Layered security in the cloud
by Ran Rothschild - Director of Operations at Orbograph - Tuesday, 29 July 2014.
Every time the application accesses the data store, a Porticor Virtual Appliance implemented in the customer’s cloud account uses both parts of the key to dynamically encrypt and decrypt data. Porticor’s virtual appliance combines high security with virtually no impact on application performance and application latency.

Porticor mitigates the threat of key theft both in storage and in use

Layered security

In the physical hub age, the issue of layered security was hardly felt as companies invested the bulk of their hub budget on the strongest firewall they could both afford and operate, a switch where they defined the different VLANs, and a good web application firewall. Other than these main tools, some investment was occasionally done in disk encryption capabilities, and perhaps also in one or two additional components.

In the Amazon cloud, companies can take full advantage of Virtual Private Cloud, subnets, multi-factor authentication methods (One Time Passwords), security groups, physical segregation using availability zones and regions, site-to-site VPN, etc.


The bottom line is that companies can achieve better security at lower costs by migrating their infrastructure to a public cloud. This is obtained by leveraging the right solution at the right locations in your environments in an optimal manner. This means: whatever makes sense to you financially, operationally and regulatory.

The dynamic nature of the cloud ensures with that the industry will continue to deliver various solutions fitting the many existing and new needs that constantly arise.

CloudEndure is another example of third part solution tailored to customers running on public clouds and that have a challenging Service Level Agreement with their customers.

Significant production downtime can terminate businesses. The loss of direct revenue is almost negligible in the era of reputations and choice. Customers rely more heavily on a vendor’s reputation and their uptime. One can also measure the mean time between failures.

CloudEndure solves the problem of downtime in the cloud by delivering continuous replication of your entire cloud application stack. A single click creates an exact replica of the entire application stack at an alternate region within minutes, complete with instances, attached volumes, network topology, load balancers, security groups, firewalls, and more.

What are the alternatives? Keeping and maintaining fully operational active-passive or active-active correlation between two or more environments and by this ensuring that you have above 99% uptime in addition to guarantying that your costs are “just” doubled. I think this speaks for itself.


Because of the high costs associated with managing physical environments, companies try to avoid any change associated with their cabinets. This places a lot of emphasis on planning because the cost of a mistake is dire. For example, if a company deploys a firewall and realizes after some time that that particular firewall does not fit their needs, it will take months and months of re-planning, testing, purchasing, shipping, deploying and re-testing to deploy another one. The cost of men-hours, flights, and so on is normally underestimated and will ultimately serve as the most costly section of the project’s budget.

On the other hand, replacing even the most pivotal of systems in your cloud environment takes anywhere from hours to several days (including tests). The simplicity of launching the relevant instance type from a machine image in the right facility, which already includes the right operating system and application, is done in minutes.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th