Skip Navigation

Protecting YOUR data in THEIR cloud

The cloud evolution is here and is readily being embraced by U.S. Federal Government agencies. Federal agencies often turn to the cloud to meet their data storage and application needs. Although cloud services offer increased flexibility and availability as well as decreased costs, many agencies hesitate to bring compliance-regulated or mission-sensitive data to the cloud.

Shared Responsibility

Cloud Service Providers (CSPs) are now tailoring services specific to the Federal government’s requirements. Many CSPs emphasize the shared responsibility model for securing data in the cloud. CSPs own the responsibility to secure the infrastructure that runs their cloud services. While CSPs’ employ extensive security, the onus is on you, as the CSP’s customer, to secure your data while adhering to compliance mandates and regulations. 

Sensitive Data in the Cloud

The cloud brings new security risks that must be addressed before moving and storing sensitive data in a third-party environment. You need to evaluate the sensitivity of the data that may potentially move to the cloud. The sensitivity may vary based on the data type which includes, but is not limited to, Personally Identifiable Information (PII), company proprietary information, and classified data. Then, determine if your most sensitive data will stay on premises or if it can be encrypted and then safely stored in the cloud. 

Hybrid Deployment Model

The best way to have complete control over the security of your data is to own the generation and administration of the keys used to encrypt your data. This is done with a physical or virtual key manager to manage the key lifecycle with a hardware root of trust. This hybrid deployment model allows you to have complete control over your data and encryption keys. If there is a data breach, the encryption keys will not be exposed and the data will remain secure.

Once you have created your keys, you have the ability to encrypt any data type using cloud-ready applications. After the data is encrypted, then it can be used and stored in any cloud service. 

Customer Controlled Encryption for Cloud Storage with Customer Owned Keys

CSPs typically offer their own key management and encryption solutions which limits your control over your data. Using a one-stop solution is not the most secure way to protect your data stored in the cloud. Additionally, encrypted data is not transferrable between multiple cloud services without the use of a common key manager . This can limit the assurance for high availability of your data. 

Solutions to Protect Your Data in Their Cloud

SafeNet AT, a trusted U.S. supplier of data security products, offers cloud independent encryption solutions. Our solutions enable you to take advantage of the security benefits of a hybrid deployment model.

  • Cryptographic Key Management for the Cloud

    SafeNet AT’s KeySecure for Government is a cryptographic key manager that can be deployed as a hardware appliance on premises or as a hardened virtual appliance in the cloud. By utilizing an on premises KeySecure for Government to securely generate, store and manage your cryptographic keys, you can ensure that you own and control your keys at all times.

    Whether embedded in the KeySecure for Government or used as a network-attached appliance, Luna Hardware Security Modules for Government provide a FIPS certified hardware root of trust for maximum security.

     Learn More about KeySecure for Government

     Learn More about HSMs for Government

  • Data Encryption Solutions for the Cloud

    KeySecure for Government integrates with various encryption solutions such as:

    • ProtectCloudStorage: Encrypts data using customers’ own keys before it is sent to cloud object storage
    • ProtectV: Provides full disk encryption of physical servers, virtual machines, and cloud instances
    • ProtectFile: Controls access and encrypts data in sensitive folders and files
    • ProtectApp: Encrypts sensitive field and application data at the point of creation
    • ProtectDB: Protects sensitive data across databases in the data center and the cloud

    SafeNet AT’s cloud independent encryption solutions enable your data to be seamlessly transferred to multiple clouds from various service providers.

  • Virtual High Speed Encryption

    The SafeNet Virtual Encryptor CV1000 (CV1000) is the first hardened virtual encryptor, and is designed for extended WANs and SD-WANs. The CV1000 delivers robust encryption security for data-in-motion across high speed Carrier WAN links up to 5 Gbps. 

     Learn More about the SafeNet Virtual Encryptor CV1000

 

Connect with us

Learn more about our products, solutions and services Contact SafeNet AT