|By Gilad Parann-Nissany||
|March 17, 2012 08:00 AM EDT||
We’ve always had a close relationship with cloud providers, such as Amazon Web Services and Red Hat OpenShift. Lately we have been hearing from an ever wider spectrum of the cloud provider industry, and their cloud data security requirements show a pattern.
Providers need to differentiate themselves in a competitive market, and they need to ensure high security standards. Cloud data security is a must have, but it’s also something that requires expertise.
Cloud providers are in the midst of a transition
Cloud providers are facing a market in transition, from the hosting model to the cloud model. Many of them have already invested in virtualization, during the previous wave of innovation. Popular choices have been VMware, XEN, and KVM.
Now they are rolling out the next generation of cloud infrastructure and platform solutions. Both private and public cloud offerings are in scope, and we are seeing both homogenous technology stacks and mixed stacks. For example, while some cloud providers we talk to are VMware shops, others are mixing a management tool from one vendor with a virtualization solution from another.
The motive is the huge success of cloud solutions with customers. Customers like the pay-as-you-go economics of cloud; they like the flexibility and elasticity even better. Being able to get 1 or 100 servers in minutes, 10GB or 10TB whenever you like, and to give them back whenever you like; these values are driving the entire market.
No compromise on cloud data security
Whatever their strategy, all the providers are quoting their customers, who cannot compromise on cloud data security. The motives may vary; for some it is regulatory compliance, while for others it may be the brand value or sensitivity of data.
As a result, some customers will bring only less sensitive data to the cloud, which limits the benefits of cloud to less sensitive projects. This is typical of transition, but everybody is looking for answers that will be appropriate for more sensitive data.
No one wants to compromise between the flexibility of cloud and the sensitivity of their data. Tradeoffs are not possible. If customers perceive their data to be sensitive, they demand a solution which offers both the full flexibility of cloud and the level of security required by the data.
Data at rest does require a revolution in Cloud Encryption
Data at rest is one of the trickiest issues, as perceived by customers. They are moving their data out of the four walls of the data center, as it were, and into an environment where they themselves will manage their disks using a browser.
Customers express the following concern: if I manage my disk through a browser, than a hacker might too (heaven forbid). As well-known security analyst Rich Mogul once blogged, “Anyone with access to your management plane (with sufficient rights) can snapshot a volume and move it around; It only takes 2-3 command lines to snapshot a drive off to object storage, make it public, and then load it up in a hostile environment”.
The universal answer is cloud encryption, and cloud encryption does work. Well known encryption algorithms like AES-256 or Blowfish can protect data. But like all buzz words, it pays to look closer.
The fly in the ointment is, where do you keep the cloud encryption keys? There are no good answers, though several have tried.
Some opinions suggest that vendors will keep the keys for you; which requires you trust them. Hmmm. Are there other approaches?
Some opinions suggest “trust no one”; an appealing message for the security conscious customer. They further suggest you take your encryption keys back with you to your data center. This is not perfect for the customer, as they have to pay and maintain a physical key management infrastructure in-house. Remember, they went to the cloud to get away from that.
It’s also not a perfect option for cloud providers because it’s contrary to their business model. Imagine a provider telling a customer “don’t trust me”.
Finally, some customer scenarios simply break if you require installation in a physical data center. Imagine a disaster recovery scenario that still requires “just a little bit” of the data center to continue functioning. Imagine an ISV who has staked their future on a pure cloud approach.
These are business cases which require new thinking.
Cloud data security requirements
Thinking all these problems through, the only real solution is cloud encryption with cloud key management that:
- Allows customers to literally trust no one, yet without needing a physical data center
- Provides military grade security
- Works 100% in the cloud, and can be provisioned in well-built cloud data centers
- Provides all the cloud values: “one click” solutions that are up in minutes, flexible and elastic
Quite a tall order… Cloud providers are discovering you cannot tack on such capabilities, you must design for them.
Porticor’s split-key encryption, built for homomorphic key encryption, was designed from the ground up to tackle these requirements. This solution packages a great deal of complexity into a cloud encryption and cloud key management solution that comes up in minutes, and allows the customer to trust no one.
With the proliferation of connected devices underpinning new Internet of Things systems, Brandon Schulz, Director of Luxoft IoT – Retail, will be looking at the transformation of the retail customer experience in brick and mortar stores in his session at @ThingsExpo. Questions he will address include: Will beacons drop to the wayside like QR codes, or be a proximity-based profit driver? How will the customer experience change in stores of all types when everything can be instrumented and analyzed? As an area of investment, how might a retail company move towards an innovation methodolo...
Sep. 4, 2015 04:15 PM EDT Reads: 528
Manufacturing connected IoT versions of traditional products requires more than multiple deep technology skills. It also requires a shift in mindset, to realize that connected, sensor-enabled “things” act more like services than what we usually think of as products. In his session at @ThingsExpo, David Friedman, CEO and co-founder of Ayla Networks, will discuss how when sensors start generating detailed real-world data about products and how they’re being used, smart manufacturers can use the data to create additional revenue streams, such as improved warranties or premium features. Or slash...
Sep. 4, 2015 04:00 PM EDT
Contrary to mainstream media attention, the multiple possibilities of how consumer IoT will transform our everyday lives aren’t the only angle of this headline-gaining trend. There’s a huge opportunity for “industrial IoT” and “Smart Cities” to impact the world in the same capacity – especially during critical situations. For example, a community water dam that needs to release water can leverage embedded critical communications logic to alert the appropriate individuals, on the right device, as soon as they are needed to take action.
Sep. 4, 2015 04:00 PM EDT
WebRTC services have already permeated corporate communications in the form of videoconferencing solutions. However, WebRTC has the potential of going beyond and catalyzing a new class of services providing more than calls with capabilities such as mass-scale real-time media broadcasting, enriched and augmented video, person-to-machine and machine-to-machine communications. In his session at @ThingsExpo, Luis Lopez, CEO of Kurento, will introduce the technologies required for implementing these ideas and some early experiments performed in the Kurento open source software community in areas ...
Sep. 4, 2015 03:45 PM EDT Reads: 141
Sep. 4, 2015 03:30 PM EDT Reads: 978
While many app developers are comfortable building apps for the smartphone, there is a whole new world out there. In his session at @ThingsExpo, Narayan Sainaney, Co-founder and CTO of Mojio, will discuss how the business case for connected car apps is growing and, with open platform companies having already done the heavy lifting, there really is no barrier to entry.
Sep. 4, 2015 03:00 PM EDT Reads: 227
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be.
Sep. 4, 2015 02:00 PM EDT Reads: 231
As more intelligent IoT applications shift into gear, they’re merging into the ever-increasing traffic flow of the Internet. It won’t be long before we experience bottlenecks, as IoT traffic peaks during rush hours. Organizations that are unprepared will find themselves by the side of the road unable to cross back into the fast lane. As billions of new devices begin to communicate and exchange data – will your infrastructure be scalable enough to handle this new interconnected world?
Sep. 4, 2015 02:00 PM EDT Reads: 271
The Internet of Things is in the early stages of mainstream deployment but it promises to unlock value and rapidly transform how organizations manage, operationalize, and monetize their assets. IoT is a complex structure of hardware, sensors, applications, analytics and devices that need to be able to communicate geographically and across all functions. Once the data is collected from numerous endpoints, the challenge then becomes converting it into actionable insight.
Sep. 4, 2015 12:30 PM EDT Reads: 121
Sep. 4, 2015 12:00 PM EDT Reads: 502
SYS-CON Events announced today that Micron Technology, Inc., a global leader in advanced semiconductor systems, will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Micron’s broad portfolio of high-performance memory technologies – including DRAM, NAND and NOR Flash – is the basis for solid state drives, modules, multichip packages and other system solutions. Backed by more than 35 years of technology leadership, Micron's memory solutions enable the world's most innovative computing, consumer,...
Sep. 4, 2015 12:00 PM EDT Reads: 297
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts, GM of Platform at FinancialForce.com, will discuss the value of business applications on wearable ...
Sep. 4, 2015 12:00 PM EDT Reads: 110
As more and more data is generated from a variety of connected devices, the need to get insights from this data and predict future behavior and trends is increasingly essential for businesses. Real-time stream processing is needed in a variety of different industries such as Manufacturing, Oil and Gas, Automobile, Finance, Online Retail, Smart Grids, and Healthcare. Azure Stream Analytics is a fully managed distributed stream computation service that provides low latency, scalable processing of streaming data in the cloud with an enterprise grade SLA. It features built-in integration with Azur...
Sep. 4, 2015 11:45 AM EDT Reads: 401
SYS-CON Events announced today the Containers & Microservices Bootcamp, being held November 3-4, 2015, in conjunction with 17th Cloud Expo, @ThingsExpo, and @DevOpsSummit at the Santa Clara Convention Center in Santa Clara, CA. This is your chance to get started with the latest technology in the industry. Combined with real-world scenarios and use cases, the Containers and Microservices Bootcamp, led by Janakiram MSV, a Microsoft Regional Director, will include presentations as well as hands-on demos and comprehensive walkthroughs.
Sep. 4, 2015 11:00 AM EDT Reads: 433
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
Sep. 4, 2015 11:00 AM EDT Reads: 1,618
Sep. 4, 2015 10:45 AM EDT Reads: 665
Akana has announced the availability of the new Akana Healthcare Solution. The API-driven solution helps healthcare organizations accelerate their transition to being secure, digitally interoperable businesses. It leverages the Health Level Seven International Fast Healthcare Interoperability Resources (HL7 FHIR) standard to enable broader business use of medical data. Akana developed the Healthcare Solution in response to healthcare businesses that want to increase electronic, multi-device access to health records while reducing operating costs and complying with government regulations.
Sep. 4, 2015 09:30 AM EDT Reads: 337
Containers are not new, but renewed commitments to performance, flexibility, and agility have propelled them to the top of the agenda today. By working without the need for virtualization and its overhead, containers are seen as the perfect way to deploy apps and services across multiple clouds. Containers can handle anything from file types to operating systems and services, including microservices. What are microservices? Unlike what the name implies, microservices are not necessarily small, but are focused on specific tasks. The ability for developers to deploy multiple containers – thous...
Sep. 4, 2015 09:00 AM EDT Reads: 217
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
Sep. 4, 2015 08:15 AM EDT Reads: 2,047
Consumer IoT applications provide data about the user that just doesn’t exist in traditional PC or mobile web applications. This rich data, or “context,” enables the highly personalized consumer experiences that characterize many consumer IoT apps. This same data is also providing brands with unprecedented insight into how their connected products are being used, while, at the same time, powering highly targeted engagement and marketing opportunities. In his session at @ThingsExpo, Nathan Treloar, President and COO of Bebaio, will explore examples of brands transforming their businesses by t...
Sep. 4, 2015 07:00 AM EDT Reads: 305