Virtualization Technology News and Information
Fortanix 2018 Predictions: Time to Rethink Datacenter Security
VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Ambuj Kumar, CEO & Co-Founder, Fortanix

It's Time to Rethink Datacenter Security

It's apparent that existing approaches to securing applications and infrastructure have been ineffective. What's even more frustrating is that despite the plethora of solutions for detecting and analyzing breaches, there haven't been any real breakthroughs in preventing data breaches. There is no law of physics stipulating that data breaches cannot be prevented with 100% certainty. 

Traditional security measures are not working

Worms use the compromised host to infect other systems and spread rapidly without any human intervention. Keeping systems patched helps to a certain extent but patches are useless if worms exploit zero-day vulnerabilities, which have not yet been officially detected and fixed, so even fully patched systems are at risk.  Additionally, there are some malware with higher privileges than operating systems. These malware cannot be detected or mitigated by using traditional security measures or pure software tools.

It's time to rethink datacenter security 

Instead of requiring the datacenter to be clean of any worms, security leaders need to operate with an assumed-compromised model. They need to keep data secure even after the system is already infected. Runtime Encryption is one such concept that keeps applications secure even in the presence of the most powerful worms and malware. Runtime Encryption enables applications to work on encrypted data and keeps them protected from all external processes, including malware and worms.

The future is all about Runtime Encryption 

A pragmatic approach to Runtime Encryption involves leveraging security built in the hardware with co-engineered software and cryptography. The keys are stored in the CPU hardware, which is completely isolated from all software. All the system memory, file accesses, and network communication used by the application are automatically encrypted. Malware or worms may try to dump the valuable information by reading the file or snooping network traffic, but it's going to get only encrypted data. The valuable decrypted data remains protected even if the malware has complete control over the system. Worms are still a nuisance and you may need to still remediate your system but with Runtime Encryption they cannot get those keys and they cannot unlock the data used by the applications.


About the Author

ambuj kumar 

Prior to founding Fortanix, Ambuj Kumar was lead architect at Cryptography Research Inc. where he led and developed many of the company's security technologies that go into millions of devices every year. Previously, he worked for NVIDIA where he designed world's most advanced computer chips including world's fastest memory controller. He has a Bachelor of Technology from IIT Kanpur and a Masters of Science from Stanford University, both in EE. 

Published Friday, October 27, 2017 7:38 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2017>