Architecturally, the Porticor solution sits between the cloud based server and storage, ensuring that every bit of data between the servers and the storage is encrypted and every bit of data moving from storage to the servers is decrypted for customer initiated processes. The piece in the middle is the heart of the Portico solution, the Virtual Private Data (VPD) application. VPD is a virtual appliance that encrypts any disk or storage array with encryption algorithms such as AES-256. VPD retrieves the "banker" keys as well as requesting from the customer its key.
Porticor says this is military-grade security since only one party -- the customer -- holds the master key to unlock the data. (Hint: Don't lose the master key or you're up the creek without a paddle.) The master key only needs to be brought out of the steel vault when the entire server cluster is rebooted, which should be a rare occurrence. When new application servers are created, they inherit the encryption automatically through the VPD.
Security- and risk management-wise, the Porticor process does not save a "plain key" to any disk. Then, even if a hacker has penetrated the service provider's network searching for data, the hacker will not see anything to steal.
The Porticor solution is designed to work with any cloud implementation. Today, Porticor has established partnerships with Amazon Web Services (AWS) and Red Hat, making the choices of those two services extra easy.
Sign up for CIO Asia eNewsletters.