Q&A: Porticor CEO Gilad Parann-Nissany Discusses Cloud Security and Encryption

Originally posted on thewhir.com

(WEB HOST INDUSTRY REVIEW) — As security within the cloud continues to be one of the top concerns for many companies and end users, cloud-based data security provider Porticor has officially launched its Porticor Virtual Private Data System service to ensure that customers’ data stored in the cloud is fully secure.

The Porticor VPD system is comprised of Porticor Virtual Appliance and the Porticor Virtual Key Management Service to deliver high level of data privacy in a public environment for data protection, as well as being compliant with regulations like SOX, HIPAA, PCI DDS and GLBA.

Unlike other competing cloud encryption solutions on the market that place customers’ encryption keys in the hands of the security vendor or cloud providers, Porticor’s Virtual Key Management service allows customers to take complete control of the encryption key.

In advance of the company’s official launch on Wednesday, Porticor Cloud Security CEO and founder Gilad Parann-Nissany discussed in an email interview how its VPD system backed by its homomorphic split-key encryption technology works to ensure that data stored in the cloud remains completely secure.

WHIR: Explain how homomorphic split-key encryption technology works to ensure the privacy of data in the cloud?

Gilad Parann-Nissany: Lets’ define the challenge, first. Customers want to both have their cake and eat it: they want security and they want to enjoy the flexibility offered by modern clouds. Let’s demystify the terms “split key” and “homomorphic”. To understand “split key”, think about a bank safe that has two keys, one is held by the customer (call it the “master key”) and another is held by the banker. The advantage is that, if the master key is stolen, the banker will still protect your secrets; and yet the banker is unable to view the secrets in the safe since he does not have the master key. Bankers have been doing that for hundreds of years, only now we bring such an approach to the cloud with some cool technology.

In business terms, this means that neither Porticor nor the cloud provider know the customer keys, leaving control in customer hands. “Homomorphic” capabilities will make this split-key approach even stronger.  Homomorphic encryption allows keys themselves to be encrypted, and to be used and managed without ever having to decrypt them. This is attractive for cloud users – it guarantees their keys remain private in the cloud, unknown to cloud providers, security vendors and hackers. This patented approach is available for the first time as the Porticor Virtual Private Data system.

WHIR: How long has this been in the works for?

GPN: We have been working on this since 2010. We have gone through a beta process and have worked with several corporations, ranging from smaller enterprises to Fortune 1000 companies.

WHIR: How is Porticor’s key encryption security solution more effective than other security solutions?

GPN: Porticor’s solution allows the customer to enjoy the benefits of the cloud to the full, because it works totally in the cloud of the customer’s choice. Yet the customer keeps their data and keys totally secret, they share them with no one. Porticor’s approach is literally the only one on the market that meets both of these customer requirements. In business terms, the customer can outsource to the cloud the complexity of the security solution, and yet keep to themselves the confidentiality of their data.

WHIR: Is this something that Porticor is offering to service providers?  

GPN: Porticor is available both directly as a service to cloud users, as well as offered to service providers, who’d like to leverage data security as an added value service they pass to their customers. A service provider deploying Porticor can provide confidentiality to their own customers by allowing their customers to define their individual encryption policy.

WHIR: Who are some of Porticor main channel partners?

GPN: We are an official solution provider of Amazon Web Services and a Red Hat partner.