Without smart key management, forget about securing your cloud

August 21, 2013 Off By David

Grazed from VentureBeat. Author: Jeff MacMillan.

Despite offering tremendous benefits in convenience, elasticity, transparency, and economy, cloud computing faces a major stumbling block: security. Because cloud computing is well established, many assume that all critical aspects of cloud security are already in place. With 54 percent of U.S.-based organizations using the cloud and more enterprises migrating their data to the cloud, it might be surprising to some that the management of the keys to access encrypted cloud-based data — an important part of cloud security — is hardly up to snuff.

Several cloud providers offer encryption capabilities, directly or indirectly, that can be applied to the cloud. However, today’s approach to key management comes with an inherent security risk, that of key ownership and storage. The Cloud Security Alliance (CSA) recommends a separation of “lock and key” in the cloud and various compliance regulations are likewise beginning to address this fundamental cloud security issue…

Cloud providers typically shy away from “owning” encryption keys because key ownership can create liabilities, expense, and conflicts with key management best practices. Enterprises want, and should have, ownership of keys to their own data…

CategoryNews

Altair Announces Innovative Cloud Applications on Amazon Web Services for Mainstream CFD Users

RiverMeadow to Showcase Cloud Migration Offerings at VMworld 2013