Protecting YOUR data in THEIR cloud
The cloud evolution is here and is readily being embraced by U.S. Federal Government agencies. Federal agencies often turn to the cloud to meet their data storage and application needs. Although cloud services offer increased flexibility and availability as well as decreased costs, many agencies hesitate to bring compliance-regulated or mission-sensitive data to the cloud.
Cloud Service Providers (CSPs) are now tailoring services specific to the Federal government’s requirements. Many CSPs emphasize the shared responsibility model for securing data in the cloud. CSPs own the responsibility to secure the infrastructure that runs their cloud services. While CSPs’ employ extensive security, the onus is on you, as the CSP’s customer, to secure your data while adhering to compliance mandates and regulations.
The cloud brings new security risks that must be addressed before moving and storing sensitive data in a third-party environment. You need to evaluate the sensitivity of the data that may potentially move to the cloud. The sensitivity may vary based on the data type which includes, but is not limited to, Personally Identifiable Information (PII), company proprietary information, and classified data. Then, determine if your most sensitive data will stay on premises or if it can be encrypted and then safely stored in the cloud.
The best way to have complete control over the security of your data is to own the generation and administration of the keys used to encrypt your data. This is done with a physical or virtual key manager to manage the key lifecycle with a hardware root of trust. This hybrid deployment model allows you to have complete control over your data and encryption keys. If there is a data breach, the encryption keys will not be exposed and the data will remain secure.
Once you have created your keys, you have the ability to encrypt any data type using cloud-ready applications. After the data is encrypted, then it can be used and stored in any cloud service.
CSPs typically offer their own key management and encryption solutions which limits your control over your data. Using a one-stop solution is not the most secure way to protect your data stored in the cloud. Additionally, encrypted data is not transferrable between multiple cloud services without the use of a common key manager . This can limit the assurance for high availability of your data.
SafeNet AT, a trusted U.S. supplier of data security products, offers cloud independent encryption solutions. Our solutions enable you to take advantage of the security benefits of a hybrid deployment model.
SafeNet AT’s KeySecure for Government is a cryptographic key manager that can be deployed as a hardware appliance on premises or as a hardened virtual appliance in the cloud. By utilizing an on premises KeySecure for Government to securely generate, store and manage your cryptographic keys, you can ensure that you own and control your keys at all times.
Whether embedded in the KeySecure for Government or used as a network-attached appliance, Luna Hardware Security Modules for Government provide a FIPS certified hardware root of trust for maximum security.
KeySecure for Government integrates with various encryption solutions such as:
SafeNet AT’s cloud independent encryption solutions enable your data to be seamlessly transferred to multiple clouds from various service providers.
The SafeNet Virtual Encryptor CV1000 (CV1000) is the first hardened virtual encryptor, and is designed for extended WANs and SD-WANs. The CV1000 delivers robust encryption security for data-in-motion across high speed Carrier WAN links up to 5 Gbps.