Data at rest has long been protected by technology called public key infrastructure (PKI), in which data is encrypted when it's created by a public key and only decrypted by the authorized person holding the private key. But data protection is complicated in cloud environments.
According to a new report,InformationWeek's Data Encryption: Ushering In a New Era, cloud and mobility are adding new challenges to security. "The problem of mobility and cloud is it forces policies, processes and encryption technologies to have to scale to an outside device, organization and too many more use cases," says Michael Davis, CEO of Savid Technologies and author of the report. "This usually means the governance/audit team isn't ready, the security team gets bogged down in details related to deployment, but in the end we don't see users impacted too much by encryption in these spaces as the technology is usually transparent."
A number of firms are developing technologies to address one of the top security concerns of companies considering a cloud deployment. One such company, Israeli-based Porticor, is coming out with an encryption tool that secures data managed by public cloud service providers and by companies that deliver private cloud platforms to enterprise customers. The founder and CEO says its approach to data security in the cloud is based on the concept of the safe deposit box people use to securely store valuables in a bank.
"A safe deposit box in a bank has two keys--one for the customer and the other for the banker," says Gilad Parann-Nissany. The customer can't open the box without the banker's key, and the banker can't open the box without the customer's key.
In the cloud environment, Porticor's solution gives one key to the customer--in this case, the customer who subscribes to a public cloud infrastructure-as-a-service (IaaS) provider or to a company that operates a private cloud for a customer under the platform-as-a-service (PaaS) model. The provider, or "banker," has a unique key for each application that the customer runs in the public or private cloud environment, he explains.
The safe deposit box analogy is not new in data encryption, says Scott Crawford, managing research director at Enterprise Management Associates, but he believes Porticor's approach to protecting data in third-party-hosted resources is a new approach. "It is targeted to help solve the problem of balancing control over data security with reliable key management that has challenged many other approaches up to now," he says.