Executive Technology Presentation For GWSB ISTM 6207 in Fall 2013

1. PROJECT
EXECUTIVE TECHNOLOGY PRESENTATION
CLOUD ENCRYPTION GATEWAYS
SEMESTER
GWSB FALL 2013
BY
MARK SILVERBERG

2. How can our enterprise take
advantage of third-party apps
that run in the cloud without
compromising on security?
That’s easy! Just approve my
acquisition order for a cloud
encryption gateway.
Confusion

3. What are CEGs?
Cloud Encryption Gateways
A security product that obfuscates sensitive
information stored in the cloud
Sensitive data is
encrypted as it
flows from a
device, through the
CEG proxy, and
into the cloud
service provider’s
backend

4. How Is That Secure?
The cloud provider (such as Salesforce or Google
Apps) store values that only the CEG can decrypt

5. Key Benefits
Facilitates confidentiality
Confidentiality
When using encryption,
maintains integrity of
sensitive data
Allows security-conscious
organizations to adopt
public/private cloud
applications (SaaS) and
infrastructure (IaaS) which
may aid availability
Availability
Integrity

6. Key Findings & Recommendations
Key Findings
Recommendations
By definition, CEGs must
integrate with third-party apps
Plan for ongoing support
of connectors by CEG & 3rd parties
Most CEG providers support common
and popular SaaS and IaaS offerings
Many offer to ingrate with “any app”, but
additional resources may be required
Do not forget about the trade-offs of
A) the cloud and
B) encryption
A) CEG server and workforce locations will
affect latency and perceived performance
!
B) Might not want to encrypt all
information if you need to do calculations
server-side
!
CEG is an emerging technology — new
and better offerings are being actively
developed
Enter into short-term contracts

7. Gartner Hype Cycle
Cloud
Encryption
Gateways
Benefit
Rating:
High
Market
Penetration:
1-5%
Maturity:
Emerging

8. Adoption & Implementation Strategy
and Implementation Timelines
Highly interdependent on..
existing network structure (WAN/
VPN/existing proxies) and size
third party integrations
(Salesforce.com, GMail, etc.)
must be configured
number and location of hosts
(PCs, servers, mobile devices)
may need to be touched

9. Cipher Cloud
Cloud Data Protection
Gateway by PerspecSys
Current market leader and one of the first COTS
Appears to be second to CipherCloud
Integrations for many offerings including
Salesforce, Box, MS Office 365, Gmail, Amazon
Web Services
Integrations include Salesforce, ServiceNow,
Oracle, Amazon Web Services
Focus industries: financial services and
healthcare
Pricing:
Free trial available
Flexible, subscription based pricing model
with no long-term contracts or lock-in
periods - From $5 to $20 per month per
user
Additional features include:
Marketing focuses on international data
privacy laws and government agency/NGO
requirements such as data residency and other
obligations
Additional features include:
Mail Transport Agent that “allows
organizations to use email services, even
when contact and other sensitive
information is no longer in the cloud”
Partnership with providers to offer “realtime cloud malware protection against
viruses, spyware, trojans, bots, [and]
rootkits”
As of 11/2013: 2 million users, 250 million
records protected, 10 industries, 14 countries, 6
languages
Both companies follow FIPS 140-2 standards which require at least AES-256 encryption and
have had dozens of millions of dollars invested in them by top venture capital firms
(suggesting that this is an emerging technology offering that is not yet profitable)

10. Risks & Competitive Advantage
of Early Adoption
Risks
Advantages
Maturity & Workflow/
Change Management
Securely harness the
cloud
new and emerging technology
status; not all stakeholders may
be open to it
includes leveraging third party
SaaS/PaaS such like Salesforce,
Google Apps
Speed
Ability to outsource
some IT
encryption + decryption will
always be slower than without
Vendor lock-in
relatively easy to avoid by
insisting on short-term contracts
which can save time, money,
and human resources

11. CEG In The News

12. Summary
Cloud Encryption Gateways are a
proxy between an enterprise’s secure
network and the public cloud.
Sensitive data is encrypted as it
flows from a device, through the
CEG proxy, and into the cloud
service provider’s backend
When a user needs to read the
information from the cloud device, it
is decrypted and presented to them
Confidentiality
Availability
Integrity

13. Works Referenced
CipherCloud Selected As SINET 16 Innovator and Presenting Cloud Encryption Gateway At 2011 SINET Showcase.
(2011, October 11). Yahoo! Finance. Retrieved October 15, 2013, from http://finance.yahoo.com/news/
CipherCloud-Selected-As-SINET-iw-514934155.html!
Cloud Protection Solutions. (2013). PerspecSys. Retrieved October 15, 2013, from http://www.perspecsys.com/
perspecsys-cloud-protection-gateway/!
Data Encryption for the Cloud. (2013). CipherCloud. Retrieved October 15, 2013, from http://www.ciphercloud.com/
cloud-encryption.aspx!
Heiser, J., & MacDonald, N. (2013). Hype Cycle for Cloud Security (No. G00239712) (pp. 21–22). Gartner.!
Hoffman, K. E. (2013, January). Cloud of Suspicion. SC Magazine, 24(1), 26–28. Retrieved from http://
proxygw.wrlc.org/login?url=http://search.proquest.com.proxygw.wrlc.org/docview/1282079369?accountid=11243!
Navajo Systems Receives Best Security Solution at Cloud Computing World Series Awards. (2011, June 24).
Retrieved October 15, 2013, from http://proxygw.wrlc.org/login?url=http://search.proquest.com/docview/
873476522?accountid=11243!
Ouellet, E., & Lowans, B. (2012). Cloud Encryption: Some Assembly Required (Research Note No. G0024664).
Gartner.!
PerspecSys Named as Finalist in the 4th Annual 2012 Golden Bridge Awards for Its Innovation in Cloud Data
Protection. (202AD, November 23). Re. Retrieved October 2, 2013, from http://www.reuters.com/article/
2012/08/23/idUS124629+23-Aug-2012+BW20120823!
The 10-Minute Guide to Cloud Encryption Gateways. (2013, April 5). CipherCloud. Retrieved from http://
pages.ciphercloud.com/The10-MinuteGuidetoCloudEncryptionGateways.html!
Thank you for your time and attention