By Tobias Manolo
More and more businesses are turning to pay-as-you-go cloud services to store corporate data and drive their business-critical applications; many are turning to Amazon’s Web Services, or AWS, but that doesn’t stop businesses concerns over protecting sensitive data or complying with regulatory requirements. To address these issues, SafeNet have published an ebook that shows how companies can not only control their sensitive data, but also deal with compliance.
According to SafeNet, an AWS Advanced Technology Partner, there are six key methods they recommend that will help to improve security:
1. Encryption Key Management that is Centralised – using SafeNet’s Virtual KeySecure for AWS Marketplace, organisations are able to deployed key management in centralised, high-availability environments, and clustered configurations, via a virtual security application. Encryption keys, as well as policies, for AWS EC2 workloads are stored and managed securely, so that ownership remains with the company.
2. Roots of Trust – roots of trust are components that are trusted to perform security-critical functions, in tamper-proof hardware and virtual security. The AWS CloudHSM service utilises Luna SA hardware security modules from SafeNet, providing customers with single-tenant appliances and their cryptographic storage needs.
3. Storage Encryption for the AWS Storage Gateway – Offering the full range protection of data at rest in virtual, physical and cloud-based storage environments is StorageSecure, a transparent solution that allows companies to keep strict controls over data access. The solution connects on-premise software appliances with AWS S3, providing a secure and seamless integration between AWS and on-premise storage environment.
4. Encryption and Pre-Boot Authentication – ProtectV for the AWS Marketplace is able to encrypt attached storage volumes and virtual machine instances, yet ensures the isolation of data and separation of duties by unifying control and encryption across cloud and virtualised environments. The application also improves compliance and security of sensitive data within AWS EC2 instances.
5. File Encryption for EC2 Instances and S3 – ProtectFile delivers automated file encryption for unstructured data within file servers and network drives, deployed alongside SafeNet’s KeySecure, encrypting flat files including text documents, sensitive data, spreadsheets, vector drawings and bitmap images.
6. Client-Side Object Encryption – for customer-controlled, client-side object encryption for storage, SafeNet recommend ProtectApp integrated with AWS SDKs, creating an encryption client that delivers application input keys that encrypt objects prior to them being uploaded to storage. These ensure that data is unreadable to unauthorised users nor providing access to unencrypted application data by the cloud provider.
As more and more companies migrate to cloud services and AWS, it pays to protect their corporate and sensitive data.