CUSTOMIZED PLATFORM BUILDING FOR EACH PERSON
All the data user keeps in the cloud wil be strongly encrypted.
Platform is a software installer which will help the user to encrypt that data, it will be a key to start the work on that data. It is a kind of like LiveCD of Linux Operating Systems we have in the market.
But not like private key,secret key but they are having drawbacks(loosing,stealing,
Replied by
Jeanne Morain-VP of Business Development & Strategy for InstallFree
There are technologies available today that do this. The premise and value of application virtualization solutions is that they separate and encrypt the user specific configurations and data from the application itself. This provides additional security on a per application basis. The applications are isolated from each other and the operating system. This enables hardening the OS (truly locking it down) without locking out the users ability to download, configure and use applications.There is nothing installed (in most cases) in the underlying OS registry. By not installing any digital fingerprint for the worm, BOT, virus, etc to seek out and exploit, one can proactively overcome some of the attacks. Ideally though it is best to follow Federal Desktop Core Configuration Guidelines and completely lock down the OS preventing administrative access and thus making exploits a mute point.
The key with selecting application virtualization as a platform is to understand whether the application virtualization technology executes in User Mode or User Rights Mode. They are very different. User Mode provides additional security in the event that the end user has administrative rights to their PC. If a user downloads a virus etc within the virtual bubble - it will not have sufficient access to be able to execute. With User Rights execution if the user has admin rights and downloads malware within the virtual application it could orchestrate an attack from the virtual registry (that may not be patched even though the physical one is) for a distributed denial of service attack.
Another key requirement is complete visibility inside the virtual environment through 2 Factor Discovery. The first factor is just detecting the virtual application is there and the 2nd is visibility into the actual virtual environment. Often times with malware etc it is registered or hidden under a more commonly accepted name. If you can not see all the EXEs within the virtual application then it is hard to tell what is hidden underneath or map it back correctly into Asset Mgmt or Service Desk tools. It may not just be a malware or security concern but also a business risk in terms of license compliance.
In InstallFree (company I work for) Administrators/Users can opt to have just their application configuration data stored this way OR they can have both the application data and the content that is created from these virtual applications stored in what is called a "V" directory or virtual environment. This enables the User Data to follow the user based on their current login credentials that are set via Active Directory both in and out of the cloud. That way if it is single sign-on etc they can leverage whatever they use today for password/security protection - eliminating yet another password to forget :-).
We have been very successful having our customers (MSPs) service their customers leveraging this model for regulated applications in off premises clouds such as Amazon EC2/S3 - see attached.
There are other security issues though that need to be thought through on the base OS in the VM that AppVirt can not solve.. My last post had some good reference points etc around Guest to Guest or Guest to Host attacks and what industry leaders like VMware, Microsoft, Redhat, and Intel are doing in this area.
www.universalclient.blogspot.
www.installfree.com
No comments:
Post a Comment