The growth of hybrid cloud applications requires a special cloud security model. Many companies are migrating some of their workloads into the public cloud, while keeping other workloads in the private cloud. A transitional cloud security policy that continues to leverage existing data centers and security policies is needed. Because each enterprise divides its data center into private cloud and public cloud in a unique way, data security methods must address a variety of challenges:
· How to ensure the security of data center resources installed within the enterprise
· How to keep them safe when applications migrate to the public cloud
· How to ensure the security of data stored in multiple cloud service providers
· How to protect the basics of virtualization of public and private clouds
· How to secure mobile devices when connecting to the cloud infrastructure
The key to solving these problems is to take a holistic approach to cloud security.
The issue of data ownership in a mixed cloud environment will become more important because it involves data in multiple places. The only best practice for securing data in a cloud environment with servers that contain multiple private clouds and public cloud sites is that the way in which data is encrypted allows all systems to continue to work transparently and to secure ownership of the data through the ownership of the encryption key.
A technical breakthrough in this area is split key (split key) encryption. This approach solves the problem of ownership of cryptographic keys. This method encrypts each "resource" (Hard drive, database row, file, and so on) using a combination of two keys, where one master key is owned only by the enterprise. By taking this approach, only the owner of the data can eventually control the encryption key. Keeping control of the encryption key eliminates other people's control of the key (such as the employee of the cloud provider), so this approach solves the problem of ownership well.
Split key encryption can be further enhanced by homomorphic Key management. This approach ensures that encryption keys are encrypted at all times, even when they are in use. In this way, data can be used without exposing the master key. Hackers can also use this key if the hacker steals the master key that is in the encrypted state.
Another benefit of protecting data security in the cloud, such as splitting key cloud encryption and homomorphic Key management, is that once a security breach occurs, these measures can make the enterprise claim to be a "safe haven". The adoption of these measures and the attainment of the goal of safe haven means that many of the reporting requirements and regulatory penalties associated with security breaches can be reduced because the enterprise can prove that the data is encrypted and that the encrypted key is secure.
In a mixed cloud environment, these methods can be combined to protect the security of data in multiple cloud sites and achieve the goal of "safe haven" to protect yourself.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.