The Cloud Security Alliance, NIST SP 800-53 and other security frameworks recommend or require encrypting sensitive data in motion in shared cloud environments while delegating control of the encryption keys to the tenant. While many IaaS providers offer secure VPN connections to the cloud, the VPN tunnel often terminates at the “front door” of the cloud infrastructure, leaving data unprotected within the cloud network. This approach also leaves virtual servers in the cloud vulnerable to attacks from other tenants, and applications architected for LAN environments are not typically designed to operate securely in a shared cloud network.
In his session at the 10th International Cloud Expo, Todd Cignetti, vice president of product management with Certes Networks, will review security best practices for encrypting sensitive data in motion in the IaaS cloud while describing Group Encryption, a novel approach to encrypting network traffic without point-to-point tunnels that puts the control of keys and policies in the hands of the tenant.