Data is generally protected by PKI, where data is encrypted, it creates a public key, theoretically decrypted by the private key held by the authorized person. However, this type of data protection extended to the cloud is complex.
Migrating to the cloud poses a new set of complex security issues for the IT team due to the lack of direct control over data security. In addition, cloud vendors believe that data security is a common responsibility for service providers to ensure physical security, and that users must ensure their own servers and data. It is speculated that encryption and key management require a strategy that the key needs to be stored outside the cloud rather than within.
Porticor company has just released a solution to the dormant data in the cloud. Porticor provides a split key encryption solution in which the cloud client is the only one who knows the master key.
Porticor processing all data encryption, customers do not need to know the complexity of encryption. Security and convenience are unique in the implementation of key management.
The fundamental problem with data encryption in the cloud is to store the key. Customers cannot store on disk in the cloud because they may be attacked by hackers. Customers can have vendors store their keys, but there is a trust problem with third parties. The customer can take the key back to his own data center, but it seems to violate the cloud's purpose of outsourcing data center services. Porticor now provides an alternative to key management, simple and secure.
The Porticor scheme is based on the concept of two key safe boxes-one for the customer and another for the banker, or for the Porticor virtual Key Management service that is referred to here. Like a safe, a customer cannot decrypt data without a Porticor key, and Porticor cannot decrypt a master key that is not held by the customer. In fact, customers have a key for each project, usually an application. Porticor has thousands of keys that belong to each file or disk of the project. However, the key must be paired to provide access to the encrypted data.
In addition to the split key of the customer and the Porticor, the solution in particular is that the key is encrypted through the client's master key, and only the customer knows and holds it. Porticor holds the project key, but the vendor cannot read it because they are encrypted. Porticor gives customers complete end-to-end data protection through a "third party" key that is encrypted with the customer's master key. The customer must write down the master key and store it verbatim in a steel box girder. Once this is done, no one else in the world can see the key. (The other option is to host the master key service.) )
The Porticor solution is based on cloud servers and storage to ensure that each bit of data between the server and storage is encrypted and the customer terminal process is decrypted from every bit of data stored to the server. In the middle of the virtual private data (VPD) application is the core of the portico solution. VPD is a virtual device that encrypts any disk or storage array using cryptographic algorithms such as AES-256. VPD retrieves a "third party" key, as well as a client key request.
Porticor says this is military-grade security-because only the client has a master key to unlock the data. (Hint: Do not lose the master key.) When you restart the entire server cluster, the master key needs to be taken out of the protection, but this rarely happens. When new application servers are created, they are automatically encrypted by VPD.
In terms of security and risk management, Porticor does not save a "normal key" to any disk. This way, even if a hacker invades a network service provider to search for data, the hacker will not be able to steal any data information.
The Porticor solution is designed for any cloud implementation. Porticor has established a partnership with Amazon and Red Hat.