|By Gilad Parann-Nissany||
|January 17, 2014 09:15 AM EST||
The growing rate of hybrid cloud adoption requires particular models of cloud security. Many enterprises are moving some of their workload to a public cloud environment while retaining other workloads in the private cloud. Transitional cloud security strategies are needed that continue to make use of existing data centers and security strategies. Because each enterprise splits up their data between public and private clouds in a unique way, data security methods must solve multiple challenges:
- How to secure on-premise data center resources
- How to secure applications when they migrate to the public cloud
- How to secure data stored with multiple cloud service providers
- How to protect virtualized underpinnings of public and private clouds
- How to secure mobile devices which connect to the cloud infrastructure
The key to addressing these issues is taking a holistic approach to cloud security.
Securing Data in the Cloud with Encryption
The issue of data ownership becomes even more important in hybrid cloud scenarios because they involve data in multiple locations. There is only one best practice for securing data in the cloud with systems that involve multiple private and public locations: encrypt the data in a way that allows all systems to continue working transparently and to maintain ownership of the data through ownership of the encryption keys.
A technological breakthrough in this area is split key encryption, which elegantly settles the issue of ownership of encryption keys. This method encrypts each “resource” (a disk, a database row, a file, etc) with a combination of two keys, one of which, a master key, is owned only by the enterprise. With this method, only the owner of the data ultimately controls the encryption keys. Maintaining control of the encryption keys eliminates the possibility that someone else has control (i.e., cloud providers’ employees), so the issue of ownership is settled in an elegant way.
Split key encryption can be further enhanced through homomorphic key management, which keeps encryption keys encrypted at all times – even when they are in use. This way, the data can be used without the master key ever being exposed. If a hacker steals a master key in its encrypted form, it cannot be used by the hacker.
Another great benefit of securing data in the cloud with split key cloud encryption and homomorphic key management is that in the unlikely event that a security breach does occur, these measures allow enterprises to claim “Safe Harbor.” Having taken these precautions and achieving Safe Harbor means that they are relieved from many of the reporting requirements and the regulatory fines usually associated with a breach, since they can show that the data is encrypted and the encryption keys are safe.
In hybrid cloud scenarios, the combination of these methodologies allows you to protect your data across multiple cloud locations and achieve “Safe Harbor,” thus also protecting yourself.
Click here to learn more about Porticor’s solutions for hybrid cloud security.