From the Blogosphere
Securing Key Management | @CloudExpo #AI #DX #API #CloudNative #Security
Cloud migration of modern enterprise infrastructure has been a defining trait of recent times
By: Ambuj Kumar
Sep. 14, 2017 02:00 PM
Cloud migration of modern enterprise infrastructure has been a defining trait of recent times. The cloud brings increased efficiency, streamlined operations, an increased shared knowledge base, and scale that was simply not possible earlier. Enterprise IT executives expect that 60 percent of workloads will run in various clouds by 2018 according to survey data of 1,200 buyers by 451 Research.
However, according to the NorthBridge Future of Cloud Computing survey, the largest survey of its kind, security remains the number one inhibitor of enterprise migration to the cloud. One of the key reasons for this is that enterprises relinquish control of their infrastructure in the process, and suffer a lack of privacy and protection from the cloud provider while running in a public cloud.
According to the NorthBridge survey, enterprises' biggest concerns include dependency on the security provided by the cloud provider and lack of understanding about the separation of responsibility between customers and cloud providers. Enterprises can outsource some tasks, but they ultimately have full responsibility for the security of their workloads. Providers must maintain their own security, and they must ensure security isolation in multi-tenant contexts where multiple customers may run their processes on the same physical hardware. But since the providers have visibility into customers' applications and data, it's no wonder that customers cite privacy and security concerns as a leading obstacle to more rapid and widespread adoption of cloud migration, particularly to public clouds.
Even with a fully patched system, enterprise workloads are vulnerable to anyone who manages to get a root privilege access on the system. Unfortunately, there are multiple ways of getting a compromised root user in cloud environments, as shown in Figure 1. Each of the attack vectors represents a potential opportunity for hackers to get access to root privileges on a system. Hackers can move laterally, install spyware, infect boot, and steal sensitive data. There is absolutely no privacy of data or code on a system with a compromised root. In other words, once root privileges are compromised, all bets are off.
Figure 1: Attack vectors to compromise a root
One of the ways enterprises secure their data and meet compliance requirements is by using hardware security modules (HSMs). HSMs are physical appliances traditionally built using proprietary hardware that can store cloud security encryption keys in a secure trusted boundary inaccessible to cloud providers and any other outside software. Enterprises can securely store and use their keys in the cloud using HSMs. In a way, HSMs are the only place where one can expect some privacy from the cloud provider. Typical use cases for HSMs include payment processing, PKI infrastructure, key injection, and database encryption.
However, HSM appliances can be expensive, proprietary, hard to deploy, harder to manage, and are often impossible to scale efficiently. The complexity of key management with HSMs is a major pain point for enterprises. Application integrations often require customized work, and organizations may be forced to maintain a dedicated staff of specialists to keep up with them for anything large-scale.
Figure 2: Problems with HSM
As a result, HSMs are one of the last computing resources that are not commonly virtualized or securely time-sliced among multiple tenants or VMs. Their availability in public clouds is limited, and where available they break the cloud model by requiring upfront fees, usage floors, and other aspects that are fundamentally inconsistent with on-demand scaling and pricing. It's no surprise that many organizations requiring highly secure key management are struggling to migrate to public clouds on acceptable technology terms that align with the overall promise of the cloud.
On the other hand, the HSM market is ripe for innovation. There has been a fundamental breakthrough in trusted cloud computing over the last few years. Trusted computing allows one to using commercial off-the-shelf hardware to perform certain sensitive computation privately, such as key generation, key management, and encryption-as-a-service. Trusted platform module (TPM) and Intel® Software Guard Extension (SGX) are examples of such technology on x86 platforms. They allow innovative companies to provide HSM functionality without using purpose-built hardware appliances. By using trusted computing correctly, innovative products can offer HSM-grade functionality with software-like functionality as shown in Figure 3.
Figure 3: HSM-grade security with software-like flexibility
Products are available today that combine HSM functionality with software flexibility and offer an innovative approach to these cloud security issues for enterprises, for the following reasons:
These products are available as pure hosted software in clouds and also as commercial-off-the-shelf appliances. They offer PKCS#11, KMIP, and RESTful interfaces for easy integration with variety of applications. They can be rapidly evaluated by test teams because of software flexibility and provide a fast path to both compliance and security.
The advent of trusted cloud computing has huge implications for this once stagnant HSM market and for key management systems to best protect enterprise resources in the cloud. While emerging, it has the potential to address some of the lingering security concerns holding cloud customers back.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
Download Show Prospectus ▸ Here
Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS - software, platform, and infrastructure as a service.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo, October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Track 1. Enterprise Cloud | Cloud-Native
Cloud Expo | @ThingsExpo 2017 Silicon Valley
Cloud Expo | @ThingsExpo 2018 New York
Download Show Prospectus ▸ Here
Every Global 2000 enterprise in the world is now integrating cloud computing in some form into its IT development and operations. Midsize and small businesses are also migrating to the cloud in increasing numbers.
Cloud Expo is the single show where technology buyers and vendors can meet to experience and discus cloud computing and all that it entails. Sponsors of Cloud Expo will benefit from unmatched branding, profile building and lead generation opportunities through:
For more information on sponsorship, exhibit, and keynote opportunities, contact Carmen Gonzalez by email at events (at) sys-con.com, or by phone 201 802-3021.
The World's Largest "Cloud Digital Transformation" Event
@CloudExpo | @ThingsExpo 2017 Silicon Valley
@CloudExpo | @ThingsExpo 2018 New York
Full Conference Registration Gold Pass and Exhibit Hall ▸ Here
Register For @CloudExpo ▸ Here via EventBrite
Register For @ThingsExpo ▸ Here via EventBrite
Register For @DevOpsSummit ▸ Here via EventBrite
Sponsors of Cloud Expo | @ThingsExpo will benefit from unmatched branding, profile building and lead generation opportunities through:
For more information on sponsorship, exhibit, and keynote opportunities, contact Carmen Gonzalez (@GonzalezCarmen) today by email at events (at) sys-con.com, or by phone 201 802-3021.
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-4, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Delegates to Cloud Expo | @ThingsExpo will be able to attend 8 simultaneous, information-packed education tracks.
There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content.
Join Cloud Expo | @ThingsExpo conference chair Roger Strukhoff (@IoT2040), October 31 - November 2, 2017, Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, for three days of intense Enterprise Cloud and 'Digital Transformation' discussion and focus, including Big Data's indispensable role in IoT, Smart Grids and (IIoT) Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) Digital Transformation in Vertical Markets.
Financial Technology - or FinTech - Is Now Part of the @CloudExpo Program!
Accordingly, attendees at the upcoming 21st Cloud Expo | @ThingsExpo October 31 - November 2, 2017, Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, will find fresh new content in a new track called FinTech, which will incorporate machine learning, artificial intelligence, deep learning, and blockchain into one track.
Financial enterprises in New York City, London, Singapore, and other world financial capitals are embracing a new generation of smart, automated FinTech that eliminates many cumbersome, slow, and expensive intermediate processes from their businesses.
FinTech brings efficiency as well as the ability to deliver new services and a much improved customer experience throughout the global financial services industry. FinTech is a natural fit with cloud computing, as new services are quickly developed, deployed, and scaled on public, private, and hybrid clouds.
More than US$20 billion in venture capital is being invested in FinTech this year. @CloudExpo is pleased to bring you the latest FinTech developments as an integral part of our program, starting at the 21st International Cloud Expo October 31 - November 2, 2017 in Silicon Valley, and June 12-14, 2018, in New York City.
The upcoming 21st International @CloudExpo | @ThingsExpo, October 31 - November 2, 2017, Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY announces that its Call For Papers for speaking opportunities is open.
Submit your speaking proposal today! ▸ Here
About SYS-CON Media & Events
Cloud Expo®, Big Data Expo® and @ThingsExpo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.
Reader Feedback: Page 1 of 1
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week