Security Experts:

Porticor's Encryption Offering Protects Cloud Data While Stored And In Use

On Tuesday, Israeli data protection firm Porticor released the latest version of its Virtual Private Data (VPD) system. The VPD system is designed to protect data in cloud environments that were previously considered untrusted, and does so while the data is at rest or in use.

Porticor LogoPorticor’s VPD was created to protect data no matter its state, in public, private, or hybrid cloud environments – or a mix of the three. The newest version of the VPD system, the company says, solves the issue of trust by protecting encryption keys as they are in use.

The Virtual Key Management system that has been included with the VPD system uses homomorphic key encryption technology.

Homomorphic encryption is a technique that enables mathematical operations to be performed on encrypted data. It enables the VPD system to give the application access to the data store without exposing the master keys in an unencrypted state. This also ensures that if a master key is stolen, it can still never be used to access a data store.

Traditional cloud security solutions put customers' encryption keys in the possession of the security vendor or cloud provider, and fail to fully protect cloud data and its encryption keys while stored and in use, the company explained in a statement.

"Potential cloud users worry about two things about information protection in the cloud -- protecting it from other tenants and protecting it from the cloud provider," said Neil MacDonald, VP and Gartner Fellow.

"Encryption is one protection option; however, when the encryption keys are used, data is at risk at that point,” MacDonald added. “A solution that works completely in the cloud, yet is able to keep the keys protected in memory would help reduce the scope of a possible breach entry point."

Porticor VPD is available immediately, with pricing starting at $65 a month per virtual appliance.

More information is available online.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.