Encryption is Critical for IaaS

Grazed from Infosec-Magazine. Author: Bill Hackenberger.

When organizations move their data to the cloud, traditional security measures may not be effective. With some basic knowledge, Bill Hackenberger of HighCloud Security says companies can take advantage of Infrastructure-as-a-Service, while keeping their data private. If your organization is considering use of Infrastructure-as-a-Service (IaaS) from a cloud service provider (CSP), be aware that traditional security measures, such as full drive encryption, may not translate.

Most IaaS rely heavily on server virtualization to achieve the elasticity and rapid deployment we expect from the cloud. But virtualization introduces new technologies and attack surfaces that must be considered from a security perspective. If you are concerned about the privacy of data running in virtual machines (VMs) in the public cloud, there are some basics you need to know…

First of all, VMs are mobile. They are designed to ‘float’ above a hypervisor so loads can be easily balanced across available hardware and processing power. Because of this mobility, many traditional security methods will not work. For instance, say you implement full-disk encryption, but then your CSP moves your VM to new hardware. Be aware that this encryption will not travel. Furthermore, most CSPs will replicate your VMs to ensure availability, so you will have more than one copy of your data, leaving little data footprints as it travels around the CSP’s networks…

Read more from the source @ http://www.infosecurity-magazine.com/view/34546/comment-encryption-is-critical-for-iaas/