The Inquirer-Home

HP brings simple split-key encryption to the cloud

Promises the NSA won't be able to access your data
Wed Jun 11 2014, 00:16
Digital encryption key

LAS VEGAS: HP HAS ADDED data protection products to its security arsenal under the Atalla brand, which aim to protect sensitive data, whether it's stored in the cloud, in-house or on mobile devices, and is structured or unstructured.

At its Discover user event in Las Vegas, HP took the wraps off three new security products: HP Atalla Cloud Encryption, HP Atalla Information Protection and Control (IPC) and HP Secure Encryption with HP Enterprise Secure Key Manager (ESKM) 4.0. HP acquired the Atalla range in its purchase of Compaq in 2002.

The cloud encryption product is based on a patented split-key system, which offers a double layer of protection for data transferred back and forwards from the cloud. Each data object like a file or disk is encrypted with a unique key that is split into two with one master key stored on-premise and a second virtual key created in the cloud service. When the master key is in the cloud, it is homomorphically encrypted, even when it is being used to encrypt or decrypt data to prevent unauthorised access.

Albert Biketi, general manager for HP Atalla, said that the new technology is advancing encryption for the cloud era.

"The broad use of encryption in environments is tough to manage, managing keys is difficult so we've looked at trying to solve that problem," he explained.

"The second problem is our environments are not all owned by us today. We not only use our own on-premise environments but we also burst into the cloud and how do you manage encryption in the cloud, when information is living in somewhere other than your own infrastructure."

The use of split-key homomorphic encryption means that no matter how the information is handled inside the cloud, the encryption keys are never exposed, as only a representation of the key is accessible. This makes the system a good option for firms concerned about monitoring by the NSA or other prying bodies.

"Even if they did get a snapshot, all they would see is a transient key, they could never reverse engineer to get access to the data," Biketi said.

"It's patented technology. The person generating the keys is the customer running the service, HP never has access to the master key. The customer is the only person who has the master key. Our service is different because it's patented, nobody else does it this way."

HP is not the first or only firm to offer homomorphic encryption of this kind, however. Smaller outfit Porticor offers a similar service based on patented split-key encryption technology.

It is in fact Porticor technology being used to power the HP Atalla system, although HP did not mention this during the initial announcement.

The IPC announcement is in response to the rise of unstructured data. The software, which runs on laptops, PCs, mobiles or servers, can be used to protect both structured data, and unstructured content like social media, emails, payment information and video, which now comprises around 90 percent of data created. IPC follows the information wherever it resides, in the cloud, on mobile devices or on-premise, so as the data moves, the security policy follows the data.

Firms are able to start out with certain types of information, and can add more stores in a modular way. They can also classify existing data, working backwards to include unstructured data already in existence.

"With IPC, you can build a map of sensitive data in a really powerful and simple way that actually speaks the language of business and you can add powerful rights management on top of this," Biketi said.

"You get automatic classification of valuable information, at the moment it's created and can apply security properties and context. You can do this in a consistent way that is invisible to the user, and it works offline, you don't have to be connected and you can use it on mobile devices. It's easy to deploy, you can use pieces of it as you learn how your environment operates, and you can go back and scan and classify old information."

According to HP, setting up the IPC product for structured data is a fairly simple process, and will require around a half day of preparation work with a consultant. However, if firms want unstructured data thrown into the mix, this is a full deployment and will take longer to assess the various policies and processes.

The encryption and IPC products are both available as subscription services, on either an annual or three-year basis, while a shorter monthly plan is being trialled in the US.

Finally, HP Secure Encryption with HP ESKM 4.0 unifies and automates encryption tools, ensuring that firms are using consistent security controls, automated key services and a single point of management. However, to make use of this, firms must invest in a HP ProLiant Gen 8 server along with Atalla client licences. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Microsoft Windows 10 poll

Which feature of Windows 10 are you most excited about?