There is no denying the power and market dominance of Amazon Web Services (AWS). In fact, a recent Gartner Group report estimated that AWS has more than five times the combined capacity of its next 14 rivals, and generated roughly $3 billion in annual revenues. Large enterprises are increasingly moving some of the data they used to house on their own computers to the AWS cloud, and the number of small and mid-sized businesses (SMBs) that have entrusted much if not all of their mission critical data to AWS has exploded.

While the benefits of moving to AWS are substantial, the realities are that such a move is not without concerns, particularly regarding security. IT professionals remain wary that data residing on AWS and ultimately on the move can create exposure of vital information to unauthorized users making it susceptible to being compromised in a variety of potentially extremely harmful and costly ways.

Given these concerns which in many ways are impeding even faster adoption of AWS, SafeNet, Inc., a leading provider of data protection solutions, has released a new e-book, 6 Ways to Enhance Security in AWS. It outlines how companies can demonstrate compliance and illustrate control of sensitive data, in order to help businesses in pay-as-you-go cloud services like AWS.

Six SafeNet solutions to enhance AWS security

SafeNet, calls its recommendations “common sense.” As an AWS Advanced Technology Partner, SafeNet has developed practical capabilities to help AWS customers mitigate risks and increase peace of mind.  SafeNet describes them as follows:

• Roots of Trust – Whether protecting cryptographic keys or authenticating devices, roots of trust are components inherently trusted to perform one or more security-critical functions, available in both virtual security appliances and tamper-proof hardware appliances. The AWS CloudHSM service uses SafeNet’s tamper-resistant Luna® SA hardware security modules as its root of trust to provide customers with single-tenant appliances in the AWS cloud to meet their cryptographic storage needs. Luna modules meet several government security standards and integrate with a large number of cryptographic protocols, allowing organizations to demonstrate compliance with strict information regulations.
• Centralized Encryption Key Management – SafeNet’s Virtual KeySecure for AWS Marketplace allows organizations to quickly deploy centralized key management in high-availability, clustered configurations, using a hardened virtual security appliance that runs in the AWS cloud. It securely stores and manages encryption keys and policies for AWS EC2 workloads, and ensures that organizations maintain ownership of their encryption keys at all times. SafeNet’s Crypto Management platform has the largest number of partner integrations in the industry. Availability on AWS expands this solution even further and allows more customers to take advantage of encryption key management for their organization.
• Encryption and Pre-Boot Authentication for EC2 and EBS – SafeNet’s ProtectV™ for AWS Marketplace encrypts entire virtual machine instances and attached storage volumes while ensuring complete isolation of data and separation of duties. It unifies encryption and control across virtualized and cloud environments, and increases security and compliance for sensitive data residing in AWS EC2 instances. ProtectV™ also ensures that no virtual machine instance can launch without proper pre-boot authentication.
• Client-Side Object Encryption for Amazon S3 – SafeNet ProtectApp provides customer-controlled client-side object encryption for storage in Amazon’s Simple Storage Service (S3) when integrated with AWS SDKs. ProtectApp forms an encryption client that provides application input keys to encrypt objects before loading them to storage, making data unreadable by unauthorized users and making sure the cloud provider never has access to unencrypted application data.
• Storage Encryption for the AWS Storage Gateway – StorageSecure is a network encryption appliance that offers optimal protection of data at rest in physical, virtual, and cloud-based storage environments. It is a transparent solution that enables organizations to retain strict controls over data access by connecting an on-premises software appliance with AWS S3, establishing a seamless and secure integration between their on-premises storage environment and AWS. The AWS Storage Gateway appliance is installed on the customer premises and is connected to StorageSecure via the iSCSI protocol.
• File Encryption for EC2 Instances and S3 – SafeNet ProtectFile provides automated file encryption for unstructured data contained in network drives and file servers. ProtectFile is deployed in tandem with SafeNet KeySecure and encrypts flat files that contain sensitive data, including text documents, spreadsheets, bitmap images, and vector drawings. The combined solution provides encryption and access control policies to protect designated folders and files via data-centric encryption.

“SafeNet has been protecting the valuable data assets of Fortune 500 companies, government agencies, and other organizations for more than 30 years,” said Prakash Panjwani, senior vice president and general manager, Data Protection Solutions, SafeNet. “As companies migrate to cloud services, SafeNet is in lockstep with them, providing strong encryption solutions that meet their needs for rigorous security, regardless of their environment.”

IT professionals regardless of the size or location of their company, as a result of the data breeches we are aware of from the headlines, along with unfortunately the marked increase of incidents that don’t make the news, have become painfully aware that strong encryption is becoming table stakes for mitigating risks.  Whether it is data at rest or on the fly, making it difficult to access, and extremely difficult to decipher is paramount. Strong encryption (pardon the pun) is key. It happens to be true in all instances, but is of particular importance when that data is stored and accessed not just in the cloud but on public shared cloud services like AWS.

This is an instance, if you are an AWS customer, where going by the book is something to strongly consider.