One of the ongoing enterprise qualms about venturing into cloud computing is making sure data is secure, be it with an infrastructure-as-a-service (IaaS) provider or on a private cloud from a platform-as-a-service (PaaS) provider. In either case, the customer is putting its faith in someone else’s security competence. Recently, a number of technology companies have tried to allay customer concerns about data security by giving them control of the keys that protect their data in the cloud.
Certes Networks, a cloud security provider, is just the latest to offer a solution that encrypts data without diminishing the qualities enterprises demand from the cloud, such as scalability, low latency and high availability. It’s virtual Certes Enforcement Point (vCEP) is a virtual appliance that creates an encryption gateway behind a hypervisor and applies the required policy to all the virtual machines controlled by that hypervisor. With the vCEP appliance, the headers of each data packet can be read to apply network intelligence such as load balancing, disaster recovery, service-based routing and application monitoring while the data in each packet remains encrypted, says Jim Doherty, senior VP of marketing for Certes (both the French word for "certainty"” and an anagram for "secret," he adds).
vCEP also efficiently manages traffic and protects encryption without using IPsec tunneling, says Doherty. IPsec is an Internet protocol for encrypting and authenticating IP packets on a network, and for negotiating the cryptographic keys to be used during a particular session. The vCEP appliance gets rid of the negotiation of keys between endpoints, which negates the need for tunneling and the performance degradation that comes with it, says Doherty, such as the impacts on availability, scalability and latency. "With IPSec-based tunneling, you basically break all of those features," he says. "[With vCEP], we allow customers to maintain control of the policies and the keys."
Giving customers control over their data in the cloud could alleviate some of their concerns about embracing the cloud. According to a recent report from InformationWeek Research, State of Storage 2012, 79% of survey respondents still have major concerns about security with cloud-based storage services.
More troubling is the finding in the InformationWeek report Research: State of Cloud Computing 2012 that 64% of enterprises using cloud services are dealing with between two and five different providers. "As the number of servers and applications move into the cloud, the more the use of encryption drops off," according to the report. Other vendors have also offered ways for enterprises to maintain control of encryption of their data in a cloud.
In February Porticor introduced an encryption tool that gives the owners of data a way to secure their data in a private or public cloud environment. The company compared its data security approach to a safe deposit box where the bank holds one key and the customer holds the other. Neither key alone can open the box; they have to be turned together.
And although it’s in a different space than Porticor or Certes, SpiderOak gives complete cryptographic control to customers for its Spider Oak Blue and Blue + services for data backup, recovery and file sharing in the cloud. The company, which began as a consumer-based backup service, branched out into the enterprise space this month. It uses what it calls its Zero-Knowledge Privacy Standard, which means even though a customer’s data is backed up on SpiderOak’s cloud, only the customer controls the encryption keys.
Learn more about Research: Data Encryption by subscribing to Network Computing Pro Reports (free, registration required).