There's obviously a lot of concern about cloud security these days, which is a little surprising given the general availability of encryption technologies. But even encryption technologies require some additional security because no one can really be safe from an insider who decides to go rogue. As it is, cloud providers don't provide a whole lot of visibility into the security controls they do put in place, and no one has any insight into the background of the employees who might work for any cloud service provider, let alone what they might be doing with your data at any given moment.
To address those issues, the folks at Porticor this week launched an innovative split-key approach to managing encryption, called Virtual Private Data, that borrows from a simple concept that is used in many Swiss banks. When a customer rents a safe deposit box in Switzerland it comes with two keys. One key is kept by the customer, while the other key is kept by the bank. Opening the safe deposit box requires both keys.
Porticor has created a digital version of this concept that essentially splits an encryption key in half. One part stays with the owner of the data, while the other part remains in the hands of the cloud service provider running the Porticor Virtual Private Data appliances. Right now, Porticor CEO Gilad Parann-Nissany says the Porticor Virtual Private Data appliance is only available on the Amazon Web Services (AWS) cloud platform, but he hopes that Porticor will soon have similar reseller relationships in place with other cloud service providers. Pricing for the Porticor appliances range from free for testing environments to $411 a month for the largest production applications.
All the security in the world currently can't thwart a determined insider threat. By employing a "homophoric" approach to encryption that splits the management keys, however, Parann-Nissany says insider security threats in the cloud become a non-issue.
Of course, there may still be flaws in the actual encryption system being used. But at least with the addition of encryption in the cloud, security issues become a whole lot less dire, especially in the eyes of the average compliance officer.