CliQr Completes Security on Public Clouds (Part 2)Comments Off
CliQr’s CloudCenter platform completes the security requirements on clouds by using the mechanisms that clouds provide (see Part 1), and well-known standards-approved third-party technologies to secure applications and data on clouds, ultimately taking this hassle away from the enterprise. While this security is turned on by default, an enterprise can optionally disable some of the features and customize the security settings.
Here are a few of the important security features that CliQr provides:
– Data Encryption: CliQr keeps all data in rest and in motion (in transit to/from the cloud or within the cloud) encrypted at all times. CliQr maintains shared cloud storages on a per customer basis that are encrypted using AES-256 at block level. CliQr also provides a secure storage agent that can be used for syncing data to and from these storages. No cloud keys are needed for this and the agent will authenticate over mutual auth SSL with our platform using your unique CliQr credentials.
– User Authentication/Authorization: CliQr uses SHA-256 with salting to store one-way hashed user passwords in a user database. These passwords cannot be reverse-engineered from the hash. Moreover, the salting prevents dictionary attacks. The user auth module also supports interfacing with third party Single Sign-On (SSO) mechanisms, such as SAML.
– Key Management: While both cloud-provider keys and CliQr encryption keys are a great way of securing cloud resources, private keys need secure key management. If downloaded by end users to non-secure destinations, such as personal laptops, these keys are subject to being stolen or lost. CliQr does not allow key downloads (unless otherwise requested by Authorized Security Admins) and stores these keys in a secure database vault. Despite the fact that keys are not downloaded, CliQr maintains complete infrastructure transparency and flexibility, allowing end-users to access cloud resources such as VMs and storage using browser-based secure terminals and desktop sessions. The secure database vault is fully encrypted using a key stored in a different security domain such as Hardware Security Module (HSM). Only authenticated users will be able to retrieve their own key without being able to peek into other users’ keys.
– Application Network Isolation: Depending on the application type, CliQr secures the port and firewall settings for applications so that such VMs cannot be accessed by any third party, whether external or internal to the cloud. Only those ports that are required for application are opened. The strictest settings are chosen by default, with flexibility to modify at application on-boarding stage.
As noted, security is complex and often the level of complexity is intimidating, preventing enterprises from taking full advantage of the elasticity the cloud provides. With CliQr’s CloudCenter, we aim to break down the barriers of moving to the cloud by providing seamless and secure cloud application management for enterprises.