Cloud Data Security For Real - Finally!

posted Feb 6, 2012, 4:36 AM by Unknown user   [ updated Feb 6, 2012, 4:37 AM ]

Introduction – Data Security Concerns For Cloud Computing

Many surveys today highlight data security as the leading concern for organizations wanting to adopt cloud computing services.

If you Google “cloud data security” you get many responses which are pretty much academic or cumbersome. There is very little, if any, data protection technology that is put in place to really protect the user data in the cloud.

Enterprise data security solutions are not designed for systems that are up and running all the time, accessible remotely from many different places, or against insider attacks. You often do not know who the co-tenants are, and what access the cloud-service employees have.

Sometimes,  unseen and unforeseen infrastructure glitches can strike cloud service providers causing unintended data breaches without the users able to do anything about it.


SecureData 5.0 To The Rescue

Imagine a simple, affordable yet military-grade solution which provide automated and transparent encryption for any data files regardless of storage media and data movement, and requires little or no user training (hence minimizing any human errors).

Any data files that are created, edited, moved, or copied to any local, external, network or cloud storage devices, are automatically encrypted based on pre-defined policy. And without changing the way the users work, any unauthorized copying of sensitive documents (by rogue colleague, hacker, sniffer or malware) from a machine, server or cloud service, will only give encrypted files, hence eliminating the risk of sensitive information leaking.


Cloud Virtual Machine Servers

SecureData 5.0 on VM servers, similarly, ensures that data is not only encrypted while on the VM server, but stays protected when the data is also stored on cloud storage, and during movement between the two.

The data is visible to the user via the server applications, as it sits in the PC RAM (where it is impossible to steal unless you do a screen capture). In all other cases, the data stays encrypted, whether at rest, or on-the-move. 

If the cloud operator staff accesses or copies the cloud-stored data for inspection, equipment maintenance or backup, he cannot read the contents unless he has the key. This gives the cloud customer peace of mind that there are no unprotected copies of his sensitive data lying around somewhere (VM image, server, backup, etc).



In a system running “regular” encryption solution, advanced malware can copy and send out data files in plain, via proprietary network protocol, to the originating hacker.

Such advanced malware today are targeting cloud services, storage and applications, and it is hard to stop such attacks.

SecureData 5.0’s integrated APPLICATION WHITELISTING allows only user-listed trusted applications to run, so any malware not on the “members only” list cannot run.

However this alone cannot ensure comprehensive data safety.

Some malware can hijack trusted applications hence bypassing a whitelist. SecureData 5.0's Application Binding feature will ensure that an application only does what it is supposed to do, or certain files can only be accessed by a given application. Eg. Adobe Acrobat cannot open word.docx (only Microsoft Word can), only Oracle can open Oracle data files, etc.

Some even more clever advanced malware (eg rootkit, APT - Advanced Persistent Threat) can even sit below an operating system, or hide in its own VM below the O/S and bypass any security solutions on the systems, so as to avoid detection.

As they bypass SecureData this way, then, again, all the see or steal is encrypted data, as they occur too low in the stack, and hence under the encryption engine.

Some advanced malware can disable your anti-virus, anti-spyware and other installed security solutions! If these disable the SecureData, then, again, all they get is encrypted data.

For even more assurance, SecureData 5.0 also allows users to create Data Sandboxes and Application Sandboxes.

Eg if a web browser is transmitting malware, or if a trusted application is hijacked or infected with malware, then any action it takes, or any data file it tries to access, is limited to within the sandboxes.  This is useful for mitigating any zero-day attacks.  As we run more applications in the cloud, you can appreciate the value of this feature.

Either way, with SecureData's integrated 3-way defense, your data remains persistently protected from these new and diverse threats.