Click here to close now.

Welcome!

Virtualization Authors: Elizabeth White, Carmen Gonzalez, Michael Jannery, VictorOps Blog, Jnan Dash

Blog Feed Post

Private vs Public Cloud Security: Top Security Issues

public vs private cloud public cloud security cloud security issues  private vs public cloud security Private vs Public Cloud Security: Top Security IssuesSo, you think your five year old private cloud security is stronger than a public Infrastructure as a Service cloud (like AWS, HP, and Microsoft Azure)? Think again.

The reality is that a public cloud provider is likely investing more in infrastructure security and P3 (People, Process, Products) than your organization.

Does that mean that you can safely move your data to a public IaaS cloud? Not necessarily.

Any public cloud vendor will tell you off the bat that public cloud security requires a “shared responsibility” model.

It is confusing: on one hand, we tell you that public cloud security is likely safer, while on the other, we tell you it’s not necessarily safe to migrate to a public cloud. So let’s get down to details and clear up the confusion.

Private Cloud Security vs Public Cloud Security Comparison

Most enterprises are strategically looking at public clouds, while nurturing (and sometimes extending) the corporate private cloud. There are many reasons for that approach, but when it comes to data security, hardening and securing each cloud type is a fundamentally different task.

Private clouds are more secure in the sense that your servers and data are guarded behind the walls of a location managed and hopefully guarded by the enterprise. But implementing and maintaining the IT security is a daunting and resource-intensive task. You’ll need to build and maintain perimeter security, application security, and operating systems security. You must educate your employees. You will require IT personnel to handle the workload.

In a public infrastructure cloud, the responsibility for physical access, virtualization level security, and standardization is shifted to the cloud provider (who actually does a great job most of the time). You, the customer, are still responsible for operating system security, application security, and complying with specific regulatory standards such as HIPAA and PCI.

The cloud key management dilemma

As a cloud encryption vendor, we’re often asked about the “value” of cloud encryption. Cloud encryption can be cheap (if your cloud provider manages the encryption keys). But cheap encryption is, most times, insecure. Also, cheap encryption raises compliance issues as you allow someone else to manage the encryption keys for you.

The alternative, traditional way of encrypting, takes you back to the “pre-cloud” days by managing encryption keys yourself using Hardware Security Modules (HSMs). An HSM is certainly a highly secure option for key management; but, in a cloud (private or public), HSMs are challenged with two major issues.

  1. HSMs limits many of the cloud benefits, specifically around auto provisioning, orchestration and geographic dispersion (after all – it is hardware)
  2. The encryption keys are insecure the moment they leave to the cloud (to encrypt a disk or any other cloud resource).
  3. Needless to say, HSMs are far more expensive.

Now, let’s leave the dilemma in the past and look to the future for a solution.

The future – cloud encryption stronger than hardware

There’s a need for a fresh, fundamentally new approach to cloud encryption.

To deal with the complexity of cloud encryption while not compromising the enterprise trust, companies like Porticor Cloud Security leverage innovative cloud encryption techniques like split-key encryption and homomorphic key management (read more about it in this white paper).

These technologies enable public cloud customers to consume encryption as a service, without compromising the security of the encryption keys. As illustrated in this short video, split-key encryption is based on the concept used by Swiss banks’ safety deposit boxes: two owners hold keys, and only the combination of both keys can open or lock a safe.

Porticor splits the encryption key in half, providing one half for the customer, and keeping the second half with the “banker” – a Porticor key management service. Using split-key encryption technologies, no “secrets” are stored in the cloud key management system, as the Porticor’s key management system holds only half of the secret (half of the encryption key), and the cloud customer holds the second half.

Better Security in the Cloud

To declare a winner in the private cloud vs public cloud security rivalry would be remiss. In fact, better security is not a question of which cloud type you pick. Your data and applications can be totally secure in a private cloud, with an HSM and IT personnel to properly build, update, and maintain your security protocol. But that security may come at a higher price.

In the pubic cloud, because the provider maintains part of the security responsibility, the financial burden of securing your apps and data is lessened. However, you still share the responsibility and must not take your part lightly. If you take the proper precautions with your data encryption keys, you can be totally secure (and, as an added bonus, compliant with regulations and restrictions) in a public cloud too.

The post Private vs Public Cloud Security: Top Security Issues appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
With several hundred implementations of IoT-enabled solutions in the past 12 months alone, this session will focus on experience over the art of the possible. Many can only imagine the most advanced telematics platform ever deployed, supporting millions of customers, producing tens of thousands events or GBs per trip, and hundreds of TBs per month. With the ability to support a billion sensor events per second, over 30PB of warm data for analytics, and hundreds of PBs for an data analytics archive, in his session at @ThingsExpo, Jim Kaskade, Vice President and General Manager, Big Data & Ana...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...
The Internet of Things (IoT) is causing data centers to become radically decentralized and atomized within a new paradigm known as “fog computing.” To support IoT applications, such as connected cars and smart grids, data centers' core functions will be decentralized out to the network's edges and endpoints (aka “fogs”). As this trend takes hold, Big Data analytics platforms will focus on high-volume log analysis (aka “logs”) and rely heavily on cognitive-computing algorithms (aka “cogs”) to make sense of it all.
One of the biggest impacts of the Internet of Things is and will continue to be on data; specifically data volume, management and usage. Companies are scrambling to adapt to this new and unpredictable data reality with legacy infrastructure that cannot handle the speed and volume of data. In his session at @ThingsExpo, Don DeLoach, CEO and president of Infobright, will discuss how companies need to rethink their data infrastructure to participate in the IoT, including: Data storage: Understanding the kinds of data: structured, unstructured, big/small? Analytics: What kinds and how responsiv...
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.
The Workspace-as-a-Service (WaaS) market will grow to $6.4B by 2018. In his session at 16th Cloud Expo, Seth Bostock, CEO of IndependenceIT, will begin by walking the audience through the evolution of Workspace as-a-Service, where it is now vs. where it going. To look beyond the desktop we must understand exactly what WaaS is, who the users are, and where it is going in the future. IT departments, ISVs and service providers must look to workflow and automation capabilities to adapt to growing demand and the rapidly changing workspace model.
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., showed what is needed to leverage the IoT to transform your business. He discussed opportunities and challenges ahead for the IoT from a market and technical point of vie...
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what the future may hold. Mike Kavis is Vice President & Principal Cloud Architect at Cloud Technology Pa...
Hadoop as a Service (as offered by handful of niche vendors now) is a cloud computing solution that makes medium and large-scale data processing accessible, easy, fast and inexpensive. In his session at Big Data Expo, Kumar Ramamurthy, Vice President and Chief Technologist, EIM & Big Data, at Virtusa, will discuss how this is achieved by eliminating the operational challenges of running Hadoop, so one can focus on business growth. The fragmented Hadoop distribution world and various PaaS solutions that provide a Hadoop flavor either make choices for customers very flexible in the name of opti...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Advanced Persistent Threats (APTs) are increasing at an unprecedented rate. The threat landscape of today is drastically different than just a few years ago. Attacks are much more organized and sophisticated. They are harder to detect and even harder to anticipate. In the foreseeable future it's going to get a whole lot harder. Everything you know today will change. Keeping up with this changing landscape is already a daunting task. Your organization needs to use the latest tools, methods and expertise to guard against those threats. But will that be enough? In the foreseeable future attacks w...
Disruptive macro trends in technology are impacting and dramatically changing the "art of the possible" relative to supply chain management practices through the innovative use of IoT, cloud, machine learning and Big Data to enable connected ecosystems of engagement. Enterprise informatics can now move beyond point solutions that merely monitor the past and implement integrated enterprise fabrics that enable end-to-end supply chain visibility to improve customer service delivery and optimize supplier management. Learn about enterprise architecture strategies for designing connected systems tha...
Dale Kim is the Director of Industry Solutions at MapR. His background includes a variety of technical and management roles at information technology companies. While his experience includes work with relational databases, much of his career pertains to non-relational data in the areas of search, content management, and NoSQL, and includes senior roles in technical marketing, sales engineering, and support engineering. Dale holds an MBA from Santa Clara University, and a BA in Computer Science from the University of California, Berkeley.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
The cloud is now a fact of life but generating recurring revenues that are driven by solutions and services on a consumption model have been hard to implement, until now. In their session at 16th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, will discuss how a top European telco has leveraged the innovative recurring revenue generating capability of the consumption cloud to enable a unique cloud monetization model to drive results.
As organizations shift toward IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection &E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his session at 16th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships, will discuss how to cut costs, scale easily, and unleash insight with CommVault Simpana software, the only si...
Analytics is the foundation of smart data and now, with the ability to run Hadoop directly on smart storage systems like Cloudian HyperStore, enterprises will gain huge business advantages in terms of scalability, efficiency and cost savings as they move closer to realizing the potential of the Internet of Things. In his session at 16th Cloud Expo, Paul Turner, technology evangelist and CMO at Cloudian, Inc., will discuss the revolutionary notion that the storage world is transitioning from mere Big Data to smart data. He will argue that today’s hybrid cloud storage solutions, with commodity...