The premise of security is confidentiality, integrity, and availability. The premise of data protection is integrity and availability. The two go hand in hand. However, it is often the case that certain groups within organizations handle data protection (disaster recovery, business continuity, and backup) while other groups handle security. As security moves closer and closer to the data, could it perhaps be time for these two disciplines to become one? The security of data protection is becoming just as important as the security of the data within use. The management of the security of in-use data and protected data, regardless of location, is paramount. This means data stored on-premises, in the cloud, and remotely. Continue reading Cloud Dependency: Data Protection and Security
AFORE Solutions’ goal has been to provide not only data at rest encryption but also data in motion encryption at all levels of the cloud stack, such that not even the cloud providers can see or change your data. This level of confidentiality does not exist within existing public or private clouds without a little help. AFORE Solutions started with SecureVSA, which provided encryption at rest but had the limitation of requiring the cloud providers to be involved in the process. Now, they have two new products that provide data at rest (and in motion) encryption without the cloud providers being in the know. Actually, the cloud providers do not need to do anything. This is a big win, in my opinion, as if you encrypt data, no one but those with that ability should be able to decrypt the data. Continue reading News: AFORE Adds SecureVM and SecureFile to Cloudlink
We have written before about HyTrust and its growing ecosystem of partners, but now HyTrust has acquired HighCloud Security, a provider of encryption and key management for the virtual and IaaS environments. HyTrust provides control and visibility into actions by virtualization administrators within a VMware vSphere or vCloud environment. With the acquisition of HighCloud Security, HyTrust now adds data privacy to its suite of tools. Initially, HighCloud Security’s encryption and key management will be separate products, but there are many ways in which the technologies can be combined. The purchase changes HyTrust’s unique stance in the industry.
In the past we have discussed the various aspects of the secure hybrid cloud, ranging from the data center through a transition stage and finally to and from the cloud. Unfortunately, picking just one security solution, or even one family of solutions, does not work, so we need to start thinking outside the box and pick the best based on our needs, which cover compliance as well as security. So how do we pick a security solution based on our needs? Continue reading Picking a Secure Hybrid Cloud Security Solution
When we look at the secure hybrid cloud, there seems to be a missing piece, a piece that is used to validate identity via role based access controls assigned to applications, data, and systems. An identity that allows control of dynamic instead of the normal static firewall rules that are part and parcel of most environments. The software defined data center needs security to move with it and not remain static. Yes we could manipulate the rules on the fly, but those manipulations require that we know who is using a particular VM at a given time and in the case of a server, the VM could be used by more than one user at a time, so we need something more dynamic. Privileged access to data needs to be enforced throughout the stack and not just within an application or by encrypting data. Validating against an identity is a key component of the secure software defined data center and secure hybrid cloud.
At the recent Misti Big Data Security conference many forms of securing big data were discussed from encrypting the entire big data pool to just encrypting the critical bits of data within the pool. On several of the talks there was general discussion on securing Hadoop as well as access to the pool of data. These security measures include RBAC, encryption of data in motion between hadoop nodes as well as tokenization or encryption on ingest of data. What was missing was greater control of who can access specific data once that data was in the pool. How could role based access controls by datum be put into effect? Is such protection too expensive given the time critical nature of analytics or are there other ways to implement datum security? Continue reading Big Data Security