• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Cloud encryption everything you always wanted to know but were afraid to ask
 

Cloud encryption everything you always wanted to know but were afraid to ask

on

  • 7,031 views

Cloud Asia Singapore 15 May 2013

Cloud Asia Singapore 15 May 2013

Statistics

Views

Total Views
7,031
Views on SlideShare
1,130
Embed Views
5,901

Actions

Likes
0
Downloads
0
Comments
0

54 Embeds 5,901

http://blog.3g4g.co.uk 1843
http://3g4g.blogspot.com 1377
http://3g4g.blogspot.in 446
http://3g4g.blogspot.co.uk 402
http://3g4g.blogspot.tw 253
http://3g4g.blogspot.de 182
http://3g4g.blogspot.jp 176
http://3g4g.blogspot.fr 168
http://3g4g.blogspot.kr 167
http://3g4g.blogspot.ca 104
http://3g4g.blogspot.pt 84
http://3g4g.blogspot.it 62
http://3g4g.blogspot.com.es 55
http://3g4g.blogspot.sg 49
http://3g4g.blogspot.fi 44
http://3g4g.blogspot.ch 39
http://feeds.feedburner.com 35
http://3g4g.blogspot.co.il 33
http://3g4g.blogspot.com.au 33
http://www.3g4g.blogspot.in 32
http://3g4g.blogspot.hk 30
http://3g4g.blogspot.nl 28
http://3g4g.blogspot.ru 28
http://3g4g.blogspot.com.br 25
http://3g4g.blogspot.se 24
http://www.3g4g.blogspot.com 23
http://3g4g.blogspot.gr 19
http://3g4g.blogspot.be 18
http://cloud.feedly.com 15
http://3g4g.blogspot.ro 13
http://newsblur.com 12
http://3g4g.blogspot.ie 12
http://3g4g.blogspot.ae 10
http://3g4g.blogspot.co.nz 10
http://3g4g.blogspot.no 7
http://1834236085756782640_bd28ae30c4b4d85537435ac5b38a3ba3cc9ff6eb.blogspot.com 6
http://3g4g.blogspot.co.at 5
http://www.newsblur.com 4
http://translate.googleusercontent.com 4
http://3g4g.blogspot.mx 4
http://3g4g.blogspot.hu 4
http://3g4g.blogspot.dk 3
http://3g4g.blogspot.com.ar 2
http://www.feedspot.com 1
http://127.0.0.1 1
http://feedly.com 1
http://webcache.googleusercontent.com 1
http://www.3g4g.blogspot.de 1
http://www.redtreereader.com 1
http://3g4g.blogspot.sk 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Cloud encryption everything you always wanted to know but were afraid to ask Cloud encryption everything you always wanted to know but were afraid to ask Presentation Transcript

    • the private computing companyCloud Encryption:Everything You Always Wanted toKnow but Were Afraid to AskTodd ThiemannVice President – MarketingCo-chair CSA Solution Provider Advisory Council
    • Recent Cloud Data Security CompromisesSources:http://arstechnica.com/security/2013/04/former-employee-arrested-charged-with-rooting-2700-hostgator-servers/http://news.yahoo.com/vudu-customer-data-stolen-office-burglary-221655387.html
    • 14%92%InsidersOutsidersWho is Perpetrating Breaches?2013 DATA BREACH INVESTIGATION REPORTOrigin of ThreatOrigin of Threat
    • Old School Datacenter Attacks
    • New School Cloud Attacks+
    • 6Why Secure Your Data?ExecutiveMandate•  IP Protection•  BrandProtection•  CorporateDataGovernanceContractualObligation•  Outsourcing•  SaaS contractsComplianceRegulations•  PCI DSS•  Basel III•  National DataProtectionLaws
    • 7REV 0.1Electronic Ledger StorageLaw (Japan)11MEDIS-DC (Japan)CanadianElectronicEvidence ActPCI DataSecurityStandard (WW)US State DataBreach LawsFDA 21CFR Part 11Sarbanes-Oxley Act(USA)AIPA (Italy)GDPdU and GoBS(Germany)EU DataProtectionDirectiveUK DataProtection ActNF Z 42-013 (France)FinancialServicesAuthority (UK)Basel IIICapitalAccordGLB ActJapan PIP ActInternational companies must adhere to regulations in each country ofoperation, such regulations can call for encryptionHIPAA/HITECH (USA)Worldwide ComplianceS. Korea PersonalInformation Protection ActSingapore Personal DataProtection ActTaiwan Personal DataProtection Act
    • Encryption Architectures for Data at Rest8ControlSimplicityNative DBGatewayUsersApplicationsDatabaseOSHypervisorHardware (CPU/Memory)StorageOS/FileTechnologies balance between control and simplicityAPISAN, NAS, DAS Storage
    • Application EncryptionApplication encryption using APIsbefore data is stored in databaseØ Pros: Most secure at top ofstack, cloud agnostic (portable)Ø Cons: Intrusive, requiring customcode development, not applicableto SaaSKey Management
    • OS-level Encryption (File Encryption)OS-level (aka File-level) Encryptionencrypts and controls access to file-level dataØ Pros: Enables access control andseparation of duties with CSP andwithin enterprise, portableØ Cons: Enterprises cannot use withSaaS/PaaS, not extremely granularKey Management
    • Cloud Storage EncryptionEncrypts data at mounted storage volumeØ Pros: Can enable access control andseparation of duties between CSP andenterpriseØ Cons: Uncertain key custody, noaccess control
    • Gateway Encryption (Proxy)Gateway uses reverse proxy toencrypt or tokenize sensitive SaaS/PaaS dataØ Pros: Agentless architecture forsecuring SaaS/PaaS, noapplication changes, enterprisecontrols keysØ Cons: Can disrupt applicationfunctionality (indexing, searching,sorting, business logic in cloud),you must track cloud applicationchangesSaaSGateway
    • 13Cloud Encryption LayersAPIEncryptionDatabaseEncryptionFileEncryptionStorageEncryptionUserApplicationDatabaseOSHypervisorHWStorageCaveat: Compromised Hardware/Memory Can Break Trust ModelGatewayEncryption
    • Encryption Beyond Data At Rest• Data in Use (Memory)–  Memory is clear text and canbe parsed to find sensitive data–  Dumping memory cancompromise data andencryption keys for data at rest–  Evaluate emerging threat andsolutions to mitigate risk
    • Questions To Consider• What information needs to be protected?• What threats do you want to protect theinformation against?• What application and infrastructure changes canyou tolerate?• Who holds the encryption keys?–  You? Partner? Cloud service provider?• Performance
    • Todd’s Take-aways• Encryption enables trust in an untrustedenvironment• Encryption enables logical separation of data atany level (country, datacentre, database, etc)• Encryption protects sensitive data, but also canenable security intelligence–  Who is touching your data?• Minimize encryption silos to minimize costs–  Many encryption use cases can cause solutions to proliferate
    • Questions & AnswersThank you!todd@privatecore.com@cryptodd