Porticor Beefs Up Cloud Security with Split-Key Encryption
October 31, 2012
Cloud security startup Porticor has updated its Virtual Private Data (VPD) system to help companies encrypt data stored in the cloud and protect encryption keys. Porticor's VPD combines encryption and its own proprietary key management service to protect enterprise data stored in public, private and hybrid clouds that run on VMWare and Amazon Web Services.
Porticor's VDP consists of two elements: the Porticor Virtual Appliance and the Virtual Key Management Service. Customers deploy the Virtual Appliance within a public or private cloud instance. The appliance encrypts data using the AES-256 algorithm. The Virtual Key Management Service, which is run from Portico's own cloud, splits the encryption key used to encrypt data in the Virtual Appliance into two separate keys. One of these keys, the master key, is kept encrypted even while in use.
- Client Windows Migration: Expert Tips for Application Readiness
- Thwart off Application-Based Security Exploits: Protect Against Zero-Day Attacks, Malware, Advanced Persistent Threats
- Best Practices for Security and Compliance with Amazon Web Services
- Why a New Business Model is Needed for SSL Certificates
- State of Cloud 2011: Time for Process Maturation
- SaaS 2011: Adoption Soars, Yet Deployment Concerns Linger
The VPD system uses partial homomorphic encryption techniques to split the encryption key. Homomorphic encryption enables mathematical operations to be performed on encrypted data. This means the master key can remain encrypted even as it encrypts and decrypts data stored in the cloud. The company says that if a master key is stolen, it can't be used to access a data store.
Data security is one of the top concerns for enterprises looking to adopt public cloud services, but the challenge is how to juggle convenient access to data and while managing security through use of encryption keys, says Scott Crawford, research director of Enterprise Management Associates. "Organizations have concerns, and rightly so, about encryption key management, which must be taken seriously to ensure the availability of protected data."
Crawford says Porticor's concept is not new, but the company's implementation for cloud environments is rather novel. He notes there are encryption options for specific SaaS services such as Salesforce.com, which acquired SaaS encryption provider Navajo Systems last year.
"Porticor is primarily targeting infrastructure as a service; however, it's a capability that would be available to application developers if they wanted to build their own application and expose it to customers and partners," says Crawford.
According to the InformationWeek 2012 Data Encryption Survey released earlier this year, there's "growing angst" over encryption of data off-site in the cloud, while enterprises continue to have concerns over the interoperability between encryption products.
Meanwhile, respondents to the InformationWeek 2012 State of Cloud Computing Survey admit that security is a big worry; among nine possible concerns, the three associated with security came in first, second and third, and 44% said they believe risks are greater in the cloud vs. 6% who say providers do a better job at security than they could do internally.
Richard Stiennon, chief research analyst, IT-Harvest, says Porticor's approach is unique and potentially disruptive. He says there are other ways to accomplish what Porticor does, but the VPD system is a more flexible. "I expect it to be able to fit into a lot of other cloud-base services."
Stiennon says Porticor addresses a significant business problem for enterprises: how they can securely store data in the cloud. Existing methods include downloading a software agent that encrypts the data locally and sends it up to the cloud, and all involve a level of complex key management. "You've probably either got shared keys, which is not a good thing, or you have your own key, which is susceptible to theft or just losing it."
Stiennon says few security vendors aside from companies such as SpiderOak give enterprise customers control over their encryption keys. The Porticor's VPD system's use of homomorphic encryption means the owner of the cloud service does not have access to customer data.
"To me this is the most important thing," says Stiennon, because enterprises cannot extend trust to service providers of any sort because providers are subject to subpoena, for example. "Under the Porticor encryption model, the service provider would not be able to divulge customer data regardless of a subpoena because they would not have access to the encryption keys."
The new release of Porticor VPD is available now. Pricing starts at $65 per month per Porticor Virtual Appliance. Porticor, which is headquartered in Israel, was founded in 2010.