Welcome!

Release Management Authors: Pat Romanski, Elizabeth White, David H Deans, Liz McMillan, Jnan Dash

Related Topics: @CloudExpo, Release Management , Ruby-On-Rails, Apache, Cloud Security

@CloudExpo: Blog Post

Cloud Computing Security Issues and Challenges By @GiladPN | @CloudExpo [#Cloud]

Digital data theft is more prevalent than physical theft

The US Federal Communications Commission has recently reported that "theft of digital information has become the most commonly reported fraud, surpassing physical theft." Businesses can do a lot to protect themselves. The FCC issued a Tip Sheet for small businesses to promote employee security training, firewalls, securing of WiFis, and more. But for business operating in (or migrating to) cloud environments; data security, cloud computing security issues, and challenges take on  new meanings and require new strategies.

Security in the Cloud: Unique Challenges
In the cloud, data security poses new risks and challenges. We are no longer concerned just with burglars breaking into our offices to steal computers, but rather with the data belonging to complete systems deployed to the cloud.

Security in the cloud cloud security issues Cloud Security Cloud Encryption cloud computing security issues and challenges  cloud computing security issues and challenges Cloud Computing Security Issues and Challenges:  Digital data theft is more prevalent than physical theft

When using public cloud infrastructure like that of AWS, VMware, Microsoft Azure, or HP Helion, we also have little fear of "bad guys" breaking into their datacenters. These large providers take access controls and infrastructure security very seriously.

Instead, security in the cloud becomes not about protecting our hardware, but rather protecting the sensitive information regardless of its physical location. For this, burglar alarms are irrelevant and firewalls are only one part of the approach for security in the cloud.

A way to visualize the unique challenges of data security in the cloud is that where before we had brick walls and steel locks to keep us safe; we now must construct mathematical walls as barriers to our data.

An important aspect in cloud security is cloud encryption. By properly encrypting the data we store in the cloud, we ensure that even if our security perimeter is breached, our data is rendered unreadable, unusable, and unsellable.

But, as it turns out, cloud encryption in and of itself is also not enough. Companies have encrypted well, using best-in-class algorithms to protect their business data, and still been compromised. The important piece is the encryption key. When businesses store the key to decrypt their data in the cloud, alongside the encrypted data itself, they make it easy for a hacker to use the same access point used to get the data to then get the key to decrypt it. In other examples, companies have entrusted their encryption keys to their cloud provider: the cloud provider essentially owns the sensitive data in this situation. The best practice must be different.

Security in the Cloud: Unique Solutions
The cloud has posed interesting obstacles to data security. And, as it turns out, the cloud has also brought forth even more interesting solutions.

In our new software-defined existence, the solution to cloud challenges resides in software built for the cloud.

For example, a pair of new technologies known as split key encryption and homomorphic key management have reinvented the way cloud encryption keys are handled; thus solving the issue of cloud key management.

By splitting encryption keys into two (or more) parts, this software-defined approach mimics the successful security of Swiss banks, where the account owner holds one key, the banker holds one key, and both keys are required to access the contents. Split key encryption is the first of two important cloud advancements toward total security in the cloud.

The next advancement is homomorphic key management, which is also a software-defined, cloud approach. With it, the encryption keys themselves are encrypted. This way, even while the key is being used in the cloud, it is never in unencrypted form, never to be seen "bare" by hackers, and renders the data it protects totally inaccessible to anyone but the data owner.

Security in the Cloud to Protect Privacy and Achieve Compliance
It is not just businesses themselves that have been concerned with data security in the cloud. Regulatory bodies in many industries view cloud security has a major concern and have amended their regulations to match. The approaches of split key encryption and homomorphic key management help businesses protect the privacy of their customers while also enable them to achieve compliance with HIPAA, PCI, and other regulations.

The post Cloud Computing Security Issues and Challenges: Digital data theft is more prevalent than physical theft appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

IoT & Smart Cities Stories
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
SYS-CON Events announced today that IoT Global Network has been named “Media Sponsor” of SYS-CON's @ThingsExpo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. The IoT Global Network is a platform where you can connect with industry experts and network across the IoT community to build the successful IoT business of the future.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...