OWN YOUR DATA. RENT THE CLOUD.

March 2013

Top 10 Cloud Encryption Myths

2

Myth 1: Encryption Degrades System Performance

▶ Implemented correctly, impact is

minimal

▶ Crypto should leverage hardware:

Intel and AMD processors support

AES-NI, giving hardware speed

▶ Cloud CPU is cheap: add

processing power as needed

▶ Look for caching capabilities that increase read performance

▶ Ensure storage is tuned – it’s the usual culprit for bottlenecks

Reality

3

Myth 2: Crypto Terminology is Cryptic

AESBlowfish

KMIP

NISTKey Management

3DES

▶ The right encryption and key management

solution should remove this complexity

▶ Encryption based on policy, vs managing individual keys, is

easier and more intuitive

▶ Only consider solutions with NIST- approved algorithms

Reality

4

Myth 3: Key Management is a Nightmare

"Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system.”

- Bruce Schneier

• You shouldn’t have to

manage ‘keys’ at all. A

system should do it for you.

• Password-based key

management doesn’t scale

• The right system is highly-

available and transparent.

• Value add: the system should

support key rotation with no

downtime

Reality

5

Myth 4: It’s Too Easy to Lose My Keys

• Use a layered, highly

available key management

system

• Ensure no one person has

complete control over keys

• Cluster your key

management servers in

redundant locations

• Don’t keep your keys and

your data in the same place

• Ensure key backups are also

encrypted

Reality

6

Myth 5: Encryption is Hard to Deploy

• Encryption can happen

transparently. You use SSL daily

• Modern crypto systems can be

installed in minutes

• Key management can run in

locked down virtual appliances

for fast configuration

• The days of lengthy, complex professional services

engagements are over

Reality

7

Myth 6: Encryption Only Secures the App

High Cloud Security Inc. Confidential

• It depends on the encryption

system

• VM snapshot and suspend

files can contain sensitive

data. Make sure your system

can encrypt them.

• VM backups should also be

encrypted

• You can encrypt VMs in

public cloud, even without

administrative privilege

Reality

8

Myth 7: Key Rotation Means Downtime

• Many regulations and security policies require periodic key

rotation

• Swapping keys has traditionally meant taking applications

and data offline

• Modern systems don’t require downtime and can do this

transparently

Reality

Initial Key 6 Month PCI Rotation Administrator Leaves

K0 K1 K2

9

Myth 8: Enterprise-Grade Crypto is Expensive

High Cloud Security Inc. Confidential

• Avoid a hardware-based key

management system

• Modern encryption systems

are equally secure, and install

quickly and easily

• Look for a system that lets

you purchase encryption as a

service, like you do for cloud

• Your security system can and

should scale with your needs

Reality

10

Myth 9: Encryption in the Cloud isn’t Secure

• No system protects against

every threat, but find a system

that protects against most of

your concerns

• Many organizations don’t like

that CSPs offer encryption,

but also manage your keys

• Encrypted data is more secure than leaving it in cleartext

• Find a crypto system that can encrypt your data in any public

cloud, that also lets you manage your keys

Reality

11

Myth 10: Solutions Don’t Support All Platforms

• Most organizations leverage

virtualization platforms from

different vendors, especially if

they use IaaS

• Find a system that will work

across hypervisor

platforms, or at the storage

layer, giving you flexibility

• In the public cloud, encrypt

within the guest OS of the

VM, so you are independent

of CSP infrastructure

Reality

12

Learn More About Cloud Encryption

Own Your Data. Rent the Cloud.

Visit http://www.highcloudsecurity.com

Download a whitepaper on Virtualization Security

Try HighCloud Security Software for Free!