Safe Harbor in the Cloud
What if things go wrong?
December 2013
contact@porticor.com
http://www.porticor.com
Who is Porticor?
Overview

Available on strategic platforms

 Cloud encryption and key
management
 Focused on Healthcare...
Compliance and Security are #1
concerns for cloud healthcare

Customer concerns about
security

Customers requirements for...
What happens when things go wrong?
•
•

Updated HIPAA Omnibus rules put more liability on ISVs as “Business Associates”
No...
What is Safe Harbor?
• HHS guidance: “technologies and methodologies that
render protected health information unusable, un...
Cloud Types

SaaS

PaaS

IaaS
Your mission
critical
Healthcare
app is here

© Porticor - Confidential

6
You need…
Pure cloud solution for
encrypting data at rest
and in use

A solution that securely
stores keys in the cloud

A...
Porticor Solution
State of the art encryption
• We did not “invent the wheel”: AES 256 / SHA 2
• But we have implemented i...
Porticor platform
Protection Platform for all Cloud
Resources

Enterprise
secrecy,
Cloud
flexibility

Split-Key Encryption...
A master key protects all cloud
resources, yet is never in the cloud
Keep your key where its safe:
outside any computing e...
Key-splitting and Homomorphic
Technology together deliver Trust

The “Swiss Banker” metaphor
 Customer has a key, “Banker...
What is “Homomorphic” ?
A mathematical technique
• Business consequence:

• Industry’s first
– Key-splitting and key-joini...
Customers’ Critical Needs for Cloud Data Security
1.
2.
3.
4.
5.

Regulatory Compliance (HIPAA & PCI)
High Security (PRISM...
Healthcare App in the Cloud
Note
usage of
Porticor
API for
finegranular
encryption

© Porticor Confidential
Healthcare ISV
Challenge
• Maintain HIPAA compliance
• Automate the key management and encryption process
• Distribute key...
Upcoming SlideShare
Loading in …5
×

Safe harbor in the cloud with encryption and key management - Porticor

604 views

Published on

What if things go wrong? If you are managing Health or Financial data, you need to meet HIPAA, PCI or other regulations. You've done all the right things, checked all the right checklists. But in the real world things can still go wrong. The concept of 'Safe Harbor' is about achieving such high security that you can still recover reasonably even if things do go wrong.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Safe harbor in the cloud with encryption and key management - Porticor

  1. 1. Safe Harbor in the Cloud What if things go wrong? December 2013 contact@porticor.com http://www.porticor.com
  2. 2. Who is Porticor? Overview Available on strategic platforms  Cloud encryption and key management  Focused on Healthcare security in the cloud  Only solution that is “pure cloud” yet provides Safe Harbor for Healthcare  Offices: Campbell, California © Porticor Confidential
  3. 3. Compliance and Security are #1 concerns for cloud healthcare Customer concerns about security Customers requirements for Compliance and Regulation © Porticor Confidential
  4. 4. What happens when things go wrong? • • Updated HIPAA Omnibus rules put more liability on ISVs as “Business Associates” Normal operations mean that your security works and everything goes right – Achieved through HIPAA safeguards • • But, what if the safeguards were breached, through human error or malice? If ePHI (electronic Personal Health Information) may have been exposed, the following may be mandated or occur – – – – – • Risk assessment Reporting to state attorneys and to individual persons High reporting costs High fines Damage to reputation Any mitigation? Safe harbor! © Porticor Confidential
  5. 5. What is Safe Harbor? • HHS guidance: “technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals” • Data encryption is the high road to achieving this status • “If protected health information is encrypted pursuant to this guidance, then no breach notification is required following an impermissible use of disclosure of the information.” [78 Federal Register 5644]” • You are saved many of the reporting costs, fines and damage to reputation (you do not need to inform each individual!) © Porticor Confidential
  6. 6. Cloud Types SaaS PaaS IaaS Your mission critical Healthcare app is here © Porticor - Confidential 6
  7. 7. You need… Pure cloud solution for encrypting data at rest and in use A solution that securely stores keys in the cloud Available with major platforms © Porticor - Confidential 7
  8. 8. Porticor Solution State of the art encryption • We did not “invent the wheel”: AES 256 / SHA 2 • But we have implemented it with best-in-class performance • Streaming and caching mechanisms Cloud key management - The “banker” • Metaphor: a physical safety deposit box is behind strong walls, and requires two keys to open/lock: one for the customer, the other for the banker • The secret sauce: our “split key” and “homomorphic” technology creates this in a virtual environment © Porticor Confidential
  9. 9. Porticor platform Protection Platform for all Cloud Resources Enterprise secrecy, Cloud flexibility Split-Key Encryption & Homomorphic Key management Up in minutes © Porticor Confidential
  10. 10. A master key protects all cloud resources, yet is never in the cloud Keep your key where its safe: outside any computing environment Users, Groups, Roles Enabled by unique “split key” and “homomorphic key” technology Application-level fields Admin Sessions Data & Storage VMs and Compute Virtual Network © Porticor Confidential
  11. 11. Key-splitting and Homomorphic Technology together deliver Trust The “Swiss Banker” metaphor  Customer has a key, “Banker” has a key Master key with Homomorphic key encryption © Porticor Confidential
  12. 12. What is “Homomorphic” ? A mathematical technique • Business consequence: • Industry’s first – Key-splitting and key-joining without knowing the keys – We only know the encrypted form of the keys – For example we can do A+B without knowing A or B © Porticor Confidential
  13. 13. Customers’ Critical Needs for Cloud Data Security 1. 2. 3. 4. 5. Regulatory Compliance (HIPAA & PCI) High Security (PRISM is setting the stage) Flexible deployment & provisioning Dealing with Complexity Effective Key Management © Porticor 2009-2012 13
  14. 14. Healthcare App in the Cloud Note usage of Porticor API for finegranular encryption © Porticor Confidential
  15. 15. Healthcare ISV Challenge • Maintain HIPAA compliance • Automate the key management and encryption process • Distribute keys to end users How Porticor is used • API Integration for encryption keys creation, revocation, etc • Tokens creation and distribution directly to end users • A cluster of Porticor Virtual Appliances for full redundancy Result • Fully integrated with ISV’s workflow • PHI data is always encrypted - the patient and Doctor maintain control through personal tokens © Porticor Confidential

×