Welcome!

IBM Cloud Authors: Michel Courtoy, Yeshim Deniz, Pat Romanski, Liz McMillan, Carmen Gonzalez

Blog Feed Post

Cloud Security for AWS: Your Cloud Encryption Questions Answered

cloud security best practices Cloud Security AWS Encryption amazon web services  cloud security aws Cloud Security for AWS: Your Cloud Encryption Questions AnsweredLast week, at the Amazon Web Services Summit in San Francisco’s Moscone Center, we met many companies who have deployed (or will migrate) their sensitive projects to the Amazon cloud.  These companies expressed real concerns about the security of their information, and the status of continued compliance with regulations like HIPAA and PCI DSS.  Below, a summary of the questions we were asked at the show.

Q.  Does Amazon Web Services completely cover cloud security?

Amazon Web Services offers impressive built-in security features like firewalls, identity and access management, and private subnets.   Yet as Amazon’s own Security Center will explain: there is a shared responsibility for cloud security and “AWS has secured the underlying infrastructure and you must secure anything you put on the infrastructure.”

You are responsible to secure your own sensitive data, to encrypt data at rest and in transit and, importantly, to ensure that only you (not even AWS) control your encryption keys. This is both security common sense and also important from a regulatory point of view.

Q.  How is the Porticor cloud encryption solution different?

Porticor did not re-invent the data encryption wheel.  We use industry standards for data encryption like AES.  Our system is unique, however, in how it handles the keys to your encrypted data.  Porticor is the only system that keeps control of encryption keys in the hands of the end customer while providing a pure cloud model – without any hardware requirements.

With Porticor, once your sensitive data is encrypted, our system takes the encryption key and splits it into two parts (here’s how in 90 seconds).  One part stays within our system and one part, the “master key” stays with you at all times.  Both parts are required to access your data.  With this split-key encryption approach, Porticor ensures that only you control access to your data.  AWS cannot access it, Porticor cannot access it, and hackers cannot access it.  Only you control your data.  This is what makes the system PCI and HIPAA compliant while maintaining the “pure cloud” approach. You can read more about it here.

Q.  Does this kind of cloud security slow down performance?

No. We’ve gone to some length to keep performance top notch, by introducing efficient streaming. We also make sure that encryption happens inside your AWS account, in the same zone as your own AWS project, so there are no latency issues around network hops. You have a choice between a “Virtual Appliance” that you can bring up inside your own AWS account, and an “agent” that you can install on your own AWS instances.

As a result in some use cases we actually speed you up a bit!  Detailed benchmarks are available here.

Q.  Amazon Web Services offers CloudHSM.  How does that compare?

It really depends on your requirements. CloudHSM is a hardware solution and is therefore highly secure. But it also brings hardware “challenges” to a cloud deployment.  For example, it does not automatically scale, it is limited in regional support, and it is expensive.

Porticor is a software-defined solution, meaning it can scale (up or down) easily, as no hardware is involved. On top of that, Porticor delivers a holistic approach. We believe that encryption keys should be secure both on the key management side, as well as while in use. This is where our patented homomorphic split-key management kicks in.

Q.  What does homomorphic encryption mean?

Homomorphic encryption is a technique that enables encrypting data, and keeping it encrypted even if it is used in calculations. As it relates to our system, Porticor homomorphically encrypts your master key before it enters the cloud, and it stays encrypted – never decrypted – when it is used in the cloud. This means your entire project works without anyone knowing your master key – not Porticor, not AWS, no computing element at all.  This way, you retain control of your key at all times.  Your key is safe even when it is in use in the cloud.

Q.  Which companies need Porticor’s cloud security for AWS?

If your company or its clients face regulations like HIPAA, PCI DSS, or many others – you need Porticor.

If your company is committed to the security of the data or apps you store in the AWS cloud – you need Porticor.

If you want total cloud security that is flexible, scalable, easy to implement, and cost effective – you need Porticor.

Q.  Are you an official partner of Amazon Web Services?

Yes.  You can find us here.

Q.  Is your solution only for Amazon Web Services?

No. You can use Porticor in any cloud scenario: public clouds (AWS, VMware, IBM, etc.), private clouds (VMware again), or hybrid scenarios.

Q.  How is Porticor implemented inside my Amazon Web Services account?

Porticor is available as an AMI (Amazon Machine Image), so you can bring up a Porticor “Virtual Appliance” in your AWS account by the native AWS methods. Porticor is also available as an agent you can install on your AWS server instance.

Q.  How do I get started?

You can try it for free here.  If you have any questions, contact us.

The post Cloud Security for AWS: Your Cloud Encryption Questions Answered appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

@ThingsExpo Stories
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to ma...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...