PROJECT

EXECUTIVE TECHNOLOGY PRESENTATION

CLOUD ENCRYPTION GATEWAYS
SEMESTER

GWSB FALL 2013

BY

MARK SILVERBERG
How can our enterprise take
advantage of third-party apps
that run in the cloud without
compromising on security?

That’s ...
What are CEGs?

Cloud Encryption Gateways

A security product that obfuscates sensitive
information stored in the cloud
Se...
How Is That Secure?
The cloud provider (such as Salesforce or Google
Apps) store values that only the CEG can decrypt
Key Benefits
Facilitates confidentiality


Confidentiality

When using encryption,
maintains integrity of
sensitive data

All...
Key Findings & Recommendations
Key Findings

Recommendations

By definition, CEGs must

integrate with third-party apps

Pl...
Gartner Hype Cycle
Cloud
Encryption
Gateways

Benefit
Rating:

High

Market
Penetration:

1-5%

Maturity:
Emerging
Adoption & Implementation Strategy
and Implementation Timelines
Highly interdependent on.. 

existing network structure (W...
Cipher Cloud

Cloud Data Protection
Gateway by PerspecSys

Current market leader and one of the first COTS


Appears to be ...
Risks & Competitive Advantage
of Early Adoption
Risks

Advantages

Maturity & Workflow/
Change Management


Securely harnes...
CEG In The News
Summary
Cloud Encryption Gateways are a
proxy between an enterprise’s secure
network and the public cloud.

Sensitive data...
Works Referenced
CipherCloud Selected As SINET 16 Innovator and Presenting Cloud Encryption Gateway At 2011 SINET Showcase...
Upcoming SlideShare
Loading in...5
×

Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without compromising on security)

2,710

Published on

Executive Technology Presentation
For GWSB ISTM 6207 in Fall 2013

Published in: Technology, Business
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
2,710
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
83
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without compromising on security)

  1. 1. PROJECT EXECUTIVE TECHNOLOGY PRESENTATION CLOUD ENCRYPTION GATEWAYS SEMESTER GWSB FALL 2013 BY MARK SILVERBERG
  2. 2. How can our enterprise take advantage of third-party apps that run in the cloud without compromising on security? That’s easy! Just approve my acquisition order for a cloud encryption gateway. Confusion
  3. 3. What are CEGs? Cloud Encryption Gateways A security product that obfuscates sensitive information stored in the cloud Sensitive data is encrypted as it flows from a device, through the CEG proxy, and into the cloud service provider’s backend
  4. 4. How Is That Secure? The cloud provider (such as Salesforce or Google Apps) store values that only the CEG can decrypt
  5. 5. Key Benefits Facilitates confidentiality Confidentiality When using encryption, maintains integrity of sensitive data Allows security-conscious organizations to adopt public/private cloud applications (SaaS) and infrastructure (IaaS) which may aid availability Availability Integrity
  6. 6. Key Findings & Recommendations Key Findings Recommendations By definition, CEGs must integrate with third-party apps Plan for ongoing support of connectors by CEG & 3rd parties Most CEG providers support common and popular SaaS and IaaS offerings Many offer to ingrate with “any app”, but additional resources may be required Do not forget about the trade-offs of A) the cloud and B) encryption A) CEG server and workforce locations will affect latency and perceived performance
 ! B) Might not want to encrypt all information if you need to do calculations server-side ! CEG is an emerging technology — new and better offerings are being actively developed Enter into short-term contracts
  7. 7. Gartner Hype Cycle Cloud Encryption Gateways Benefit Rating:
 High Market Penetration:
 1-5% Maturity: Emerging
  8. 8. Adoption & Implementation Strategy and Implementation Timelines Highly interdependent on.. existing network structure (WAN/ VPN/existing proxies) and size third party integrations (Salesforce.com, GMail, etc.) must be configured number and location of hosts (PCs, servers, mobile devices) may need to be touched
  9. 9. Cipher Cloud Cloud Data Protection Gateway by PerspecSys Current market leader and one of the first COTS Appears to be second to CipherCloud Integrations for many offerings including Salesforce, Box, MS Office 365, Gmail, Amazon Web Services Integrations include Salesforce, ServiceNow, Oracle, Amazon Web Services Focus industries: financial services and healthcare Pricing: Free trial available Flexible, subscription based pricing model with no long-term contracts or lock-in periods - From $5 to $20 per month per user Additional features include: Marketing focuses on international data privacy laws and government agency/NGO requirements such as data residency and other obligations Additional features include: Mail Transport Agent that “allows organizations to use email services, even when contact and other sensitive information is no longer in the cloud” Partnership with providers to offer “realtime cloud malware protection against viruses, spyware, trojans, bots, [and] rootkits” As of 11/2013: 2 million users, 250 million records protected, 10 industries, 14 countries, 6 languages Both companies follow FIPS 140-2 standards which require at least AES-256 encryption and have had dozens of millions of dollars invested in them by top venture capital firms (suggesting that this is an emerging technology offering that is not yet profitable)
  10. 10. Risks & Competitive Advantage of Early Adoption Risks Advantages Maturity & Workflow/ Change Management
 Securely harness the cloud
 new and emerging technology status; not all stakeholders may be open to it includes leveraging third party SaaS/PaaS such like Salesforce, Google Apps Speed
 Ability to outsource some IT
 encryption + decryption will always be slower than without Vendor lock-in
 relatively easy to avoid by insisting on short-term contracts which can save time, money, and human resources
  11. 11. CEG In The News
  12. 12. Summary Cloud Encryption Gateways are a proxy between an enterprise’s secure network and the public cloud. Sensitive data is encrypted as it flows from a device, through the CEG proxy, and into the cloud service provider’s backend When a user needs to read the information from the cloud device, it is decrypted and presented to them Confidentiality Availability Integrity
  13. 13. Works Referenced CipherCloud Selected As SINET 16 Innovator and Presenting Cloud Encryption Gateway At 2011 SINET Showcase. (2011, October 11). Yahoo! Finance. Retrieved October 15, 2013, from http://finance.yahoo.com/news/ CipherCloud-Selected-As-SINET-iw-514934155.html! Cloud Protection Solutions. (2013). PerspecSys. Retrieved October 15, 2013, from http://www.perspecsys.com/ perspecsys-cloud-protection-gateway/! Data Encryption for the Cloud. (2013). CipherCloud. Retrieved October 15, 2013, from http://www.ciphercloud.com/ cloud-encryption.aspx! Heiser, J., & MacDonald, N. (2013). Hype Cycle for Cloud Security (No. G00239712) (pp. 21–22). Gartner.! Hoffman, K. E. (2013, January). Cloud of Suspicion. SC Magazine, 24(1), 26–28. Retrieved from http:// proxygw.wrlc.org/login?url=http://search.proquest.com.proxygw.wrlc.org/docview/1282079369?accountid=11243! Navajo Systems Receives Best Security Solution at Cloud Computing World Series Awards. (2011, June 24). Retrieved October 15, 2013, from http://proxygw.wrlc.org/login?url=http://search.proquest.com/docview/ 873476522?accountid=11243! Ouellet, E., & Lowans, B. (2012). Cloud Encryption: Some Assembly Required (Research Note No. G0024664). Gartner.! PerspecSys Named as Finalist in the 4th Annual 2012 Golden Bridge Awards for Its Innovation in Cloud Data Protection. (202AD, November 23). Re. Retrieved October 2, 2013, from http://www.reuters.com/article/ 2012/08/23/idUS124629+23-Aug-2012+BW20120823! The 10-Minute Guide to Cloud Encryption Gateways. (2013, April 5). CipherCloud. Retrieved from http:// pages.ciphercloud.com/The10-MinuteGuidetoCloudEncryptionGateways.html! Thank you for your time and attention
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×