Businesses are increasingly turning to elastic, pay-as-you-go cloud services such as AWS (Amazon Web Services) to run business-critical applications and store company data, but concerns about compliance and sensitive data are impeding progress. In an e-book entitled ‘6 Ways to Enhance Security in AWS’, SafeNet outlines how companies can demonstrate compliance and illustrate control of sensitive data.
In the e-book SafeNet recommends the following solutions to enhance security:
- Roots of Trust: Whether protecting cryptographic keys or authenticating devices, Roots of Trust are components inherently trusted to perform one or more security-critical functions, available in both virtual security appliances and tamper-proof hardware appliances. Protecting cryptographic keys, performing device authentication, or verifying software are three examples. Roots of Trust should meet several government security standards and integrate with a large number of cryptographic protocols, allowing organizations to demonstrate compliance with strict information regulations.
- Centralised Encryption Key Management: By using a virtual key management solution that runs in the AWS cloud, organizations can quickly deploy centralised key management in high availability, clustered configurations. Centralised key management securely stores and manages encryption keys and policies for AWS EC2 workloads, while also ensuring that organizations maintain ownership of their encryption keys at all times.
- Encryption and Pre-Boot Authentication for EC2 and EBS: Encryption and pre-boot authentication for AWS Marketplace can encrypt entire virtual machine instances and attached storage volumes while ensuring complete isolation of data and separation of duties. Such solutions unify encryption and control across virtualized and cloud environments, and increases security and compliance for sensitive data residing in AWS EC2 instances. Encryption and pre-boot authentication also ensures that no virtual machine instance can launch without proper pre-boot authentication.
- Client-Side Object Encryption for Amazon S3: Client-Side object encryption for storage in Amazon’s Simple Storage Service (S3) can provide keys as input to applications in order to encrypt an object before loading it to storage. This gives customers control of their data by encrypting it within the application before it is uploaded to S3. It also makes data unreadable by unauthorised users and making sure the cloud provider never has access to unencrypted application data.
- Storage Encryption for the AWS Storage Gateway: By utilising a network encryption appliance that offers optimal protection of data at rest in physical, virtual, and cloud-based storage environments, organizations can encrypt sensitive assets before they are saved to Amazon S3 environments. Businesses can also retain strict controls over data access by connecting an on-premises software appliance with AWS S3, establishing a seamless and secure integration between their on-premises storage environment and AWS.
- File Encryption for EC2 Instances and S3: Automated file encryption for unstructured data contained in network drives and file servers can encrypt flat files that contain sensitive data, including text documents, spreadsheets, bitmap images, and vector drawings. This provides encryption and access control policies to protect designated folders and files via data-centric encryption. As opposed to systems that secure a perimeter or device, such methods secure the data itself, ensuring that files are protected regardless of where files reside or where they are sent.
Download the e-book (PDF).
•Date: 27th March 2014 • World •Type: Article • Topic: ISM
To submit news stories to Continuity Central,
e-mail the editor.
Want an RSS newsfeed for your website? Click