Customer controlled encryption for cloud storage with customer owned keys
Federal agencies are looking to the cloud to meet their data storage needs. Although cloud storage offers increased flexibility and availability as well as decreased costs, many agencies hesitate to bring compliance-regulated or mission-sensitive data to the cloud.
Data Security in the Cloud
Many Cloud Service Providers (CSPs), such as Amazon Web Services, emphasize the shared responsibility model for securing data in the cloud. CSPs own the responsibility to secure the infrastructure that runs their cloud services. While CSPs’ employ extensive security, the onus is on the CSP’s customer to secure their data adhering to compliance mandates and regulations. The most effective way to do so is through customer controlled data encryption and key management, deployed with strong policy-based access controls.
ProtectCloudStorage, a cloud encryption solution, protects sensitive data stored in the cloud. ProtectCloudStorage encrypts data using customers’ own cryptographic keys before it is sent to cloud object storage. The solution supports both hybrid and pure cloud environments with ProtectCloudStorage running on-premises or in the cloud. It works in tandem with KeySecure for Government, a cryptographic key management platform, to protect and manage the cryptographic keys used in the encryption process.
ProtectCloudStorage offers various deployment models:
Endpoint deployment – encrypts cloud storage-bound data on individual endpoints before it leaves the device.
Gateway deployment – encrypts cloud storage-bound data via a gateway before it reaches object storage. (available Summer 2018)
Designed for Ease of Use
ProtectCloudStorage features a simple interface. Users can easily select and encrypt cloud storage-bound files though an easy-to-use web interface. ProtectCloudStorage offers a full suite of APIs for organizations who want to automate sending encrypted data to object storage.
KeySecure for Government
KeySecure for Government provides centralized key management for ProtectCloudStorage. KeySecure for Government is available as either a hardware appliance (Enterprise-level G460 or Field-level G160) or virtual appliance (G350v). KeySecure for Government supports a FIPS 140-2 Level 2 or 3 hardware root of trust.
KeySecure for Government is manufactured, sold, and supported exclusively in the United States by SafeNet Assured Technologies.
Robust Security for Data Stored in the Cloud
Because data is encrypted on the endpoint, ProtectCloudStorage enables administrators to maintain control of the entire data encryption process. Moreover, by integrating a key manager, the encryption keys remain separate from the CSP. With ProtectCloudStorage, organizations can prove data ownership at all times.
When customer-owned encryption and encryption keys are implemented correctly, agencies will be able to secure their sensitive data in the cloud and meet many compliance mandates and security regulations.