Related Topics: Cloud Computing, Cloud Computing for SMBs

Blog Post

Public vs Private Cloud Computing: The Great Debate Continues

To be or not to be (in the public cloud)? That is the question.

As a cloud security vendor, we often get questioned about public cloud security and how secure is the public cloud. To answer this question I’d like to start by defining what “public cloud” means before we’ll focus on the cloud security question: (public) cloud computing is the delivery of computing as a service rather than a product, and is usually categorized into three service models: software as a service (SaaS), infrastructure as a services (IaaS) and platform as a Service (PaaS). When it comes to public cloud security, all leading cloud providers are investing significant efforts and resources in securing and certifying their datacenters.



Therefore the leading public cloud providers themselves are  highly secured (and have the certifications to back it up). But if we’ll further dive in and review the security risks in your own account within your public cloud provider of choice, you’ll find a dramatically different situation. Your cloud account security (specifically in IaaS/PaaS implementations) is under your responsibility, and neglecting to implement security mechanisms will render your environment insecure.

So is the public cloud secured? Yes it is. Is your account within that cloud secured? No. Not unless you have secured your virtual servers and virtual storage.

So what can be done? I’d like to start by stating the obvious: Securing virtual servers and storage is not dramatically different from securing a physical server and the same basic rules still apply.  Enforcing, for example, a strong access control policy, disabling unnecessary ports, and hardening the application layer are still valid and necessary actions when it comes to securing your virtual environment. In addition to traditional threats, new cloud-threats should be considered as part of your security strategy. Shared compute resources, the insider threat and cloud hijacking are all new risks associated with the cloud, and as a result, creating and maintain an encryption policy and encrypting critical data becomes a must-have in the cloud.

But cloud encryption can be tricky. Unlike traditional “old days” encryption techniques, managing your keys in the cloud can be challenging unless a new approach to cloud key management is adopted. We at Porticor have decided to take a different approach to cloud encryption and have recreated key management for the cloud. Our key management system, which we often allude to as the Swiss banker approach, enables you to securely maintain your keys in the cloud, while not compromising the security of your keys and your data. For further reading, please refer to our key management white paper.

To conclude; cloud security should include a blend of traditional security elements combined with “cloud-adjusted” security technologies. Encryption should be a key part of your cloud security strategy due to the new cloud threat vectors (but also due to regulations such as the Patriot Act), but you should pay specific attention to key management.

Read the original blog entry...

More Stories By Ariel Dan

Ariel Dan is co-founder and Executive Vice President at Porticor cloud security. Follow him on twitter: @ariel_dan

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.