Welcome!

Virtualization Authors: Bernard Golden, Greg Ness, Sandi Mappic, Roger Strukhoff, Lori MacVittie

Blog Feed Post

Can You Trust the Cloud?

Cloud Trust Cloud Security Cloud Encryption  trust cloud hand Can You Trust the Cloud?I am often asked by skeptics, cynics, doubters, and readers of sensational journalism if they can trust the cloud.  Sure, there have been data leaks, hacker intrusions, NSA spies, but can the cloud be trusted with your data?

YES

End of article.

Not really . . . yes, the cloud can definitely be trusted, but that doesn’t allow you to be foolish.  Metaphorically, you can trust your Volvo too – but you should still fasten your seat belt.  You are still responsible to protect yourself, and in the cloud computing scenario, that means that you are ultimately responsible to protect your data.  My advice is this:

Trust the cloud.  And take security measures to protect your data.

The level of security (in the form of cloud encryption) needed will depend on what you are planning to use the cloud for.

Individuals who want to securely store files on websites such as Dropbox or Google Docs need a minimal amount of security so that their information isn’t widely available. In recent years, the developers of these services added the necessary encryption to keep the average hacker out1.  

For those who want to power applications, databases or tools on a group of computers through the cloud, extra protection is needed since there are more entry points to protect. Companies that want to secure data in the cloud should work with a qualified cloud provider or cloud security vendor who will provide data encryption options to protect against internal and external threats as well as meet industry data privacy rules (PCI, HIPPA, etc.).

If you work with sensitive information that is protected by law or industry regulations, you require the highest level of protection. For example, companies in the healthcare industry must take care to encrypt private patient data in order to comply with HIPAA regulations2. Companies that accept credit card payments must comply with PCI regulations3.  For these companies, it is important to understand what the potential risks are and how to secure the data and adhere to the regulations.

So, which security measures should you take?

The CSA (Cloud Security Alliance) has identified a number of challenges to cloud computing security4:

  1. Data breaches – If a cloud service database isn’t designed properly, a hacker could get into customers’ data.
    Solution: Choose a cloud provider that allows maximum control over encryption keys.
  2. Data loss – A careless provider could lose data due to a hacker or natural disaster. This can be problematic for compliance with regulations as well as customer relations.
    Solution: Use encrypted backup where you control the encryption keys.
  3. Account or service traffic hijacking – If credentials are stolen, a hacker could carry out actions in the name of the company.
    Solution: Use two-factor authentication techniques wherever possible.
  4. Insecure interfaces and APIs – Third parties building on to existing APIs can weaken their security, especially if they require relinquishing of credentials. Solution: Understand the implications and risks of adding layers to APIs.
  5. Malicious insiders – If credentials are available to multiple employees within an organization, the company is susceptible to malicious insider attack. Solution: Keys should be available only at data-usage time.
  6. Cloud abuse – A hacker might use the cloud service in order to break a code he couldn’t get into on a standard computer. He might use it to propagate malware or share pirated software.
    Solution: Cloud providers must define abuse and determine how to identify it.
  7. Insufficient due diligence – Companies who don’t sufficiently understand the security issues inherent in cloud computing may unwittingly harm their own security.
    Solution: Allocation of resources for education and due diligence before getting started.
  8. Shared technology vulnerabilities – Cloud providers share platforms in order to save on costs, but this means that when one component is harmed, the others are vulnerable as well.
    Solution: a defensive, in-depth strategy, as well as monitoring.

 

That’s a lot of security measures!

It may seem safer just to stay out of the cloud, but for most businesses, this is likely to be impractical.  The cloud can handle a large amount of data at lower cost and increased flexibility.  Also, I would be remiss not to note that information stored on desktops is not necessarily secure either; hackers have been known to infiltrate data stored on physical computers and mobile devices as well.

 

Is there an easy way to protect myself?

Strong cloud encryption makes the cloud a safe environment for storing data (even for the most sensitive, regulated, protected data). Make sure to choose the level of encryption necessary for your data. If your company complies with HIPAA or PCI or handles customers’ private information, pick a cloud provider which uses split-key encryption (aka Homomorphic Key Encryption). This is a system which requires two keys to access data.  One key remains under your control as the owner of the data. When this master key is in use in the cloud, it is encrypted, thus ensuring that the cloud provider doesn’t have access to your data and neither does anyone who attempts to hack in. This will ensure safety in the cloud.

This is why I say that you can completely trust the cloud.  If you take the proper steps to protect yourself (a split-key seat belt, if you will), the cloud is not a menacing, dangerous place to store data.  It is, in fact: scalable, flexible, cost-effective, and a great solution, which can (and should!) be safe and secure.

The post Can You Trust the Cloud? appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: Samsung recognizes that true, accelerated innovation cannot be driven from one source, but requires a...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Architect for the Internet of Things and Intelligent Systems at Red Hat, will describe how to revoluti...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: Esmeralda Swartz, CMO of MetraTech, has spent 16 years as a marketing, product management, and busin...
SYS-CON Events announced today that Red Hat, the world's leading provider of open source solutions, will exhibit at Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Red Hat is the world's leading provider of open source software solutions, using a community-powered approach to reliable and high-performing cloud, Linux, middleware, storage and virtualization technologies. Red Hat also offers award-winning support, training, and consulting services. As the connective hub in a global network of enterprises, partners, a...
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at Internet of @ThingsExpo, Robin Raymond, Chief Architect at Hookflash Inc., will walk through the shifting landscape of traditional telephone a...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.
BSQUARE is a global leader of embedded software solutions. We enable smart connected systems at the device level and beyond that millions use every day and provide actionable data solutions for the growing Internet of Things (IoT) market. We empower our world-class customers with our products, services and solutions to achieve innovation and success. For more information, visit www.bsquare.com.
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it’s a mix of architectural style...
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accelerate their digital channels with APIs, drive partner adoption, monetize their assets, and achieve a...
From a software development perspective IoT is about programming "things," about connecting them with each other or integrating them with existing applications. In his session at @ThingsExpo, Yakov Fain, co-founder of Farata Systems and SuranceBay, will show you how small IoT-enabled devices from multiple manufacturers can be integrated into the workflow of an enterprise application. This is a practical demo of building a framework and components in HTML/Java/Mobile technologies to serve as a platform that can integrate new devices as they become available on the market.
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customizable platform to easily integrate into existing software solutions, embed business logic and build s...
Connected devices are changing the way we go about our everyday life, from wearables to driverless cars, to smart grids and entire industries revolutionizing business opportunities through smart objects, capable of two-way communication. But what happens when objects are given an IP-address, and we rely on that connection, sometimes with our lives? How do we secure those vast data infrastructures and safe-keep the privacy of sensitive information? This session will outline how each and every connected device can uphold a core root of trust via a unique cryptographic signature – a “bir...
Internet of @ThingsExpo Silicon Valley announced on Thursday its first 12 all-star speakers and sessions for its upcoming event, which will take place November 4-6, 2014, at the Santa Clara Convention Center in California. @ThingsExpo, the first and largest IoT event in the world, debuted at the Javits Center in New York City in June 10-12, 2014 with over 6,000 delegates attending the conference. Among the first 12 announced world class speakers, IBM will present two highly popular IoT sessions, which will take place November 4-6, 2014 at the Santa Clara Convention Center in Santa Clara, Calif...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at Internet of @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, will discuss how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.

SUNNYVALE, Calif., Oct. 20, 2014 /PRNewswire/ -- Spansion Inc. (NYSE: CODE), a global leader in embedded systems, today added 96 new products to the Spansion® FM4 Family of flexible microcontrollers (MCUs). Based on the ARM® Cortex®-M4F core, the new MCUs boast a 200 MHz operating frequency and support a diverse set of on-chip peripherals for enhanced human machine interfaces (HMIs) and machine-to-machine (M2M) communications. The rich set of periphera...

SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue business and deliver exceptional experiences to their customers.
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce the value of the network in helping organizations to maximize their company’s cloud experience.
The Internet of Things (IoT) is making everything it touches smarter – smart devices, smart cars and smart cities. And lucky us, we’re just beginning to reap the benefits as we work toward a networked society. However, this technology-driven innovation is impacting more than just individuals. The IoT has an environmental impact as well, which brings us to the theme of this month’s #IoTuesday Twitter chat. The ability to remove inefficiencies through connected objects is driving change throughout every sector, including waste management. BigBelly Solar, located just outside of Boston, is trans...
SYS-CON Events announced today that Matrix.org has been named “Silver Sponsor” of Internet of @ThingsExpo, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Matrix is an ambitious new open standard for open, distributed, real-time communication over IP. It defines a new approach for interoperable Instant Messaging and VoIP based on pragmatic HTTP APIs and WebRTC, and provides open source reference implementations to showcase and bootstrap the new standard. Our focus is on simplicity, security, and supporting the fullest feature set.