Welcome!

Containers Expo Blog Authors: Anders Wallgren, Elizabeth White, Scott Allen, Yeshim Deniz, Liz McMillan

Blog Feed Post

Can You Trust the Cloud?

Cloud Trust Cloud Security Cloud Encryption  trust cloud hand Can You Trust the Cloud?I am often asked by skeptics, cynics, doubters, and readers of sensational journalism if they can trust the cloud.  Sure, there have been data leaks, hacker intrusions, NSA spies, but can the cloud be trusted with your data?

YES

End of article.

Not really . . . yes, the cloud can definitely be trusted, but that doesn’t allow you to be foolish.  Metaphorically, you can trust your Volvo too – but you should still fasten your seat belt.  You are still responsible to protect yourself, and in the cloud computing scenario, that means that you are ultimately responsible to protect your data.  My advice is this:

Trust the cloud.  And take security measures to protect your data.

The level of security (in the form of cloud encryption) needed will depend on what you are planning to use the cloud for.

Individuals who want to securely store files on websites such as Dropbox or Google Docs need a minimal amount of security so that their information isn’t widely available. In recent years, the developers of these services added the necessary encryption to keep the average hacker out1.  

For those who want to power applications, databases or tools on a group of computers through the cloud, extra protection is needed since there are more entry points to protect. Companies that want to secure data in the cloud should work with a qualified cloud provider or cloud security vendor who will provide data encryption options to protect against internal and external threats as well as meet industry data privacy rules (PCI, HIPPA, etc.).

If you work with sensitive information that is protected by law or industry regulations, you require the highest level of protection. For example, companies in the healthcare industry must take care to encrypt private patient data in order to comply with HIPAA regulations2. Companies that accept credit card payments must comply with PCI regulations3.  For these companies, it is important to understand what the potential risks are and how to secure the data and adhere to the regulations.

So, which security measures should you take?

The CSA (Cloud Security Alliance) has identified a number of challenges to cloud computing security4:

  1. Data breaches – If a cloud service database isn’t designed properly, a hacker could get into customers’ data.
    Solution: Choose a cloud provider that allows maximum control over encryption keys.
  2. Data loss – A careless provider could lose data due to a hacker or natural disaster. This can be problematic for compliance with regulations as well as customer relations.
    Solution: Use encrypted backup where you control the encryption keys.
  3. Account or service traffic hijacking – If credentials are stolen, a hacker could carry out actions in the name of the company.
    Solution: Use two-factor authentication techniques wherever possible.
  4. Insecure interfaces and APIs – Third parties building on to existing APIs can weaken their security, especially if they require relinquishing of credentials. Solution: Understand the implications and risks of adding layers to APIs.
  5. Malicious insiders – If credentials are available to multiple employees within an organization, the company is susceptible to malicious insider attack. Solution: Keys should be available only at data-usage time.
  6. Cloud abuse – A hacker might use the cloud service in order to break a code he couldn’t get into on a standard computer. He might use it to propagate malware or share pirated software.
    Solution: Cloud providers must define abuse and determine how to identify it.
  7. Insufficient due diligence – Companies who don’t sufficiently understand the security issues inherent in cloud computing may unwittingly harm their own security.
    Solution: Allocation of resources for education and due diligence before getting started.
  8. Shared technology vulnerabilities – Cloud providers share platforms in order to save on costs, but this means that when one component is harmed, the others are vulnerable as well.
    Solution: a defensive, in-depth strategy, as well as monitoring.

 

That’s a lot of security measures!

It may seem safer just to stay out of the cloud, but for most businesses, this is likely to be impractical.  The cloud can handle a large amount of data at lower cost and increased flexibility.  Also, I would be remiss not to note that information stored on desktops is not necessarily secure either; hackers have been known to infiltrate data stored on physical computers and mobile devices as well.

 

Is there an easy way to protect myself?

Strong cloud encryption makes the cloud a safe environment for storing data (even for the most sensitive, regulated, protected data). Make sure to choose the level of encryption necessary for your data. If your company complies with HIPAA or PCI or handles customers’ private information, pick a cloud provider which uses split-key encryption (aka Homomorphic Key Encryption). This is a system which requires two keys to access data.  One key remains under your control as the owner of the data. When this master key is in use in the cloud, it is encrypted, thus ensuring that the cloud provider doesn’t have access to your data and neither does anyone who attempts to hack in. This will ensure safety in the cloud.

This is why I say that you can completely trust the cloud.  If you take the proper steps to protect yourself (a split-key seat belt, if you will), the cloud is not a menacing, dangerous place to store data.  It is, in fact: scalable, flexible, cost-effective, and a great solution, which can (and should!) be safe and secure.

The post Can You Trust the Cloud? appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and ...
18th Cloud Expo, taking place June 7-9, 2016, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some...
SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from Web startups to global enterprises. SoftLayer's modular architecture, full-featured API, and sophisticated automation provide unparalleled performance and control. Its flexible unified platform seamlessly spans physical and virtual devices linked via a world...
SYS-CON Events announced today that BMC Software has been named "Siver Sponsor" of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. BMC is a global leader in innovative software solutions that help businesses transform into digital enterprises for the ultimate competitive advantage. BMC Digital Enterprise Management is a set of innovative IT solutions designed to make digital business fast, seamless, and optimized from mainframe to mo...
"What we see what happens when you have a completely networked society and the potential to now drive the value creation and the collaboration and the ecosystems that are possible when you start to be able to connect people and industries together in ways that have never been possible before," explained Esmeralda Swartz, VP of Marketing Enterprise & Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Companies can harness IoT and predictive analytics to sustain business continuity; predict and manage site performance during emergencies; minimize expensive reactive maintenance; and forecast equipment and maintenance budgets and expenditures. Providing cost-effective, uninterrupted service is challenging, particularly for organizations with geographically dispersed operations.
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
The IoTs will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm and share the must-have mindsets for removing complexity from the development proc...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device. For more information, please visit https://www.mangoapps.com/.
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
SYS-CON Events announced today that IBM Cloud Data Services has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. IBM Cloud Data Services offers a portfolio of integrated, best-of-breed cloud data services for developers focused on mobile computing and analytics use cases.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
Designing IoT applications is complex, but deploying them in a scalable fashion is even more complex. A scalable, API first IaaS cloud is a good start, but in order to understand the various components specific to deploying IoT applications, one needs to understand the architecture of these applications and figure out how to scale these components independently. In his session at @ThingsExpo, Nara Rajagopalan is CEO of Accelerite, will discuss the fundamental architecture of IoT applications, ...
In his session at 18th Cloud Expo, Bruce Swann, Senior Product Marketing Manager at Adobe, will discuss how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects). Bruce Swann has more than 15 years of experience working with digital marketing disciplines like web analytics, social med...
SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will exhibit at the 18th International CloudExpo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...