Alex Berlin: Security challenges in the cloud computing space
AFORE Solutions is a leading provider of advanced data security and encryption management solutions that protect sensitive customer information in multi-tenant private, public and hybrid clouds and virtualized infrastructures. AFORE’s award-winning CloudLink® platform is the industry’s most complete encryption management platform for protecting workloads deployed in the cloud. The innovative platform provides customers the security foundation to protect mission-critical data with a rich suite of encryption modules to meet the diverse deployment and security customer needs. AFORE is a RSA Technology Partner and EMC® Select Business Partner.
Rake Narang: How is the cloud computing market evolving? What are some future trends in the cloud security space?
Alex Berlin: Despite the hype around public cloud for the past several years, few organizations had fully embraced cloud for critical enterprise applications. The priority out of the gates was to deploy virtualization technologies within the enterprise data center, building experience and overcoming challenges along the way. Understanding how running applications on a shared infrastructure would affect availability and reliability along with the impact on security controls was paramount. Over the past year or so, we have seen a significant shift in that enterprises and governments are now seriously considering the cloud as a viable option for new projects and initiatives with many adopting a “cloud first” approach. While security concerns have been a major barrier to cloud adoption, new solutions have come to market that are specifically designed for securing data across a hybrid cloud infrastructure providing organizations with a way forward.
About Alex Berlin
Alex Berlin, AFORE President & CEO since founding the company in 2003, is a successful business leader with a proven track record in developing and monetizing innovative networking, virtualization and security products. Prior to AFORE, Alex held a number of senior management and executive roles with high tech companies in both Canada in Europe including Marconi Communications, Nortel Networks and Telrad Networks. Alex was a co-founder of Ambercore Software Inc. (big data analytics), where he served as a Chairman from 2004 to 2007 and played a key role in initial product incubation and securing Angel and VC rounds of funding.
Rake Narang: What security challenges are you seeing in the cloud computing space?
Alex Berlin: With cloud, the security model has changed; the traditional perimeter no longer exists and IT control is shared between internal staff and cloud administrators. Coupled with this, data is now truly mobile and customers no longer know where their information resides in the cloud. The focus therefore needs to change from securing the network perimeter to securing the data - wherever the data goes, the security goes with it so to speak. Adding to the complexity, different use cases require different types of security controls – there is no one-size-fits-all solution to securing data. With a distinct focus on data security for the cloud, AFORE provides the ability for customers to protect information at multiple layers from storage, to virtual machine, to file and application level granularity. Offering a variety of data encryption approaches allows an organization to address multiple business initiatives or use cases from a common security framework thereby reducing cost and complexity. The other key aspect of securing the cloud is to ensure that data owners retain control over security policies and encryption keys – if your data is encrypted but your cloud provider hold the keys, how can you really know who is accessing your information? In essence, hybrid clouds need hybrid security meaning that solution elements exist within the enterprise as well as in the cloud.
Rake Narang: What challenges are you seeing CIOs face when looking to deploy the cloud?
Alex Berlin: CIO’s really are averse to being locked into any given technology platform or cloud provider. Instead, they want the flexibility to address changes as they’re needed regarding everything from the lines of business, to supporting organizational changes—such as mergers and acquisitions—or even to have the ability to change service providers if they aren’t performing as expected. We see many customers adopting a multi-cloud strategy whereby workloads may be deployed in Amazon, Microsoft Azure or VMware clouds and the need to ensure their data is secured regardless of the cloud or underlying computing platform. Another challenges CIO’s face in deploying the cloud is having an “exit strategy” – the ability to leave a particular cloud provider with total confidence that their data no longer remains on that infrastructure. Data encryption is a perfect solution to address data remanence – simply destroy your encryption key and your data is destroyed regardless of how effective (or not) that cloud provider is on his end.
Rake Narang: How are regulations impacting the cloud space?
Alex Berlin: Regulatory compliance is an important issue to consider when moving sensitive data to the cloud whether that data be personally identifiable information (PII), financial information or personal healthcare records for example. We have seen all the major regulatory bodies including HIPAA (healthcare), PCI (payment card) and even CJIS (the security policy arm for Criminal Justice Information System in the US) develop cloud specific requirements which include the need for encryption of data at rest as well as in motion. What is interesting to note is that some of these regulations now extend responsibility and liability to the cloud service providers. Along with stricter requirements on protecting data, data breach notification requirements and fines are becoming quite onerous. Another aspect of emerging cloud regulations apply when providing cloud services to federal governments; for example, the US FedRAMP (Federal Risk and Authorization Management Program) outlines specific security requirements that cloud solution providers must meet in order to sell their services. Along these lines, we see leading cloud providers such as Amazon and Microsoft starting to build “government clouds” to address the market opportunity.
Founded in: 2003 CEO: Alex Berlin Public or Private: Private Head Office in Country: Canada Products and Services: AFORE’s CloudLink is the industry’s most complete encryption management platform for protecting enterprise workloads deployed in the cloud. The hybrid encryption management platform provides the security foundation to protect mission-critical data in multi-tenant, hybrid cloud environments with a rich suite of encryption modules to meet diverse deployment and security customer needs from block level encryption, to virtual machine encryption, to file based encryption, to full application lockdown.
Four modules make up the complete CloudLink platform:
CloudLink Secure Virtual Appliance (VSA) addresses privacy concerns in the storage layer of the network by encrypting mission-critical data in motion and at rest across private, hybrid and multi-tenant clouds. The module provides a software-defined storage encryption layer between virtual machines (VMs) and physical storage securing sensitive application data.
CloudLink SecureVM provides both in-volume data encryption as well boot volume with advanced pre-boot authentication. The module allows for customers to securely pursue cloud-hosted desktops and application server initiatives protecting both the data and VM integrity.
CloudLink SecureFILE is designed to specifically to provide file level encryption granularity for scale out storage platforms. This module secures data associated with enterprise applications, including Microsoft SQL server, SharePoint, Exchange and Office.
CloudLink SecureAPP secures cloud-hosted applications and virtual desktops by encrypting all data at the application level and tightly controlling which users, applications and VMs can access the data. This particular module essentially creates a secure virtual container around the applications with only trusted, authorized users being able to decrypt.
Encryption deployment, security policy enforcement, secure network extension and hybrid cloud system management are a few of the integral capabilities within CloudLink, and provide customers with a seamless security overlay for industry leading virtualization and cloud platforms from vendors such as VMware, Amazon and Microsoft. Additionally, CloudLink provides advanced key management including the ability for customers to control their own encryption keys, even in public cloud deployments. Company’s Goals: AFORE’s goal is to further strengthen our market leadership in providing data security for the hybrid cloud. This will be achieved by equipping enterprise and government customers with an industry –leading encryption management platform that will allow them to simply and effectively secure sensitive data wherever it resides thereby instilling trust that will lead to accelerated adoption of the cloud. Key Words Related to your Company: loud Security; Data Security; Data Encryption, Virtualized Infrastructure; Multi-tenant Cloud; Hybrid Cloud; Public Cloud; Network Layered Security
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN