SafeNet Highlights Top Six Ways to Encrypt Sensitive Data on AWS

By Peter Bernstein March 25, 2014

There is no denying the power and market dominance of Amazon Web Services (AWS). In fact, a recent Gartner Group report estimated that AWS has more than five times the combined capacity of its next 14 rivals, and generated roughly $3 billion in annual revenues. Large enterprises are increasingly moving some of the data they used to house on their own computers to the AWS cloud, and the number of small and mid-sized businesses (SMBs) that have entrusted much if not all of their mission critical data to AWS has exploded.

While the benefits of moving to AWS are substantial, the realities are that such a move is not without concerns, particularly regarding security. IT professionals remain wary that data residing on AWS and ultimately on the move can create exposure of vital information to unauthorized users making it susceptible to being compromised in a variety of potentially extremely harmful and costly ways.

Given these concerns which in many ways are impeding even faster adoption of AWS, SafeNet, Inc., a leading provider of data protection solutions, has released a new e-book, 6 Ways to Enhance Security in AWS. It outlines how companies can demonstrate compliance and illustrate control of sensitive data, in order to help businesses in pay-as-you-go cloud services like AWS.

Six SafeNet solutions to enhance AWS security

SafeNet, calls its recommendations “common sense.” As an AWS Advanced Technology Partner, SafeNet has developed practical capabilities to help AWS customers mitigate risks and increase peace of mind.  SafeNet describes them as follows:

  • Roots of Trust – Whether protecting cryptographic keys or authenticating devices, roots of trust are components inherently trusted to perform one or more security-critical functions, available in both virtual security appliances and tamper-proof hardware appliances. The AWS CloudHSM service uses SafeNet’s tamper-resistant Luna® SA hardware security modules as its root of trust to provide customers with single-tenant appliances in the AWS cloud to meet their cryptographic storage needs. Luna modules meet several government security standards and integrate with a large number of cryptographic protocols, allowing organizations to demonstrate compliance with strict information regulations.
  • Centralized Encryption Key Management – SafeNet’s Virtual KeySecure for AWS Marketplace allows organizations to quickly deploy centralized key management in high-availability, clustered configurations, using a hardened virtual security appliance that runs in the AWS cloud. It securely stores and manages encryption keys and policies for AWS EC2 workloads, and ensures that organizations maintain ownership of their encryption keys at all times. SafeNet’s Crypto Management platform has the largest number of partner integrations in the industry. Availability on AWS expands this solution even further and allows more customers to take advantage of encryption key management for their organization.
  • Encryption and Pre-Boot Authentication for EC2 and EBS – SafeNet’s ProtectV™ for AWS Marketplace encrypts entire virtual machine instances and attached storage volumes while ensuring complete isolation of data and separation of duties. It unifies encryption and control across virtualized and cloud environments, and increases security and compliance for sensitive data residing in AWS EC2 instances. ProtectV™ also ensures that no virtual machine instance can launch without proper pre-boot authentication.
  • Client-Side Object Encryption for Amazon S3 – SafeNet ProtectApp provides customer-controlled client-side object encryption for storage in Amazon’s Simple Storage Service (S3) when integrated with AWS SDKs. ProtectApp forms an encryption client that provides application input keys to encrypt objects before loading them to storage, making data unreadable by unauthorized users and making sure the cloud provider never has access to unencrypted application data.
  • Storage Encryption for the AWS Storage Gateway – StorageSecure is a network encryption appliance that offers optimal protection of data at rest in physical, virtual, and cloud-based storage environments. It is a transparent solution that enables organizations to retain strict controls over data access by connecting an on-premises software appliance with AWS S3, establishing a seamless and secure integration between their on-premises storage environment and AWS. The AWS Storage Gateway appliance is installed on the customer premises and is connected to StorageSecure via the iSCSI protocol.
  • File Encryption for EC2 Instances and S3 – SafeNet ProtectFile provides automated file encryption for unstructured data contained in network drives and file servers. ProtectFile is deployed in tandem with SafeNet KeySecure and encrypts flat files that contain sensitive data, including text documents, spreadsheets, bitmap images, and vector drawings. The combined solution provides encryption and access control policies to protect designated folders and files via data-centric encryption.

“SafeNet has been protecting the valuable data assets of Fortune 500 companies, government agencies, and other organizations for more than 30 years,” said Prakash Panjwani, senior vice president and general manager, Data Protection Solutions, SafeNet. “As companies migrate to cloud services, SafeNet is in lockstep with them, providing strong encryption solutions that meet their needs for rigorous security, regardless of their environment.”

IT professionals regardless of the size or location of their company, as a result of the data breeches we are aware of from the headlines, along with unfortunately the marked increase of incidents that don’t make the news, have become painfully aware that strong encryption is becoming table stakes for mitigating risks.  Whether it is data at rest or on the fly, making it difficult to access, and extremely difficult to decipher is paramount. Strong encryption (pardon the pun) is key. It happens to be true in all instances, but is of particular importance when that data is stored and accessed not just in the cloud but on public shared cloud services like AWS.

This is an instance, if you are an AWS customer, where going by the book is something to strongly consider.  

Edited by Cassandra Tucker
Related Articles

Amid Cryptocurrency Mania, Coinsquare's goNumerical Raises CAD $10.5M

By: Paula Bernier    12/5/2017

The company that operates the Canadian digital currency exchange known as Coinsquare says it has raised CAD $10.5 million in new funding.

Read More

Your New Heart Monitor is an Apple Watch. Really.

By: Doug Mohney    12/4/2017

Looking at a new smartwatch or fitness wearable for the holidays? If you are concerned about your heart health due to family history or reason, Apple …

Read More

Amazon Unleashes Alexa for Business - Consequences Abound

By: Doug Mohney    11/30/2017

Today, Amazon Web Services (AWS) announced Alexa for Business, bringing Amazon's intelligent assist into the office. This shouldn't be a surprise to T…

Read More

Pai Makes His Case for Title II Repeal

By: Paula Bernier    11/21/2017

FCC Chairman Ajit Pai today made clear his plans to repeal Title II net neutrality rules. The commission is expected to pass his proposal at its Dec. …

Read More

Winners of the 2017 Tech Diversity Award Announced

By: TMCnet News    11/20/2017

TMC, a global, integrated media company helping clients build communities in print, in person and online, today announced the recipients of the 2017 T…

Read More