SlideShare a Scribd company logo

HighCloud Security CSA LA and Seattle chapter presentation

HighCloud Security
HighCloud Security

This presentation "Can encryption help alleviate concerns about moving to the cloud?" was presented to the Seattle and LA chapters of the Cloud Security Alliance in Q1 of 2013. HighCloud CTO Steve Pate talks about the use of encryption and key management in virtualized and cloud environments.

Technology
1 of 40
Download to read offline
"C AN  ENCRYPTION  HELP  ALLEVIATE  CONCERNS  ABOUT   MOVING  TO  THE  CLOUD ?" Presented  to: Steve  Pate          -­‐  Co-­‐Founder  /  CTO
Securing  Cloud  Data  With  Encryp?on Agenda •  How  much  of  a  concern  does  the  cloud  present  us? •  An  encrypIon  refresher •  Looking  at  virtualized  environments •  What  do  the  regulaIons  say  about  virtualizaIon  and  cloud? •  Methods  of  deploying  encrypIon  in  the  cloud •  It’s  all  about  key  management! 2
Securing  Cloud  Data  With  Encryp?on What  do  the  surveys  say? Back  in  2010  ... Only  34%  of  Servers  are  virtualized  ....  the    #1   restric;on  cited  to  further  virtualiza;on  was  security  –  CDW  2009 87%  of  respondents  rated  “Security  Challenges”  as  the  #1  issue  ascribed   to  the  Cloud  model  –  IDC  Enterprise  Panel  2009 “73  percent  said  security  was  the  primary  obstacle  to  their  adop;ng   cloud  compu;ng,  followed  by  compliance  (54  percent)  and  portability   and  ownership  of  data  (48  percent).  Most  said  they  were  worried  about   stopping  unauthorized  access  to  their  company  data  in  the  cloud,  and   42  percent  said  security  worries  have  stopped  their  organiza;ons  from   going  to  the  cloud.”  –  PhoneFactor  survey "By  2015,  security  will  shiO  from  being  the  No.  1  inhibitor  of  cloud  to  one   of  the  top  enablers”  –  Forrester  Research 3
Securing  Cloud  Data  With  Encryp?on What  do  the  surveys  say? Today  ... In  the  x86  environment,  which  represents  more  than  80%  of   respondents'  compu;ng  capacity,  average  virtualiza)on  levels  have   increased  13%  from  last  year  to  51%,  with  a  notable  increase  at  the   higher  levels,  roughly  doubling  the  number  of  organiza;ons  virtualizing   produc;on  applica;ons  -­‐  451  Group Security  problems  were  the  primary  concern  for  48  percent  of  IT   professionals  who  didn’t  plan  to  adopt  cloud  -­‐  InformaIonWeek  2012  Cloud   Security  and  Risk  Survey 80  percent  of  security  issues  in  the  cloud  through  2013  will  be  due  to   error  on  the  part  of  providers  and  customers  of  cloud  services,  not   fundamental  issues  with  the  cloud  -­‐  Gartner Median  cost  of  a  breach  in  2012:  $8.9M  per  year 46  US  states  have  passed  breach  no?fica?on  laws 4
Securing  Cloud  Data  With  Encryp?on 5 Data  breach  laws
An  Encryp?on  Refresher 6
Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Two  types  of  encrypIon: •  Symmetric  -­‐  single  key,  best  performance •  Also  called  secret  key  cryptography •  Data  at  rest •  Algorithms  such  as  AES,  Blowfish,  DES,  3DES,  Serpent,  Twofish •  Asymmetric  -­‐  public  /  private  key  pair,  poor  performance •  Also  called  public  key  cryptography •  Used  when  sharing  between  two  or  more  parIes •  Web  commerce •  Exchanging  files  between  colleagues •  Algorithms  such  as  RSA,  Diffie-­‐Hellman,  ... 7
Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Symmetric  encrypIon: Clear Text Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmo Encryption Software Cypher Text Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. EncrypIon  Key <*gDn@s!X90,}'$8s (larger  =  more  secure) )8vdhj^3776^&v3hg AES  uses  128  /  256  bit  keys 8
Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Symmetric  encrypIon  -­‐  block  ciphers Lorem ipsum dolor sit amet, consetetur Application sadipscing elitr, sed diam nonumy eirmo write(fd, buf, size) user space kernel space Lorem ipsum dolor Filesystem sit amet, consetetur Device Driver Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. 9
Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Asymmetric  encrypIon: Clear Text Public Key Lorem ipsum dolor sit amet, consetetur Encryption Software sadipscing elitr, sed diam nonumy eirmo Cypher Text Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. <*gDn@s!X90,}'$8s )8vdhj^3776^&v3hg Private Key Encryption Software Clear Text RSA  uses  1024  bit  keys Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmo 10
Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Usual  places  of  deployment •  ApplicaIon  (libraries,  column-­‐level  encrypIon,  ...) •  Filesystem  -­‐  encrypt  individual  files •  Device  driver  -­‐  volume  encrypIon  (whole  devices  /  parIIons) •  SAN  switch  -­‐  within  the  storage  fabric •  FDE  -­‐  the  whole  drive •  Backup  -­‐  built  in •  Command-­‐line  tools $ gpg --import pub_key.asc $ gpg -e -a < src_code.tar.gz > src_code.tar.gz.asc $ tar cz files | openssl enc -aes-256-cbc -e -out files.tgz.enc enter aes-256-cbc encryption password: ******** Verifying - enter aes-256-cbc encryption password: ******** 11
Securing  Cloud  Data  With  Encryp?on What  about  performance?  Performance  is  terrible  right?  It  depends  ... •  On  applicaIons  /  workloads •  On  the  availability  of  hardware  support •  Most  Intel  /  AMD  processors  now  have  AES-­‐NI  support •  8-­‐10x  performance  improvement •  Should  encrypIon  cost  just  be  factored  in? Median  cost  of  a  breach  in  2012:  $8.9M  per  year 12
Securing  Cloud  Data  With  Encryp?on How  oVen  is  encryp?on  used? •  That’s  25+  million  downloads •  Keys  are  protected  by  passwords •  Password  must  be  typed  before  keys  are  accessed •  Does  not  scale  for  the  enterprise 13
Securing  Cloud  Data  With  Encryp?on What  to  do  with  the  key? •  Assume  I  have  many  keys  ... •  What  do  I  do  with  all  those  keys? •  Who  owns  the  keys? “Key  management  is  the  hardest  part  of   cryptography  and  o<en  the  Achilles'  heel  of   an  otherwise  secure  system”   Bruce  Schneier Preface  to  “Applied  Cryptography” Second  EdiIon 14
Encryp?on  Within   a  Virtualized  Stack 15
Securing  Cloud  Data  With  Encryp?on What  is  a  Virtual  Machine?   •  Memory  images  are  exposed: •  Password,  crypto  keys,  email  messages,  AcIve  Directory  data,  … •  SensiIve  data  can  be  leo  everywhere  the  VM  travels •  Data  center,  public  clouds,  desktops,  notebooks,  … •  VM  Templates  need  to  be  protected Virtual Disk Virtual Disk (Data) (Data) Virtual Disk Virtual Disk Data (Data) (Data) Virtual Disk Virtual Disk (Guest OS) (Applications) Executables Suspend File Config Files Virtual Machine state Snapshot File Log Files and environment: ➤ VM memory image ➤ Critical VM configuration Paging File VM meta-data ➤ Forensics information Virtual Machine Image 16
Securing  Cloud  Data  With  Encryp?on Protec?ng  the  Virtual  Machine?   Have all defense in depth mechanisms work together.  Security needs to follow VMs in the infrastructure.” VMware CEO Maritz - VMworld 2010 17
Securing  Cloud  Data  With  Encryp?on Virtual  Machines  present  new  challenges!  -­‐  recognized  by  the  new  PCI  virtualiza)on  guidelines 18
Securing  Cloud  Data  With  Encryp?on Encryp?on  in  Virtualized  Environments •  There  are  mulIple  choices  to  encrypt  all  /  part  of  a  VM •  Each  have  pros  /  cons •  Many  factors  to  take  into  account ① VM VM VM VM Virtualization Layer ② ③ NAS ④ SAN Switch ⑤ ⑥ Storage Array Backup / DR 19
Securing  Cloud  Data  With  Encryp?on Encryp?on  below  the  Hypervisor •  Block-­‐based  or  file-­‐based •  EncrypIon  of  the  whole  VM •  By  seeing  the  VM,  we  get  to  do  some  special  things VM VM VM VM VM VM VM Virtualization Layer Virtualization Layer Multi-Tenant Administration NFS / iSCSI Encrypted Path Key and Policy Server Backup Server Key and Policy Server Virtual Machine Vault Restore path Protected Protected VM Images VM Images and Data and Data Cypher Text Cypher Text Ki8^.5R7=;%dWk3... Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. 0lv#-Q,pHk04$c*j[2. <*gDn@s!X90,}'$k5 <*gDn@s!X90,}'$k5 Tenant A Tenant B 20
Securing  Cloud  Data  With  Encryp?on Encryp?on  above  the  Hypervisor • Footprint  inside  every  VM • Encrypted  path  through  the  hypervisor • Does  not  need  help  from  your  service  provider VM VM VM HYPERVISOR Key Server Encrypted Data Encrypted VMDKs 21
How  to  deploy   encryp?on  in  the  cloud 22
Securing  Cloud  Data  With  Encryp?on Just  use  what  the  provider  gives  you •  Some  providers  offer  encrypIon: •  Amazon  S3  for  example •  Good  enough  for  some  people •  No  good  for  others •  Would  you  put  the  family  jewels  in  the  safe  ....  ....  and  give  a  stranger  the  key? •  Some  providers  want  to  offer  encrypIon  ...  ....  but  don’t  want  to  host/own  the  keys! 23
Securing  Cloud  Data  With  Encryp?on Roll  your  own  ... •  A  number  of  open  source  and  commercial  soluIons 24
Securing  Cloud  Data  With  Encryp?on Cloud  Encryp?on  Gateway •  Encrypt  data  before  it’s  sent  to  the  cloud •  Requires  access  to  corporate  network 25
Securing  Cloud  Data  With  Encryp?on Infrastructure  as  a  Service  Clouds •  VMs  running  in  the  public  cloud   •  EncrypIon  within  the  VM •  Filesystem  or  logical  volume  level •  One  VM  offers  encrypIon  to  other  VMs VM VM VM Public or Private NFS, CIFS, iSCSI Cloud Running Secure File Server VM ENC/DEC Key Server Key and Policy Server ENC/DEC Running VM Cloud Infrastructure Cloud Storage Encrypted Encrypted Data Data Private Data Center 26
Securing  Cloud  Data  With  Encryp?on Ques?ons  to  ask? •  How  is  my  data  backed  up? •  Can  anyone  access  my  VMs? •  How  are  VMs  replicated? •  Where  are  those  backups? •  Do  the  VMs  ever  get  snapshored? •  When  I  want  to  decommission,  how  is  my  data  removed? Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 - CSA 27
Key  Management  Op?ons 28
Securing  Cloud  Data  With  Encryp?on What  key  management  op?ons  are  there? •  Low  end  encrypIon  soluIons  have  no  key  management •  Enterprise-­‐grade  soluIons  have  expensive  key  servers •  Enterprise  key  managers •  FIPS  140-­‐2,  KMIP,  ... •  Highly  available •  Can  be  extremely  expensive •  Defeats  the  purpose  of  virtualizaIon  /  cloud  for  cost •  Many  organizaIons  are  nervous  about  managing  keys •  Who  gets  to  access  the  keys? •  How  are  they  safely  backed  up? •  What  happens  if  keys  expire? •  Are  the  keys  well  protected? 29
Securing  Cloud  Data  With  Encryp?on What  key  management  op?ons  are  there? •  3  main  opIons: •  CSP  holds  the  keys •  Customer  holds  the  keys •  A  third  party  holds  the  keys Customer's Key Server Data Center Provider Key Server Key Server VM VM VM VM Key Server Cloud Service Provider 30
Securing  Cloud  Data  With  Encryp?on Hosted  key  management •  QuesIons  to  ask: •  Can  I  change  my  mind?  I  now  want  to  host  my  own  keys •  I’m  hosIng  keys  but  now  want  you  to  host  them •  Can  you  actually  see  my  keys? •  Is  the  system  highly-­‐available?  What  about  DR? •  I  need  a  process  for  getng  my  data  back •  What  about  mulI-­‐tenancy? •  What  about  an  audit  stream? 31
Automa?ng  Encryp?on 32
Securing  Cloud  Data  With  Encryp?on APIs  -­‐  Provisioning  a  new  server   •  VirtualizaIon  offers  a  lot  of  automaIon •  Cloud  infrastructures  are  all  automated: •  OpenStack  and  others •  Cloud  providers  automate  everything •  Many  organizaIons  large  and  small  automate  too •  Password  based  encrypIon  doesn’t  help •  We  need  encrypIon  to  be  a  drop  in  soluIon  too •  Needs  to  be  mulI-­‐tenant 33
Securing  Cloud  Data  With  Encryp?on Tradi?onal  GUI-­‐based  administra?on •  Can  be  simple  to  use •  No  need  for  key  management  experIse • A  single  product  may  scan  mulIple  plauorms  and  cloud   providers • Very  important  to  increase  encrypIon  adopIon  ...  BUT! 34
Securing  Cloud  Data  With  Encryp?on APIs  -­‐  Provisioning  a  new  server   •  Add  a  Linux  server  and  encrypt  a  devices  -­‐  5  line  script! Key and Policy Server Cluster Key and Policy Server Cluster System where APIs are run from Linux hicli VM Linux VM ~/.hicli/hicli.cfg #  hicli  kps  select  kps-­‐2 #  hicli  user  login  spate  -­‐-­‐password=******** #  hicli  cvmset  select  "Amazon  VMs" #  hicli  cvm  new  ubuntu10.04 #  hicli  cvm  ubuntu10.04  add_disk  sdb1 35
Where  to  get  more  informa?on? 36
Securing  Cloud  Data  With  Encryp?on More  Informa?on? •  Cloud  Security  Alliance •  hrps://cloudsecurityalliance.org •  ENISA   •  hrp://www.enisa.europa.eu •  NIST •  hrp://www.nist.gov/index.html •  Payment  Card  Industry •  www.highcloudsecurity.com •  Under  Resources  ➜  Collateral 37
And  last  but  not  least  ... 38
Securing  Cloud  Data  With  Encryp?on 3  different  steps  you  can  take  ... 1.  Download  the  HighCloud  Sooware  and  try  for  free! 2.  Fill  in  our  survey   •  hrp://www.highcloudsecurity.com/resources/survey/ 3.  An  exclusive  for  tonight’s  arendees: •  A  free  account  on  HighCloud’s  hosted  key  server •  Not  yet  in  beta!   •  To  sign  up  contact:  spate@highcloudsecurity.com 39
Q&A Q&A spate@highcloudsecurity.com 40

Recommended

Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122
Sathya Madhesh
 
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit GoelA RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
Mohit Goel
 
Review of Role of Digital Video in Information Security
Review of Role of Digital Video in Information SecurityReview of Role of Digital Video in Information Security
Review of Role of Digital Video in Information Security
International Journal of Science and Research (IJSR)
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
pankaj kumari
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paper
Luisa Francisco
 
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
CSCJournals
 
Prevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital EnvelopePrevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital Envelope
iosrjce
 
N45028390
N45028390N45028390
N45028390
IJERA Editor
 

Recommended

Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122
Sathya Madhesh
 
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit GoelA RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
A RSA- DWT Based Visual Cryptographic Steganogrphy Technique by Mohit Goel
Mohit Goel
 
Review of Role of Digital Video in Information Security
Review of Role of Digital Video in Information SecurityReview of Role of Digital Video in Information Security
Review of Role of Digital Video in Information Security
International Journal of Science and Research (IJSR)
 
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...A comparative study of symmetric key algorithm des, aes and blowfish for vide...
A comparative study of symmetric key algorithm des, aes and blowfish for vide...
pankaj kumari
 
Big data security_issues_research_paper
Big data security_issues_research_paperBig data security_issues_research_paper
Big data security_issues_research_paper
Luisa Francisco
 
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
The Royal Split Paradigm: Real-Time Data Fragmentation and Distributed Networ...
CSCJournals
 
Prevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital EnvelopePrevention of Cheating Message based on Block Cipher using Digital Envelope
Prevention of Cheating Message based on Block Cipher using Digital Envelope
iosrjce
 
N45028390
N45028390N45028390
N45028390
IJERA Editor
 
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUESTEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
A Secure Data Communication System Using Cryptography and Steganography
A Secure Data Communication System Using Cryptography and SteganographyA Secure Data Communication System Using Cryptography and Steganography
A Secure Data Communication System Using Cryptography and Steganography
IJCNCJournal
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computing
ijtsrd
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET Journal
 
Review paper on Data Security using Cryptography and Steganography
Review paper on Data Security using Cryptography and SteganographyReview paper on Data Security using Cryptography and Steganography
Review paper on Data Security using Cryptography and Steganography
vivatechijri
 
Paper id 27201444
Paper id 27201444Paper id 27201444
Paper id 27201444
IJRAT
 
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET Journal
 
319 325
319 325319 325
319 325
Editor IJARCET
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
Ijetcas14 355
Ijetcas14 355Ijetcas14 355
Ijetcas14 355
Iasir Journals
 
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUESTEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
A NOVEL APPROACHES TOWARDS STEGANOGRAPHY
A NOVEL APPROACHES TOWARDS STEGANOGRAPHYA NOVEL APPROACHES TOWARDS STEGANOGRAPHY
A NOVEL APPROACHES TOWARDS STEGANOGRAPHY
International Journal of Technical Research & Application
 
A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...
A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...
A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...
IJSRED
 
Cost Effective Data Protection
Cost Effective Data Protection Cost Effective Data Protection
Cost Effective Data Protection
Ulf Mattsson
 
IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
IRJET Journal
 
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
ijtsrd
 
A Novel Visual Cryptographic Steganography Technique by Mohit Goel
A Novel Visual Cryptographic Steganography Technique by Mohit GoelA Novel Visual Cryptographic Steganography Technique by Mohit Goel
A Novel Visual Cryptographic Steganography Technique by Mohit Goel
Mohit Goel
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET Journal
 
Review on Key Based Encryption Scheme for Secure Data Sharing on Cloud
Review on Key Based Encryption Scheme for Secure Data Sharing on CloudReview on Key Based Encryption Scheme for Secure Data Sharing on Cloud
Review on Key Based Encryption Scheme for Secure Data Sharing on Cloud
IRJET Journal
 
Media theories
Media theoriesMedia theories
Media theories
sarahelassali
 
Spain Is Not Only Flamenco.
Spain Is Not Only Flamenco.Spain Is Not Only Flamenco.
Spain Is Not Only Flamenco.
Cachi Chien
 

More Related Content

What's hot

STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUESTEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
A Secure Data Communication System Using Cryptography and Steganography
A Secure Data Communication System Using Cryptography and SteganographyA Secure Data Communication System Using Cryptography and Steganography
A Secure Data Communication System Using Cryptography and Steganography
IJCNCJournal
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computing
ijtsrd
 
Review paper on Data Security using Cryptography and Steganography
Review paper on Data Security using Cryptography and SteganographyReview paper on Data Security using Cryptography and Steganography
Review paper on Data Security using Cryptography and Steganography
vivatechijri
 
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUESTEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
IJNSA Journal
 
Cost Effective Data Protection
Cost Effective Data Protection Cost Effective Data Protection
Cost Effective Data Protection
Ulf Mattsson
 
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
ijtsrd
 
A Novel Visual Cryptographic Steganography Technique by Mohit Goel
A Novel Visual Cryptographic Steganography Technique by Mohit GoelA Novel Visual Cryptographic Steganography Technique by Mohit Goel
A Novel Visual Cryptographic Steganography Technique by Mohit Goel
Mohit Goel
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 

What's hot (20)

STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUESTEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
 
A Secure Data Communication System Using Cryptography and Steganography
A Secure Data Communication System Using Cryptography and SteganographyA Secure Data Communication System Using Cryptography and Steganography
A Secure Data Communication System Using Cryptography and Steganography
 
Enhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid ComputingEnhancing the Techniques to Secure Grid Computing
Enhancing the Techniques to Secure Grid Computing
 
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
IRJET- Schemes for Securing Cloud Data when the Cryptographic Material is Exp...
 
Review paper on Data Security using Cryptography and Steganography
Review paper on Data Security using Cryptography and SteganographyReview paper on Data Security using Cryptography and Steganography
Review paper on Data Security using Cryptography and Steganography
 
Paper id 27201444
Paper id 27201444Paper id 27201444
Paper id 27201444
 
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
IRJET - Multi Authority based Integrity Auditing and Proof of Storage wit...
 
319 325
319 325319 325
319 325
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Ijetcas14 355
Ijetcas14 355Ijetcas14 355
Ijetcas14 355
 
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUESTEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
STEGANALYSIS ALGORITHM FOR PNG IMAGES BASED ON FUZZY LOGIC TECHNIQUE
 
A NOVEL APPROACHES TOWARDS STEGANOGRAPHY
A NOVEL APPROACHES TOWARDS STEGANOGRAPHYA NOVEL APPROACHES TOWARDS STEGANOGRAPHY
A NOVEL APPROACHES TOWARDS STEGANOGRAPHY
 
A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...
A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...
A Privacy Preserving Three-Layer Cloud Storage Scheme Based On Computational ...
 
Cost Effective Data Protection
Cost Effective Data Protection Cost Effective Data Protection
Cost Effective Data Protection
 
IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
IRJET- Privacy Preserving Cloud Storage based on a Three Layer Security M...
 
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
A Survey on Enhancement of Text Security Using Steganography and Cryptographi...
 
A Novel Visual Cryptographic Steganography Technique by Mohit Goel
A Novel Visual Cryptographic Steganography Technique by Mohit GoelA Novel Visual Cryptographic Steganography Technique by Mohit Goel
A Novel Visual Cryptographic Steganography Technique by Mohit Goel
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...
 
Review on Key Based Encryption Scheme for Secure Data Sharing on Cloud
Review on Key Based Encryption Scheme for Secure Data Sharing on CloudReview on Key Based Encryption Scheme for Secure Data Sharing on Cloud
Review on Key Based Encryption Scheme for Secure Data Sharing on Cloud
 

Viewers also liked

Running on Elastic Beanstalk
Running on Elastic BeanstalkRunning on Elastic Beanstalk
Running on Elastic Beanstalk
Alex Verdyan
 
Personalization Drives Revenue
Personalization Drives RevenuePersonalization Drives Revenue
Personalization Drives Revenue
Baynote
 
Do you know....
Do you know....Do you know....
Do you know....
Sudha Devi
 
Vehicle Networks
Vehicle NetworksVehicle Networks
Vehicle Networks
coreymlee
 
Open Linked Data as Part of a Government Enterprise Architecture
Open Linked Data as Part of a Government Enterprise ArchitectureOpen Linked Data as Part of a Government Enterprise Architecture
Open Linked Data as Part of a Government Enterprise Architecture
Johann Höchtl
 
Presentasi fis en akbar - sejarah panas bumi indonesia
Presentasi fis en akbar - sejarah panas bumi indonesiaPresentasi fis en akbar - sejarah panas bumi indonesia
Presentasi fis en akbar - sejarah panas bumi indonesia
Muh Akbar Triana
 

Viewers also liked (20)

Media theories
Media theoriesMedia theories
Media theories
 
Spain Is Not Only Flamenco.
Spain Is Not Only Flamenco.Spain Is Not Only Flamenco.
Spain Is Not Only Flamenco.
 
Running on Elastic Beanstalk
Running on Elastic BeanstalkRunning on Elastic Beanstalk
Running on Elastic Beanstalk
 
3rd Annual Holiday Survey - Back to the Future
3rd Annual Holiday Survey - Back to the Future3rd Annual Holiday Survey - Back to the Future
3rd Annual Holiday Survey - Back to the Future
 
Personalization Drives Revenue
Personalization Drives RevenuePersonalization Drives Revenue
Personalization Drives Revenue
 
Do you know....
Do you know....Do you know....
Do you know....
 
網頁介紹
網頁介紹網頁介紹
網頁介紹
 
Mariella presentation
Mariella presentationMariella presentation
Mariella presentation
 
CD covers
CD coversCD covers
CD covers
 
Trinity Kings World Leadership; Lineage of Tuskegee Airman(Army Air Corps)
Trinity Kings World Leadership; Lineage of Tuskegee Airman(Army Air Corps)Trinity Kings World Leadership; Lineage of Tuskegee Airman(Army Air Corps)
Trinity Kings World Leadership; Lineage of Tuskegee Airman(Army Air Corps)
 
Malaya Nikitskaya 15
Malaya Nikitskaya 15Malaya Nikitskaya 15
Malaya Nikitskaya 15
 
Nature Sensible by Romano Bertelli.
Nature Sensible by Romano Bertelli.Nature Sensible by Romano Bertelli.
Nature Sensible by Romano Bertelli.
 
Icons
IconsIcons
Icons
 
Git hacking
Git hackingGit hacking
Git hacking
 
Vehicle Networks
Vehicle NetworksVehicle Networks
Vehicle Networks
 
Open Linked Data as Part of a Government Enterprise Architecture
Open Linked Data as Part of a Government Enterprise ArchitectureOpen Linked Data as Part of a Government Enterprise Architecture
Open Linked Data as Part of a Government Enterprise Architecture
 
ASK Labs profile
ASK Labs profileASK Labs profile
ASK Labs profile
 
09 Mantra
09 Mantra09 Mantra
09 Mantra
 
M O M E N T S
M O M E N T SM O M E N T S
M O M E N T S
 
Presentasi fis en akbar - sejarah panas bumi indonesia
Presentasi fis en akbar - sejarah panas bumi indonesiaPresentasi fis en akbar - sejarah panas bumi indonesia
Presentasi fis en akbar - sejarah panas bumi indonesia
 

Similar to HighCloud Security CSA LA and Seattle chapter presentation

Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptography
ijtsrd
 
Cryptography Final Presentation.pptx
Cryptography Final Presentation.pptxCryptography Final Presentation.pptx
Cryptography Final Presentation.pptx
GaneshBagul8
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
Ulf Mattsson
 
Crypkit 1
Crypkit 1Crypkit 1
Crypkit 1
ncct
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage
Mugesh Mukkandan
 

Similar to HighCloud Security CSA LA and Seattle chapter presentation (20)

Cloud Cryptography
Cloud CryptographyCloud Cryptography
Cloud Cryptography
 
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
IRJET- Survey of Cryptographic Techniques to Certify Sharing of Informati...
 
Cryptography Final Presentation.pptx
Cryptography Final Presentation.pptxCryptography Final Presentation.pptx
Cryptography Final Presentation.pptx
 
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data ProtectionISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
ISSA: Next Generation Tokenization for Compliance and Cloud Data Protection
 
J017667582
J017667582J017667582
J017667582
 
File transfer with multiple security mechanism
File transfer with multiple security mechanismFile transfer with multiple security mechanism
File transfer with multiple security mechanism
 
Crypkit 1
Crypkit 1Crypkit 1
Crypkit 1
 
262 265
262 265262 265
262 265
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...Comparison of Various Encryption Algorithms and Techniques for improving secu...
Comparison of Various Encryption Algorithms and Techniques for improving secu...
 
L017136269
L017136269L017136269
L017136269
 
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
 
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using CryptographyIRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
IRJET- Ensuring Security in Cloud Computing Cryptography using Cryptography
 
Secure Cloud Environment Using RSA Algorithm
Secure Cloud Environment Using RSA AlgorithmSecure Cloud Environment Using RSA Algorithm
Secure Cloud Environment Using RSA Algorithm
 
Key aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storageKey aggregate cryptosystem for scalable data sharing in cloud storage
Key aggregate cryptosystem for scalable data sharing in cloud storage
 
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic AlgorithamIRJET - Data Security in Cloud Computing using Homomorphic Algoritham
IRJET - Data Security in Cloud Computing using Homomorphic Algoritham
 
A Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic TechniquesA Survey on Generation and Evolution of Various Cryptographic Techniques
A Survey on Generation and Evolution of Various Cryptographic Techniques
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

HighCloud Security CSA LA and Seattle chapter presentation

  • 1. "C AN  ENCRYPTION  HELP  ALLEVIATE  CONCERNS  ABOUT   MOVING  TO  THE  CLOUD ?" Presented  to: Steve  Pate          -­‐  Co-­‐Founder  /  CTO
  • 2. Securing  Cloud  Data  With  Encryp?on Agenda •  How  much  of  a  concern  does  the  cloud  present  us? •  An  encrypIon  refresher •  Looking  at  virtualized  environments •  What  do  the  regulaIons  say  about  virtualizaIon  and  cloud? •  Methods  of  deploying  encrypIon  in  the  cloud •  It’s  all  about  key  management! 2
  • 3. Securing  Cloud  Data  With  Encryp?on What  do  the  surveys  say? Back  in  2010  ... Only  34%  of  Servers  are  virtualized  ....  the    #1   restric;on  cited  to  further  virtualiza;on  was  security  –  CDW  2009 87%  of  respondents  rated  “Security  Challenges”  as  the  #1  issue  ascribed   to  the  Cloud  model  –  IDC  Enterprise  Panel  2009 “73  percent  said  security  was  the  primary  obstacle  to  their  adop;ng   cloud  compu;ng,  followed  by  compliance  (54  percent)  and  portability   and  ownership  of  data  (48  percent).  Most  said  they  were  worried  about   stopping  unauthorized  access  to  their  company  data  in  the  cloud,  and   42  percent  said  security  worries  have  stopped  their  organiza;ons  from   going  to  the  cloud.”  –  PhoneFactor  survey "By  2015,  security  will  shiO  from  being  the  No.  1  inhibitor  of  cloud  to  one   of  the  top  enablers”  –  Forrester  Research 3
  • 4. Securing  Cloud  Data  With  Encryp?on What  do  the  surveys  say? Today  ... In  the  x86  environment,  which  represents  more  than  80%  of   respondents'  compu;ng  capacity,  average  virtualiza)on  levels  have   increased  13%  from  last  year  to  51%,  with  a  notable  increase  at  the   higher  levels,  roughly  doubling  the  number  of  organiza;ons  virtualizing   produc;on  applica;ons  -­‐  451  Group Security  problems  were  the  primary  concern  for  48  percent  of  IT   professionals  who  didn’t  plan  to  adopt  cloud  -­‐  InformaIonWeek  2012  Cloud   Security  and  Risk  Survey 80  percent  of  security  issues  in  the  cloud  through  2013  will  be  due  to   error  on  the  part  of  providers  and  customers  of  cloud  services,  not   fundamental  issues  with  the  cloud  -­‐  Gartner Median  cost  of  a  breach  in  2012:  $8.9M  per  year 46  US  states  have  passed  breach  no?fica?on  laws 4
  • 5. Securing  Cloud  Data  With  Encryp?on 5 Data  breach  laws
  • 7. Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Two  types  of  encrypIon: •  Symmetric  -­‐  single  key,  best  performance •  Also  called  secret  key  cryptography •  Data  at  rest •  Algorithms  such  as  AES,  Blowfish,  DES,  3DES,  Serpent,  Twofish •  Asymmetric  -­‐  public  /  private  key  pair,  poor  performance •  Also  called  public  key  cryptography •  Used  when  sharing  between  two  or  more  parIes •  Web  commerce •  Exchanging  files  between  colleagues •  Algorithms  such  as  RSA,  Diffie-­‐Hellman,  ... 7
  • 8. Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Symmetric  encrypIon: Clear Text Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmo Encryption Software Cypher Text Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. EncrypIon  Key <*gDn@s!X90,}'$8s (larger  =  more  secure) )8vdhj^3776^&v3hg AES  uses  128  /  256  bit  keys 8
  • 9. Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Symmetric  encrypIon  -­‐  block  ciphers Lorem ipsum dolor sit amet, consetetur Application sadipscing elitr, sed diam nonumy eirmo write(fd, buf, size) user space kernel space Lorem ipsum dolor Filesystem sit amet, consetetur Device Driver Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. 9
  • 10. Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Asymmetric  encrypIon: Clear Text Public Key Lorem ipsum dolor sit amet, consetetur Encryption Software sadipscing elitr, sed diam nonumy eirmo Cypher Text Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. <*gDn@s!X90,}'$8s )8vdhj^3776^&v3hg Private Key Encryption Software Clear Text RSA  uses  1024  bit  keys Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmo 10
  • 11. Securing  Cloud  Data  With  Encryp?on An  Encryp?on  Refresher •  Usual  places  of  deployment •  ApplicaIon  (libraries,  column-­‐level  encrypIon,  ...) •  Filesystem  -­‐  encrypt  individual  files •  Device  driver  -­‐  volume  encrypIon  (whole  devices  /  parIIons) •  SAN  switch  -­‐  within  the  storage  fabric •  FDE  -­‐  the  whole  drive •  Backup  -­‐  built  in •  Command-­‐line  tools $ gpg --import pub_key.asc $ gpg -e -a < src_code.tar.gz > src_code.tar.gz.asc $ tar cz files | openssl enc -aes-256-cbc -e -out files.tgz.enc enter aes-256-cbc encryption password: ******** Verifying - enter aes-256-cbc encryption password: ******** 11
  • 12. Securing  Cloud  Data  With  Encryp?on What  about  performance?  Performance  is  terrible  right?  It  depends  ... •  On  applicaIons  /  workloads •  On  the  availability  of  hardware  support •  Most  Intel  /  AMD  processors  now  have  AES-­‐NI  support •  8-­‐10x  performance  improvement •  Should  encrypIon  cost  just  be  factored  in? Median  cost  of  a  breach  in  2012:  $8.9M  per  year 12
  • 13. Securing  Cloud  Data  With  Encryp?on How  oVen  is  encryp?on  used? •  That’s  25+  million  downloads •  Keys  are  protected  by  passwords •  Password  must  be  typed  before  keys  are  accessed •  Does  not  scale  for  the  enterprise 13
  • 14. Securing  Cloud  Data  With  Encryp?on What  to  do  with  the  key? •  Assume  I  have  many  keys  ... •  What  do  I  do  with  all  those  keys? •  Who  owns  the  keys? “Key  management  is  the  hardest  part  of   cryptography  and  o<en  the  Achilles'  heel  of   an  otherwise  secure  system”   Bruce  Schneier Preface  to  “Applied  Cryptography” Second  EdiIon 14
  • 15. Encryp?on  Within   a  Virtualized  Stack 15
  • 16. Securing  Cloud  Data  With  Encryp?on What  is  a  Virtual  Machine?   •  Memory  images  are  exposed: •  Password,  crypto  keys,  email  messages,  AcIve  Directory  data,  … •  SensiIve  data  can  be  leo  everywhere  the  VM  travels •  Data  center,  public  clouds,  desktops,  notebooks,  … •  VM  Templates  need  to  be  protected Virtual Disk Virtual Disk (Data) (Data) Virtual Disk Virtual Disk Data (Data) (Data) Virtual Disk Virtual Disk (Guest OS) (Applications) Executables Suspend File Config Files Virtual Machine state Snapshot File Log Files and environment: ➤ VM memory image ➤ Critical VM configuration Paging File VM meta-data ➤ Forensics information Virtual Machine Image 16
  • 17. Securing  Cloud  Data  With  Encryp?on Protec?ng  the  Virtual  Machine?   Have all defense in depth mechanisms work together.  Security needs to follow VMs in the infrastructure.” VMware CEO Maritz - VMworld 2010 17
  • 18. Securing  Cloud  Data  With  Encryp?on Virtual  Machines  present  new  challenges!  -­‐  recognized  by  the  new  PCI  virtualiza)on  guidelines 18
  • 19. Securing  Cloud  Data  With  Encryp?on Encryp?on  in  Virtualized  Environments •  There  are  mulIple  choices  to  encrypt  all  /  part  of  a  VM •  Each  have  pros  /  cons •  Many  factors  to  take  into  account ① VM VM VM VM Virtualization Layer ② ③ NAS ④ SAN Switch ⑤ ⑥ Storage Array Backup / DR 19
  • 20. Securing  Cloud  Data  With  Encryp?on Encryp?on  below  the  Hypervisor •  Block-­‐based  or  file-­‐based •  EncrypIon  of  the  whole  VM •  By  seeing  the  VM,  we  get  to  do  some  special  things VM VM VM VM VM VM VM Virtualization Layer Virtualization Layer Multi-Tenant Administration NFS / iSCSI Encrypted Path Key and Policy Server Backup Server Key and Policy Server Virtual Machine Vault Restore path Protected Protected VM Images VM Images and Data and Data Cypher Text Cypher Text Ki8^.5R7=;%dWk3... Ki8^.5R7=;%dWk3... 0lv#-Q,pHk04$c*j[2. 0lv#-Q,pHk04$c*j[2. <*gDn@s!X90,}'$k5 <*gDn@s!X90,}'$k5 Tenant A Tenant B 20
  • 21. Securing  Cloud  Data  With  Encryp?on Encryp?on  above  the  Hypervisor • Footprint  inside  every  VM • Encrypted  path  through  the  hypervisor • Does  not  need  help  from  your  service  provider VM VM VM HYPERVISOR Key Server Encrypted Data Encrypted VMDKs 21
  • 22. How  to  deploy   encryp?on  in  the  cloud 22
  • 23. Securing  Cloud  Data  With  Encryp?on Just  use  what  the  provider  gives  you •  Some  providers  offer  encrypIon: •  Amazon  S3  for  example •  Good  enough  for  some  people •  No  good  for  others •  Would  you  put  the  family  jewels  in  the  safe  ....  ....  and  give  a  stranger  the  key? •  Some  providers  want  to  offer  encrypIon  ...  ....  but  don’t  want  to  host/own  the  keys! 23
  • 24. Securing  Cloud  Data  With  Encryp?on Roll  your  own  ... •  A  number  of  open  source  and  commercial  soluIons 24
  • 25. Securing  Cloud  Data  With  Encryp?on Cloud  Encryp?on  Gateway •  Encrypt  data  before  it’s  sent  to  the  cloud •  Requires  access  to  corporate  network 25
  • 26. Securing  Cloud  Data  With  Encryp?on Infrastructure  as  a  Service  Clouds •  VMs  running  in  the  public  cloud   •  EncrypIon  within  the  VM •  Filesystem  or  logical  volume  level •  One  VM  offers  encrypIon  to  other  VMs VM VM VM Public or Private NFS, CIFS, iSCSI Cloud Running Secure File Server VM ENC/DEC Key Server Key and Policy Server ENC/DEC Running VM Cloud Infrastructure Cloud Storage Encrypted Encrypted Data Data Private Data Center 26
  • 27. Securing  Cloud  Data  With  Encryp?on Ques?ons  to  ask? •  How  is  my  data  backed  up? •  Can  anyone  access  my  VMs? •  How  are  VMs  replicated? •  Where  are  those  backups? •  Do  the  VMs  ever  get  snapshored? •  When  I  want  to  decommission,  how  is  my  data  removed? Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 - CSA 27
  • 29. Securing  Cloud  Data  With  Encryp?on What  key  management  op?ons  are  there? •  Low  end  encrypIon  soluIons  have  no  key  management •  Enterprise-­‐grade  soluIons  have  expensive  key  servers •  Enterprise  key  managers •  FIPS  140-­‐2,  KMIP,  ... •  Highly  available •  Can  be  extremely  expensive •  Defeats  the  purpose  of  virtualizaIon  /  cloud  for  cost •  Many  organizaIons  are  nervous  about  managing  keys •  Who  gets  to  access  the  keys? •  How  are  they  safely  backed  up? •  What  happens  if  keys  expire? •  Are  the  keys  well  protected? 29
  • 30. Securing  Cloud  Data  With  Encryp?on What  key  management  op?ons  are  there? •  3  main  opIons: •  CSP  holds  the  keys •  Customer  holds  the  keys •  A  third  party  holds  the  keys Customer's Key Server Data Center Provider Key Server Key Server VM VM VM VM Key Server Cloud Service Provider 30
  • 31. Securing  Cloud  Data  With  Encryp?on Hosted  key  management •  QuesIons  to  ask: •  Can  I  change  my  mind?  I  now  want  to  host  my  own  keys •  I’m  hosIng  keys  but  now  want  you  to  host  them •  Can  you  actually  see  my  keys? •  Is  the  system  highly-­‐available?  What  about  DR? •  I  need  a  process  for  getng  my  data  back •  What  about  mulI-­‐tenancy? •  What  about  an  audit  stream? 31
  • 33. Securing  Cloud  Data  With  Encryp?on APIs  -­‐  Provisioning  a  new  server   •  VirtualizaIon  offers  a  lot  of  automaIon •  Cloud  infrastructures  are  all  automated: •  OpenStack  and  others •  Cloud  providers  automate  everything •  Many  organizaIons  large  and  small  automate  too •  Password  based  encrypIon  doesn’t  help •  We  need  encrypIon  to  be  a  drop  in  soluIon  too •  Needs  to  be  mulI-­‐tenant 33
  • 34. Securing  Cloud  Data  With  Encryp?on Tradi?onal  GUI-­‐based  administra?on •  Can  be  simple  to  use •  No  need  for  key  management  experIse • A  single  product  may  scan  mulIple  plauorms  and  cloud   providers • Very  important  to  increase  encrypIon  adopIon  ...  BUT! 34
  • 35. Securing  Cloud  Data  With  Encryp?on APIs  -­‐  Provisioning  a  new  server   •  Add  a  Linux  server  and  encrypt  a  devices  -­‐  5  line  script! Key and Policy Server Cluster Key and Policy Server Cluster System where APIs are run from Linux hicli VM Linux VM ~/.hicli/hicli.cfg #  hicli  kps  select  kps-­‐2 #  hicli  user  login  spate  -­‐-­‐password=******** #  hicli  cvmset  select  "Amazon  VMs" #  hicli  cvm  new  ubuntu10.04 #  hicli  cvm  ubuntu10.04  add_disk  sdb1 35
  • 36. Where  to  get  more  informa?on? 36
  • 37. Securing  Cloud  Data  With  Encryp?on More  Informa?on? •  Cloud  Security  Alliance •  hrps://cloudsecurityalliance.org •  ENISA   •  hrp://www.enisa.europa.eu •  NIST •  hrp://www.nist.gov/index.html •  Payment  Card  Industry •  www.highcloudsecurity.com •  Under  Resources  ➜  Collateral 37
  • 38. And  last  but  not  least  ... 38
  • 39. Securing  Cloud  Data  With  Encryp?on 3  different  steps  you  can  take  ... 1.  Download  the  HighCloud  Sooware  and  try  for  free! 2.  Fill  in  our  survey   •  hrp://www.highcloudsecurity.com/resources/survey/ 3.  An  exclusive  for  tonight’s  arendees: •  A  free  account  on  HighCloud’s  hosted  key  server •  Not  yet  in  beta!   •  To  sign  up  contact:  spate@highcloudsecurity.com 39
  • 40. Q&A Q&A spate@highcloudsecurity.com 40