Welcome!

Websphere Authors: Yeshim Deniz, Liz McMillan, Bob Gourley, Gilad Parann-Nissany

Blog Feed Post

Cloud Security for AWS: Your Cloud Encryption Questions Answered

cloud security best practices Cloud Security AWS Encryption amazon web services  cloud security aws Cloud Security for AWS: Your Cloud Encryption Questions AnsweredLast week, at the Amazon Web Services Summit in San Francisco’s Moscone Center, we met many companies who have deployed (or will migrate) their sensitive projects to the Amazon cloud.  These companies expressed real concerns about the security of their information, and the status of continued compliance with regulations like HIPAA and PCI DSS.  Below, a summary of the questions we were asked at the show.

Q.  Does Amazon Web Services completely cover cloud security?

Amazon Web Services offers impressive built-in security features like firewalls, identity and access management, and private subnets.   Yet as Amazon’s own Security Center will explain: there is a shared responsibility for cloud security and “AWS has secured the underlying infrastructure and you must secure anything you put on the infrastructure.”

You are responsible to secure your own sensitive data, to encrypt data at rest and in transit and, importantly, to ensure that only you (not even AWS) control your encryption keys. This is both security common sense and also important from a regulatory point of view.

Q.  How is the Porticor cloud encryption solution different?

Porticor did not re-invent the data encryption wheel.  We use industry standards for data encryption like AES.  Our system is unique, however, in how it handles the keys to your encrypted data.  Porticor is the only system that keeps control of encryption keys in the hands of the end customer while providing a pure cloud model – without any hardware requirements.

With Porticor, once your sensitive data is encrypted, our system takes the encryption key and splits it into two parts (here’s how in 90 seconds).  One part stays within our system and one part, the “master key” stays with you at all times.  Both parts are required to access your data.  With this split-key encryption approach, Porticor ensures that only you control access to your data.  AWS cannot access it, Porticor cannot access it, and hackers cannot access it.  Only you control your data.  This is what makes the system PCI and HIPAA compliant while maintaining the “pure cloud” approach. You can read more about it here.

Q.  Does this kind of cloud security slow down performance?

No. We’ve gone to some length to keep performance top notch, by introducing efficient streaming. We also make sure that encryption happens inside your AWS account, in the same zone as your own AWS project, so there are no latency issues around network hops. You have a choice between a “Virtual Appliance” that you can bring up inside your own AWS account, and an “agent” that you can install on your own AWS instances.

As a result in some use cases we actually speed you up a bit!  Detailed benchmarks are available here.

Q.  Amazon Web Services offers CloudHSM.  How does that compare?

It really depends on your requirements. CloudHSM is a hardware solution and is therefore highly secure. But it also brings hardware “challenges” to a cloud deployment.  For example, it does not automatically scale, it is limited in regional support, and it is expensive.

Porticor is a software-defined solution, meaning it can scale (up or down) easily, as no hardware is involved. On top of that, Porticor delivers a holistic approach. We believe that encryption keys should be secure both on the key management side, as well as while in use. This is where our patented homomorphic split-key management kicks in.

Q.  What does homomorphic encryption mean?

Homomorphic encryption is a technique that enables encrypting data, and keeping it encrypted even if it is used in calculations. As it relates to our system, Porticor homomorphically encrypts your master key before it enters the cloud, and it stays encrypted – never decrypted – when it is used in the cloud. This means your entire project works without anyone knowing your master key – not Porticor, not AWS, no computing element at all.  This way, you retain control of your key at all times.  Your key is safe even when it is in use in the cloud.

Q.  Which companies need Porticor’s cloud security for AWS?

If your company or its clients face regulations like HIPAA, PCI DSS, or many others – you need Porticor.

If your company is committed to the security of the data or apps you store in the AWS cloud – you need Porticor.

If you want total cloud security that is flexible, scalable, easy to implement, and cost effective – you need Porticor.

Q.  Are you an official partner of Amazon Web Services?

Yes.  You can find us here.

Q.  Is your solution only for Amazon Web Services?

No. You can use Porticor in any cloud scenario: public clouds (AWS, VMware, IBM, etc.), private clouds (VMware again), or hybrid scenarios.

Q.  How is Porticor implemented inside my Amazon Web Services account?

Porticor is available as an AMI (Amazon Machine Image), so you can bring up a Porticor “Virtual Appliance” in your AWS account by the native AWS methods. Porticor is also available as an agent you can install on your AWS server instance.

Q.  How do I get started?

You can try it for free here.  If you have any questions, contact us.

The post Cloud Security for AWS: Your Cloud Encryption Questions Answered appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.