Speaking of Heartbleed, here’s a little something of interest:
“When you’re using a software based encryption technology, essentially what’s happening today is no different than locking your home’s front door and walking away with the key still in it. Your home might be locked but it sure isn’t secure,” is Jeff MacMillan’s view of key encryption technology for the cloud.
MacMillan is the CEO of Victoria’s KeyNexus which is delivering a cloud-based encryption-key storage and provisioning service for developers of Cloud-based, Enterprise, SaaS or Mobile applications. It’s allowing businesses to employ encryption in their cloud or enterprise environments while maintaining secure, offsite storage of their encryption keys. As he said, “we’re the first company to make secure key storage a reality for the entire cloud industry. We’re reintroducing the core value of keeping the encryption key separate from what it’s locking.”
MacMillan was trained as an electrical engineer and naval weapons officer. He said being exposed at a young age to the tremendous opportunity and responsibility of managing tens or even hundreds of millions of dollars of operational assets has been great preparation for this business. Having the benefit of working with sensors, weapons systems, communication systems and getting to know the technology of data security, data ciphering, and data communications gives him a unique view point on the security space.
His experience of working with defense contractors let him see how virtualization changed the business in 2006/07, “it rendered a lot of encryption technologies obsolete. Not so much the encryption itself but the way keys are stored and managed. It’s one thing to secure your data, but it’s another thing to secure the keys, because one 128bit key could be responsible for encrypting petabytes of data. You might have all of that data backed up in ten different places around the world and never lose it, but if you lose or corrupt that one key you might as well just throw out all of that data. ”
From 2008 to 2011 the cloud wasn’t ready for their security software, and as a result they created encryption and key management appliances, also known as Hardware Security Modules (HSMs). This central encryption and key management appliance could be accessed by multiple applications, file systems and databases within an organization. Organizations could protect their confidential data with a single technology that was strict physical and logical security.
The days of companies managing their own data centers will one day be a memory. But, as MacMillan pointed out “the HSM will be the last of the hardware to go. Everything under the sun that isn’t necessarily confidential most companies can move out of their own data centres. There’s literally trillions of dollars of IT infrastructure that desperately wants to reinvent itself in the cloud.”
“It was realizing the future for our company was to take all of the capability that HSM’s provide and cloud enable them,” he said, adding further that “the cloud is adopting encryption at a rate that we’ve never seen before, because of high profile data breaches, government spying, and compliance regulations. Encryption is increasing exponentially. This means the number of encryption keys is increasing exponentially, which means all of the problems which exist with encryption keys in the cloud such as protecting keys, making sure keys are available 24/7 to cloud operations, and inter-platform key interoperability are increasing exponentially as well.”
The economics of doing business in the cloud is changing the economics of security.
As MacMillan said “it used to be having 100,000 customers meant having at least a $100million dollar business, now you can be a $5 million dollar a year in revenue cloud based business with 300,000 clients so any kind of data breach can suddenly look way bigger.”
With his goal of making the data breach a memory too, MacMillan pointed out that his lead security architect was eBay’s chief security architect for 10 years, and “is bringing that same philosophy from the worlds largest ecommerce platform, which means it’s the world largest attempted fraud platform to our business.”
Photo by Simon DesRocher