Cloud security specialist Porticor announced on Oct. 30 the availability of its cloud-based data-encryption solution, Virtual Private Data (VPD), which is designed to protect public, private and hybrid cloud data while stored and in use. The offering is currently available directly from Porticor through the company’s Website. The VPD is deployed in the cloud and managed from Porticor’s customer portal, with prices starting at $65 per month per Porticor Virtual Appliance.
The company’s patented Virtual Key Management service, with split-key encryption technology, keeps encryption keys in the organization’s control, delivering a cloud-based key management system for cloud data at rest. In addition, Porticor keeps the master encryption keys fully encrypted and secured even while being used to access cloud data.
“Potential cloud users worry about two things about information protection in the cloud—protecting it from other tenants and protecting it from the cloud provider,” Neil MacDonald, vice president and fellow at IT research firm Gartner, said in a statement. “Encryption is one protection option; however, when the encryption keys are used, data is at risk at that point. A solution that works completely in the cloud, yet is able to keep the keys protected in memory would help reduce the scope of a possible breach entry point.”
The platform, made up of the Porticor Virtual Appliance and the Porticor Virtual Key Management Service, uses a homomorphic key-encryption approach, a technique that enables mathematical operations to be performed on encrypted data. Porticor technology implements partially homomorphic encryption techniques for combining and splitting encryption keys, enabling the VPD system to give the application access to the data store without exposing the master keys in an unencrypted state. It also ensures that if a master key is stolen, it can still never be used to access a data store.
Porticor encrypts the entire data layer, including virtual disks, databases, files and distributed storage, and has a minimal impact on application performance or latency. Organizations can create as many Porticor appliances or agents as necessary, and in addition to a management user interface, the company also offers a secure cloud-based application programming interface (API).
“With this release, Porticor enhances the high levels of trust it was already infusing into the cloud with our split-key method to now fully protect cloud data at rest and in use,” Portico founder and CEO Gilad Parann-Nissany, said in a statement. “Now, organizations can trust their data to the cloud, knowing that their data-encryption keys are kept private 100 percent of the time. Because the encryption keys are never exposed to risk, Porticor’s cloud data security system delivers the highest levels of data security available on premise or in the cloud.”