PCI Compliance and Cloud Security: Frequently Asked Questions

  • 61 views
Uploaded on

Answers to frequently asked questions about PCI compliance and cloud security. For more information, see http://www.porticor.com

Answers to frequently asked questions about PCI compliance and cloud security. For more information, see http://www.porticor.com

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
61
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
3
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • www.porticor.com © PORTICOR 2009, 2010

Transcript

  • 1. PCI Compliance and Cloud Security: Frequently Asked Questions Gilad Parann-Nissany, co- founder at Porticor Cloud Security
  • 2. • How do I generate strong encryption keys? • Can my cloud provider read my data? • What is “split knowledge” and why is it important? • What is Porticor® Virtual Private Data™ System?
  • 3. How do I generate strong encryption keys? Encryption keys must be of sufficient length and totally random. Make sure your encryption provider gives you tools to generate these keys, under your complete control.
  • 4. Can my cloud provider read my data? If your cloud provider has control over the encryption keys, your data can be seen by the company. But if you keep the keys private, the data is fully protected. Find an encryption key management solution completely outside the control of the cloud provider.
  • 5. What is “split knowledge” and why is it important? Split knowledge is needed first and foremost to split the (encryption keys) knowledge between the cloud provider/security vendor, and the enterprise. This is best done by utilizing techniques such as split-key management and homomorphic encryption of keys. An example for such a system is Porticor’s Virtual Private Data.
  • 6. What is Porticor® Virtual Private Data™ System? • The industry’s first cloud encryption and key management system that does not sacrifice trust • The only solution that solves the unaddressed challenge of securely storing keys in the cloud • No changes required on the application servers • Encrypts the entire data level (databases, file servers, distributed storage, virtual disks)
  • 7. For more information on PCI compliance and cloud security, visit our website http://www.porticor.com