• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

You’ve Encrypted Your Data in the Cloud, but are Your Keys Safe?

January 8, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, March 1, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Tech Mobile

You’ve Encrypted Your Data in the Cloud, but are Your Keys Safe?

by AZURE SECURITY NEWS EDITOR
January 8, 2021
in Mobile
0
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

If putting unencrypted data up in a public cloud is like leaving your house unlocked, keeping encrypted data and the encryption keys in the same cloud could be akin to leaving a copy of your housekey under your doormat

That, in a nutshell, is one of the mistakes that led to the Capital One breach last summer. A former Amazon Web Services employee found encryption keys where the data owners had hid them and made off with credit card application information of more than 100 million customers.

Related: Google Cloud Designs Hardware Module for Encryption, Offers It as a Managed Service

You can get all the ugly technical detail of the hack here.

But keeping the keys far from the data has its own problems.

Key Management Nightmares

Related: Google’s OpenTitan Chip Could Make Data Centers More Secure… Someday

Companies don’t have just one encryption key. They have thousands – or sometimes millions. They need to guard access to these keys, rotate the keys, delete old keys, and have adequate backups for the keys, so they don’t lock themselves out of all their data.

Companies typically opt for key management systems: hardware security modules or their software equivalents. They can run the modules themselves or sign up for key management as a service from a trusted provider. They can keep their key management systems in one cloud and their data in another.

For less mission-critical data, enterprises may use key management solutions by the same cloud providers that store their data and hope that they do a good job protecting their keys.

Storing the keys in a separate cloud can add some comfortable distance between them and the data. External key management can also help an enterprise manage multi-cloud environments.

AWS and Microsoft Azure have long offered key management systems that store keys in hardware modules in a secured area in a data center. They also offer the option to use external, third-party key management systems, said Chris Kennedy, chief information security officer and VP of customer success at AttackIQ. In December, Google caught up to the rivals, releasing its own solution for this, the Cloud External Key Manager, now in beta.

“Microsoft and Amazon have really stepped up to their target of being enterprise-grade,” Kennedy said. “Now Google has recognized that to be a true enterprise app development type of environment,” this type of functionality is necessary.

Google’s external key manager allows Google Compute Engine Persistent Disk and BigQuery users to keep their data in the cloud and the keys elsewhere, Il-Sung Lee, senior product manager for Google Cloud, told us.

The system currently supports connections to five popular third-party key management solutions, he said: by Equinix, Fortanix, Ionic, Thales, and Unbound.

“Leveraging and managing a third-party key management system may introduce additional administration,” he added. “But we’ve heard early feedback from customers that this is a worthwhile tradeoff for enterprises that otherwise would not be able to bring highly sensitive data into the cloud.”

The system protects data at rest, he said, and is especially valuable in highly-regulated industries. “This capability is the highest level of encryption-based control that we offer to Google Cloud customers to date,” he said.

Bringing It All Together

So, now you have your data and applications in one place, and your keys in another. How do you apply the former to the latter?

“I could keep the application on-prem” and bring the keys stored remotely to it when necessary, Ameesh Divatia, CEO at Baffle, a Santa Clara, California-based data security vendor, said. “But that’s not a high-performance solution.”

There’s also something called privacy-preserving analytics. That’s when data doesn’t get decrypted, and the application works with it in encrypted form. But not all functions can be done this way, several experts told us, and this approach can sometimes require significant rewrites of the applications, slow down performance, and weaken the encryption. (Divatia claims that’s not the case with Baffle’s technology, which, according to him, “supports all functions” and “does not require rewrites.”)

Most often, companies go with the first option, bringing the keys to the application, temporarily. There two approaches to this, according to Peter Galvin, chief strategy officer at nCipher Security, an encryption technology vendor.

The “bring your own key” approach is when the application holds on to the key for a set period (an hour or a week), or until the key is revoked. The “host your own key” approach is when the application has access to the key only while it’s using it to decrypt or sign something. The key is never pushed into the cloud.

The application doesn’t normally need to be rewritten or rearchitected to do this, Galvin said. “Usually you’re just doing some type of pointer to go fetch the key. It’s more of a configuration.”

nCipher’s service takes this approach, and so does Equinix’s SmartKey, which can store keys for cloud storage, cloud applications, and even SaaS environments.

“You can run the application in the cloud and be able to main control of the keys,” Lance Weaver, Equinix’s VP of product research and incubation, told us.

Salesforce, for example, stores and works on its clients’ most sensitive data: their customer data. An Equinix integration with Salesforce allows customers to keep their Salesforce data encrypted and use SmartKey to store the encryption keys in an Equinix data center, separate from Salesforce’s cloud.

“I would log into my Salesforce environment,” Weaver said. “Then they would make a request to SmartKey for the keys. The keys would be cached but not stored anywhere inside Salesforce’s infrastructure.”

If that’s still too much risk – maybe someone is eavesdropping on the applications — then, using SmartKey, you can bring the application and the data to where the keys are. The application decrypts and works with the data inside a secure vault. This way, unencrypted data is never exposed to outside hackers, or to malicious insiders peeking into an applications’ operational memory.

Equinix has a plugin that can run a customer’s code inside the SmartKey service, inside the protected Intel SGX secure processing enclave. SGX (Software Guard Extensions) are instruction codes built into some Intel CPUs.

More on secure enclaves here: Azure’s Hardware Security Feature Takes Cues from Xbox One

Equinix’s isn’t the only service that uses Intel’s SGX technology.

According to Faiyaz Shahpurwala, chief product and strategy officer at Fortanix – the vendor behind Equinix’s key-management offerings – Azure, IBM, Alibaba, and OVH all offer cloud servers that use Intel SGX.

“Google has announced that they will have it in the coming year,” he added. “And I’m sure Amazon will also have it soon. When Intel comes out with their new chip, Ice Lake, hopefully everyone will have it.”

Intel SGX, and other chip vendors’ secure-enclave technology, allow for runtime encryption, Shahpurwala said. “Even if hackers stole the box, they still wouldn’t have access to that data.”

Eventually, many SaaS providers may be running their applications inside secure enclaves. “We are still early in this journey,” he said.

Secure Enclaves vs Dedicated Hardware

Interxion, Equinix’s biggest rival in Europe – that’s in the process of being taken over by its biggest rival globally, Digital Realty Trust – offers dedicated hardware security modules inside its colocation facilities. Additionally, it has partnerships with third-party providers that specialize in security services, Patrick Lastennet, director of enterprise at Interxion, told DCK.

At least for now Interxion has opted for dedicated security hardware over secure enclaves like Intel SGX. “There are some significant flaws and security risks attached to the enclaves, and there’s been a series of vulnerabilities outlined,” Lastennet said.

Traditional encryption technology is highly secure, confirmed Aanand Krishnan, CEO at Tala Security. “It is difficult to defeat if done right,” he said. But running separate hardware security modules is costly and difficult to integrate with modern cloud environments. “If crypto engines are baked into the main processor chips – as with SGX – it’s like maintaining another x86-class cluster. No separate appliances or HSMs are needed.”

Reference: https://www.datacenterknowledge.com/security/you-ve-encrypted-your-data-cloud-are-your-keys-safe

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

by AZURE SECURITY NEWS EDITOR
February 25, 2021
0

Veeam Software announced general availability of new Veeam Backup & Replication v11, enabling the most advanced data protection solution for cloud,...

Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

Azure Defender is now available for all IoT and OT devices

by AZURE SECURITY NEWS EDITOR
February 1, 2021
0

Microsoft announced Azure Defender for IoT hitting general availability for IoT and OT devices.This is a major step forward in...

How to use Microsoft Sysmon, Azure Sentinel to log security events

The Hack Roundup: Biden Orders Intel Assessment of Suspected Russian Malfeasance

by AZURE SECURITY NEWS EDITOR
January 26, 2021
0

President Joe Biden has directed the intelligence community to evaluate the widespread intrusion into federal agencies and U.S. tech companies...

Microsoft Outlines How To Set Up Windows Virtual Desktop

Enterprise Key Management (EKM) Market Incredible Possibilities, Growth Analysis and Forecast To 2025 – Google, EMC Corporation, Hewlett-Packard Enterprise, Gemalto N.V.

by AZURE SECURITY NEWS EDITOR
January 25, 2021
0

According to a new research report titled Enterprise Key Management (EKM) Market Global Industry Perspective, Comprehensive Analysis And Forecast by...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In