pci compliance and cloud security: frequently asked questions
TRANSCRIPT
PCI Compliance and Cloud Security:Frequently Asked Questions
Gilad Parann-Nissany, co-founder at Porticor Cloud Security
• How do I generate strong encryption keys?• Can my cloud provider read my data?• What is “split knowledge” and why is it important?• What is Porticor® Virtual Private Data™ System?
How do I generate strong encryption keys?
Encryption keys must be of sufficient length and totally random. Make sure your encryption provider gives you tools to generate these keys, under your complete control.
Can my cloud provider read my data?
If your cloud provider has control over the encryption keys, your data can be seen by the company. But if you keep the keys private, the data is fully protected. Find an encryption key management solution completely outside the control of the cloud provider.
What is “split knowledge” and why is it important?
Split knowledge is needed first and foremost to split the (encryption keys) knowledge between the cloud provider/security vendor, and the enterprise. This is best done by utilizing techniques such as split-key management and homomorphic encryption of keys. An example for such a system is Porticor’s Virtual Private Data.
What is Porticor® Virtual Private Data™ System?• The industry’s first
cloud encryption and key management system that does not sacrifice trust
• The only solution that solves the unaddressed challenge of securely storing keys in the cloud
• No changes required on the application servers
• Encrypts the entire data level (databases, file servers, distributed storage, virtual disks)
For more information on PCI compliance and cloud security, visit our website
http://www.porticor.com