PORTLAND, Ore.— SafeNet Inc.—an information technology security provider based in Belcamp, Md.—recently adapted its encryption, authentication and virtualization security suites to run on cloud computers, with Amazon Elastic Compute Cloud (Amazon EC2) the first to sign up.
"SafeNet has been working to provide security as a shared responsibility between the cloud provider and customers," said Dean Ocampo, Solutions Strategy Director at SafeNet. "Now users of Amazon Elastic Compute Cloud can safeguard their data as well as control user access with just as much security as they had with their in-house servers."
Cloud computers can cut costs over in-house servers by allowing users to rent virtual machines and storage. Unfortunately, sharing resources also opens business to extra security risks since resources are shared with other customers—perhaps even your competitors. To remedy
SafeNet's cloud security fabric includes ProtectV encryption for virtual machines and storage as well as authentication services for virtualized applications and transactions. SafeNet's Trusted Cloud Fabric supports both VMware and Xen hypervisors. The company also provides hardware security modules to safeguard security keys within virtualized and cloud environments. Users can also take advantage of fast hardware encyrption engines for securing Ethernet links both to the clouds and on-site.
SafeNet's trusted cloud security fabric uses ProtectV encryption to secure virtual machines and storage plus supports VMware and Xen hypervisors.
I think some hardware binding as far the client communications are concerned will somewhat reduce the risk of getting it all mixed up. Some hard coding of the allowed IP addresses for a given client in the cloud services will create such barriers which cannot be easily hacked.
It is not so easy to replicate physical isolation using software, which makes security in cloud computing a strategy of risks vs economy trade off. Any way you look at it, it is a hassle to ensure data security and confidentiality when there are multiple clients with similar kind of businesses opting for cloud resources.
Some kind of managed hardware solution could be the key to make it more secure.
Pretty much anytime some third party is setting up shared resources there is the possibility of getting it messed up as Rich points out. A temporary "walled garden" while being used would probably be of some help, but then there always seems to be a glitch or hack that gets around that.
David Patterson, known for his pioneering research that led to RAID, clusters and more, is part of a team at UC Berkeley that recently made its RISC-V processor architecture an open source hardware offering. We talk with Patterson and one of his colleagues behind the effort about the opportunities they see, what new kinds of designs they hope to enable and what it means for today’s commercial processor giants such as Intel, ARM and Imagination Technologies.