PCI Compliance and Cloud Security: Frequently Asked Questions
1. PCI Compliance and Cloud Security:
Frequently Asked Questions
Gilad Parann-Nissany, co-
founder at Porticor Cloud
Security
2. • How do I generate strong encryption keys?
• Can my cloud provider read my data?
• What is “split knowledge” and why is it important?
• What is Porticor® Virtual Private Data™ System?
3. How do I generate strong encryption keys?
Encryption keys must be of sufficient length and totally
random. Make sure your encryption provider gives you tools
to generate these keys, under your complete control.
4. Can my cloud provider read my data?
If your cloud provider has
control over the
encryption keys, your data can
be seen by the company. But if
you keep the keys private, the
data is fully protected. Find an
encryption key management
solution completely outside the
control of the cloud provider.
5. What is “split knowledge” and why is it
important?
Split knowledge is needed first and foremost to split the
(encryption keys) knowledge between the cloud
provider/security vendor, and the enterprise. This is best
done by utilizing techniques such as split-key management
and homomorphic encryption of keys. An example for such a
system is Porticor’s Virtual Private Data.
6. What is Porticor® Virtual Private Data™ System?
• The industry’s first
cloud encryption and key
management system that does not
sacrifice trust
• The only solution that solves the
unaddressed challenge of securely
storing keys in the cloud
• No changes required on the
application servers
• Encrypts the entire data level
(databases, file servers, distributed
storage, virtual disks)
7. For more information on PCI compliance and
cloud security, visit our website
http://www.porticor.com