Gilad Parann-Nissany is the founder and CEO of Porticor Cloud Security. He is a pioneer in the field of cloud computing who has built SaaS clouds, contributed to SAP products and created a cloud operating system. He has writes about the importance of cloud encryption and encryption key management for PCI and HIPAA compliance. Gilad can be found on his blog.
When large enterprises move to a public infrastructure cloud (such as Amazon Web Services or others), it is a gradual, and often times, carefully measured process. Large enterprises strive for 100 percent certainty that the migration process will not impact the business; therefore, they’ll usually start slowly, by migrating one application or process to the cloud.
This is where hybrid clouds kick in. Hybrid clouds offer (just as their name insinuates) a hybrid between on-premise and cloud infrastructure. But once even part of the business is in the cloud, the need arises for cloud security. As data is migrated away from the local “safe” data center, access to the information is no longer controlled by the enterprise, and different, cloud-oriented, security measures must be considered.
Hybrid Cloud Example: Components and Risks
Let’s take a classic hybrid cloud example and dissect its components and risks. Recovery as a Service, RaaS, will contain an on-premise component: usually a physical appliance or an agent of some sort. Additionally, it requires a cloud component: the technology and capacity to allow an organization to recover from failure away from the data center.
The pros are many, specifically the ability to dramatically reduce costs, moving away from a physical recovery solution to a cloud, pay-per-use, solution.
With the benefits come the risks. As soon as data is no longer in the hands of the enterprise, but rather resides in the cloud, cloud security (and in most cases, cloud compliance as well) becomes a primary concern. An enterprise must make cloud security a top priority to ensure that its data is as secure in the cloud as it was in the data center.
Cloud Security Best Practices for Hybrid Clouds
Cloud encryption is considered best practice and a “must-have” as part of any cloud security architecture. It allows for data segregation using mathematical walls instead of the physical walls of the data center world. But in fact, when it comes to cloud security, cloud encryption is the easy part.
The challenge is mostly with the encryption keys. Or, more accurately, who controls and manages your encryption keys? Would you trust your banker to hold on to your safety deposit box key? Probably not, and for a good reason! Same goes for cloud security best practice: never trust your cloud provider to manage the encryption keys for you. As with your safety deposit box, you, and only you, should own your key.
Recent cloud security advancements present an innovative approach to the key management issue using technologies such as split-key encryption. Going back to the banker metaphor, with split-key encryption, the encryption key is split in half, allowing the customer to maintain control of the encryption key while, at the same time, host its most sensitive data in the cloud. Such technologies are enabling secure migration to the cloud and support hybrid use cases such as RaaS.
Don’t Delay Cloud Adoption Because of Cloud Security
We often fear the unknown. We have been inundated with opinions professing that the cloud is not secure. This is not necessarily the case. As our computing environments have advanced, so have the security protocols that protect them. By using the latest cloud security models, your data can be as secure in the cloud as it was in the data center (in my opinion, it is even more secure this way).
But, what about the breaches? Between the media storm caused by Snowden and the NSA and the one caused by the Target credit card hackers, we are led to think that everyone who operates in the cloud will meet their demise. Again, simply not the case. First of all, breaches happen in the physical world too – whether it is a stolen laptop or an employee “mole,” security breaches were not born in the cloud. In fact, migrating to the cloud with cloud security measures like split-key encryption ensures that fewer “hands” touch your data and therefore, reduces the access points.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.