costs too much, given that you are not really interesting for them. Fortunately cloud encryption is evolving in this direction and solutions are emerging that allow you to use the cloud while keeping control of your encryption keys.

The post Living with Spies in the Cloud: Protecting Your Privacy with Cloud Encryption appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
The only place to be Nov 3-5 is Cloud Expo | @ThingsExpo | DevOps Summit 2015 West at the Santa Clara Convention Center in Santa Clara, CA. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT, Big Data and DevOps companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic strategies that utility/cloud computing provides. Whether...
ThingsExpo New York is offering a limited time FREE "Expo Plus" registration option in New York. On site registration price of $1,95 will be set to 'free' for delegates who register during special offer. To take advantage of this opportunity, attendees can use the coupon code, and secure their registration to attend all keynotes, ThingsExpo sessions, expo floor, and SYS-CON.tv power panels. Special FREE registration givess access to all DevOps, Containers and Microservices sessions as well. Registration page is located at the ThingsExpo site.
DevOps Summit at Cloud Expo New York is offering a limited time FREE "Expo Plus" registration option in New York. On site registration price of $1,95 will be set to 'free' for delegates who register during special offer. To take advantage of this opportunity, attendees can use the coupon code, and secure their registration to attend all keynotes, @DevOpsSummit sessions at Cloud Expo, expo floor, and SYS-CON.tv power panels. Special FREE registration givess access to all Containers and Microservices sessions. Registration page is located at the DevOps Summit site. Your DevOps Summit registratio...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable older adults to live independent lives while staying connected to loved ones. M2M will continue to gr...
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
Akana, a leading provider of API Management, API Security and Cloud Integration solutions, announced that it is introducing DevOps automation to the API lifecycle. New capabilities in Akana's API Management platform significantly reduce the time required to update API definitions and versions. DevOps teams will be able to work faster in designing and developing APIs, as well as managing them at runtime and publishing them to a portal.
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it!
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
Imagine a world where targeting, attribution, and analytics are just as intrinsic to the physical world as they currently are to display advertising. Advances in technologies and changes in consumer behavior have opened the door to a whole new category of personalized marketing experience based on direct interactions with products. The products themselves now have a voice. What will they say? Who will control it? And what does it take for brands to win in this new world? In his session at @ThingsExpo, Zack Bennett, Vice President of Customer Success at EVRYTHNG, will answer these questions a...
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
“Connect2Me is basically a game changer in the IoT industry. We have created IoT connecter middleware that can enable a connection to any kind of device," explained Yasser Khan, CTO of Connect2Me, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
2015 predictions circa 1970: houses anticipate our needs and adapt, city infrastructure is citizen and situation aware, office buildings identify and preprocess you. Today smart buildings have no such collective conscience, no shared set of fundamental services to identify, predict and synchronize around us. LiveSpace and M2Mi are changing that. LiveSpace Smart Environment devices deliver over the M2Mi IoT Platform real time presence, awareness and intent analytics as a service to local connected devices. In her session at @ThingsExpo, Sarah Cooper, VP Business of Development at M2Mi, will d...
The world is at a tipping point where the technology, the device and global adoption are converging to such a point that we will see an explosion of a world where smartphone devices not only allow us to talk to each other, but allow for communication between everything – serving as a central hub from which we control our world – MediaTek is at the heart of both driving this and allowing the markets to drive this reality forward themselves. The next wave of consumer gadgets is here – smart, connected, and small. If your ambitions are big, so are ours. In his session at @ThingsExpo, Jack Hu, D...
The basic integration architecture, as defined by ESBs, hasn’t changed for more than a decade. Most cloud integration providers still rely on an ESB architecture and their proprietary connectors. As a result, enterprise integration projects suffer from constraints of availability and reliability of these connectors that are not re-usable across other integration vendors. However, the rapid adoption of APIs and almost ubiquitous availability of APIs amongst most SaaS and Cloud applications are rapidly redefining traditional integration approaches and their reliance on proprietary connectors. ...
The enterprise market will drive IoT device adoption over the next five years. In his session at @ThingsExpo, John Greenough, an analyst at BI Intelligence, division of Business Insider, will analyze how companies will adopt IoT products and the associated cost of adopting those products. John Greenough is the lead analyst covering the Internet of Things for BI Intelligence- Business Insider’s paid research service. Numerous IoT companies have cited his analysis of the IoT. Prior to joining BI Intelligence, he worked analyzing bank technology for Corporate Insight and The Clearing House Pay...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.