Addressing Cloud Security Through Encrypted Gateways

Addressing Cloud Security Through Encrypted Gateways

Addressing Cloud Security through Encrypted Gateways

There is absolutely no doubt left in Cloud’s increasing penetration into the enterprise. CIO’s often see the move to the cloud as control being taken away from their hands. A silent tussle between COO and CIO pursues and this naturally leads to resistance over what to choose and what to migrate vis-à-vis Cloud. Perhaps the primary concern is security. COO sees Cloud as a means to boost productivity and reduce infrastructure and maintenance costs while CIO sees it as inflated threat to enterprise information. Encryption gateway is one way to address information security concerns when moving to the Cloud. I will briefly discuss how and why.

First, gateways are nothing new. There are numerous vendors, big and small, out there selling gateway appliances. However, what’s new and innovative in encryption gateway is the robustness and seamless flow of data in and out of the enterprise.

google-imageData encryption is a compute intensive procedure which may lead to increased query time and reduced application performance. This is one of the primary factors why encryption is not as much prevalent as it should have been. However, recent advances in hardware based encryption for example, Intel’s new instructions which speed up AES (Advanced Encryption Standard) encryption on the hardware and gKrypt SDK which offers hardware accelerated encryption on commodity processors including latest manycore GPUs, have removed the “performance-tax” barrier in data encryption. With gKrypt for example, you can achieve throughput of up to 80Gbps for AES-256 encryption on a single GPU. Such advances have enabled encryption appliances to offer seamless data security without impacting application (or Cloud application in our case) performance.

One key factor to look out for while deciding on implementing data security in the Cloud is where to put your keys, because, as the saying goes, ‘your data is only as safe as the strength of your key’. What it implies is that it does not really matter how strong your encryption scheme is unless you take good care of the key lifecycle. This ‘key lifecycle’ includes key generation, usage (for encryption/decryption) and disposal. The key should never leave your premises, the reason being that once it leaves your premises, you cannot guarantee the safety of your data no matter how awesome your SLA with your cloud provider is. Do not confuse key-management with data-encryption or encryption-gateways, something which first timers often tend to commit. There are vendors who just sell key management appliances which can be plugged with any encryption gateway appliance. Some appliance makers also sell both as a turn-key solution, however, when making a decision, always gauge the strength of your key manager separately from the encryption appliance.

This small concept image describes the data security layout from a bird’s eye-view. The encryption appliance sits in between the corporate network and the Cloud. The Cloud could be private or public. Your organization may be utilizing SaaS apps on the cloud without worrying about the security of the data which leaves your premises. Anything which goes out to the Cloud is encrypted behind-the-scenes and anything which comes in is first decrypted before being consumed by your enterprise workers.

By Salman UI Haq

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.