Upload
giladpn
View
587
Download
0
Embed Size (px)
Citation preview
© Porticor Confidential
Overview Available on strategic platforms
Who is Porticor?
Cloud encryption and key management
Focused on Healthcare security in the cloud
Only solution that is “pure cloud” yet provides Safe Harbor for Healthcare
Offices: Campbell, California
AWS official solution provider
VMware Tech Alliance
IBM SCE partner
© Porticor Confidential
Customer concerns about security
Customers requirements for Compliance and Regulation
Compliance and Security are #1 concerns for cloud healthcare
© Porticor Confidential
• Updated HIPAA Omnibus rules put more liability on ISVs as “Business Associates”• Normal operations mean that your security works and everything goes right
– Achieved through HIPAA safeguards• But, what if the safeguards were breached, through human error or malice?• If ePHI (electronic Personal Health Information) may have been exposed, the
following may be mandated or occur– Risk assessment– Reporting to state attorneys and to individual persons– High reporting costs– High fines– Damage to reputation
• Any mitigation? Safe harbor!
What happens when things go wrong?
© Porticor Confidential
• HHS guidance: “technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals”
• Data encryption is the high road to achieving this status• “If protected health information is encrypted pursuant to this
guidance, then no breach notification is required following an impermissible use of disclosure of the information.” [78 Federal Register 5644]”
• You are saved many of the reporting costs, fines and damage to reputation (you do not need to inform each individual!)
What is Safe Harbor?
6© Porticor - Confidential
SaaS PaaS
IaaS
Cloud Types
Your mission critical
Healthcare app is here
7© Porticor - Confidential
Pure cloud solution for encrypting data at rest and in use
A solution that securely stores keys in the cloud
Cloud security solved at SCALE Available with major platforms
You need…
© Porticor Confidential
State of the art encryption• We did not “invent the wheel”: AES 256 / SHA 2• But we have implemented it with best-in-class
performance• Streaming and caching mechanisms
Cloud key management - The “banker”• Metaphor: a physical safety deposit box is behind
strong walls, and requires two keys to open/lock: one for the customer, the other for the banker
• The secret sauce: our “split key” and “homomorphic” technology creates this in a virtual environment
Porticor Solution
© Porticor Confidential
Enterprise secrecy, Cloud flexibility
Protection Platform for all Cloud Resources
Split-Key Encryption & Homomorphic Key management
Up in minutes
Porticor platform
© Porticor Confidential
A master key protects all cloud resources, yet is never in the cloud
Keep your key where its safe:outside any computing environment
Enabled by unique “split key” and “homomorphic key” technology
VMs and Compute
Virtual Network
Data & Storage
Admin Sessions
Users, Groups, Roles
Application-level fields
© Porticor Confidential
The “Swiss Banker” metaphor Customer has a key, “Banker” has a key
Master key with Homomorphic key encryption
Key-splitting and Homomorphic Technology together deliver Trust
© Porticor Confidential
A mathematical technique• Business consequence:
Allows us to manage customer keys without knowing them!
• Industry’s first– Key-splitting and key-joining
without knowing the keys– We only know the encrypted
form of the keys– For example we can do A+B
without knowing A or B
Encryption(A+B) = Enc. (A) + Enc. (B)
What is “Homomorphic” ?
13© Porticor 2009-2012
1. Regulatory Compliance (HIPAA & PCI)2. High Security (PRISM is setting the stage)3. Flexible deployment & provisioning4. Dealing with Complexity5. Effective Key Management
Customers’ Critical Needs for Cloud Data Security
© Porticor Confidential
Healthcare App in the Cloud
Note usage of Porticor API for fine-
granular encryption
© Porticor Confidential
Challenge
• Maintain HIPAA compliance• Automate the key management and encryption process• Distribute keys to end users
How Porticor is used
• API Integration for encryption keys creation, revocation, etc• Tokens creation and distribution directly to end users• A cluster of Porticor Virtual Appliances for full redundancy
Result
• Fully integrated with ISV’s workflow• PHI data is always encrypted - the patient and Doctor maintain control through personal tokens
Healthcare ISV