Keeping data private and secure has always been a business imperative for data privacy and regulatory compliance reasons, and as businesses seriously consider migrating to the cloud, data security is one of the most significant concerns. Once data is moved to the cloud, it becomes vulnerable to a number of new threats, and data security must be addressed jointly by the cloud provider and the customer itself. In our presentation we will discuss the shared responsibility module, review the pros and cons of current approaches to cloud data security, and discuss new and emerging technologies such as split-key encryption and partially homomorphic key encryption that enables organizations to maintain data privacy in a public cloud environment.
This presentation brought to you by Ariel Dan, Co-Founder VP sales & Marketing at Porticor cloud security.
8. Cloud Data Security is a Must
A Typical Cloud Security Provider Agreement
We strive to keep Your Content secure, but cannot guarantee that we will be successful at
doing so, given the nature of the Internet. Accordingly, without limitation to Section 4.3 above
and Section 11.5 below, you acknowledge that you bear sole responsibility for adequate
security, protection and backup of Your Content and Applications. We strongly
encourage you, where available and appropriate, to (a) use encryption technology to
protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c)
keep your Applications or any software that you use or run with our Services current with the
latest security patches or updates. We will have no liability to you for any unauthorized access
or use, corruption, deletion, destruction or loss of any of Your Content or Applications.
9. Cloud
provider
User account
key management server in the datacenter
• Expensive: software licenses
• Operational overhead
• Defeats purpose of going to cloud in
the first place
Database server/s
Key Management
SaaS vendor
key management in a cloud hosted by a security vendor
• Problematic: puts your encryption keys in somebody
else’s hands
11. What’s Porticor® Virtual Private Data™ System
• The industry’s first data encryption and key
management system for the cloud that does not
sacrifice trust
• The only solution that solves the unaddressed
challenge of securely storing keys in the cloud
• No changes required on the application servers
• Encrypts the entire data level (databases, file
servers, distributed storage, virtual disks)
12. Patented Key-Splitting Technology
The “Swiss Banker” metaphor
Customer has a key, “Banker” has a key
Designed for Homomorphic key encryption
13. Cloud servers are up in minutes,
with Porticor – so is data security
• Virtual appliance, provides key management and encryption
• In cloud of customer’s choice
• In customer’s account
• Pay as you go
14. A Typical Cloud Deployment
• Installed in minutes
Porticor Added • Cost-effective cluster
operations
• Full data layer encryption
Cloud • Proven encryption algorithms
provider
The master key
remains the sole User account
possession of
the application
owner and Database server/s
unknown to
Porticor
Porticor Virtual Key Manager™
Dist. Virtual
Storage Disks
• Secure, cloud-based key management
• Patented split-key encryption technology
• Designed for homomorphic key encryption
15. Only Porticor!
True confidentiality for
Trust and control, while
data at rest, while being
being 100% cloud-based
100% cloud-based
Split-key encryption Data security across
technology, built for virtual disks, databases,
homomorphic key distributed storage and
encryption file systems
21. The Porticor Advantage
Data Security Needs Porticor Alternative solutions
High Security Patented split-key encryption • Install a key management
technology system in the data center, or
Secure cloud based key • Key management as a service
management (transfer trust from business
Designed for homomorphic key to a third party)
encryption
Ease of Use Deployed in minutes • Installation takes hours to
Cost-effective operations days
Fully “cloudy”, dynamic & elastic • Requires expertise
Requires no expertise in • Do not cover entire data layer
encryption and key management • Often have no cloud API
Full data layer encryption
Secure cloud API
Scalability and Automatic scaling of encrypted • Limited
Elasticity environments