Why You Should Use Vormetric Cloud on Amazon Web Services


Apr 13, 2016


Understand the importance of proper encryption policies when moving to the cloud.

In today’s technologically-driven marketplace, it seems as if every organization is using or planning to use some type of cloud solution to manage and store critical data. And while this offers a host of advantages, it also presents challenges, chief among them being security. In working with my clients, I always try to convey the importance of safeguarding their information when moving large amounts of critical data online.

We always ensure that company administrators understand the benefits of proper key management to ensure that moving to a cloud provider like Amazon Web Services doesn’t increase exposure to data breaches, or give up control of sensitive information.

To address these concerns, it’s crucial to implement a data-focused security solution within each AWS migration. This solution must place the necessary security protections and controls around the sensitive data that would-be attackers are interested in getting their hands on. In addition, data needs to be safeguarded wherever it resides, which could include snapshots, disaster recovery locations, and backup repositories.

When choosing a security solution, it’s important to find a provider that offers the following encryption tools in their suite of services:

Policies that ensure privileged user access controls to all encrypted data

When used in tandem with Amazon’s Elastic Block Storage (EBS) and Elastic Compute Cloud (EC2), Amazon’s Identity and Access Management (IAM) service focuses on controlling network access to individual instances, but it does not offer access controls for any data that resides within the AWS itself. To prevent unauthorized access to critical data, there should be strong, centrally-managed access policies in place at the file system level that enforce when any data can be decrypted.

By implementing access controls with strong encryption capabilities, companies can create robust user access that enables privileged users to perform updates, system management, and other administrative functions, without giving them direct access to protected database tables or other encrypted files.

Integrated encryption and key management

Using robust, industry-standard algorithms for data encryption is one of the most critical steps in protecting sensitive data. Centralized key management should be simple and seamless, offering deployment options that match an organization’s unique needs. Any solution that is implemented should support the storage of keys within the AWS cloud, or within hybrid cloud offerings like AWS Virtual Private Cloud, where data can reside both in the cloud and locally. Finally, to ensure maximum security, keys must always be stored separately from an organization’s critical data, and never be revealed, even to storage administrators.

The above guidelines represent the absolute baseline for meeting compliance requirements and should be viewed as best practices for protecting critical company data.

Vormetric Encryption solutions on AWS

I often recommend Vormetric’s encryption solution for clients who are migrating critical data to Amazon’s cloud servers. Vormetric Transparent Encryption for AWS delivers all of the features necessary to create strong data protection within the cloud, including:

  • Integrated key management and encryption that protects organizational data at the system level within EBS and EC2 instances.
  • Strict separation of roles for systems and security management.
  • Robust APIs and command line tools that integrate well with other third-party infrastructure solutions.
  • A highly scalable structure.
  • Security intelligence reporting that enables integration with SIEM tools that support compliance reporting and event analysis.
  • Access policies offering privileged user controls that ensure data is decrypted only for authorized processes and users, while still allowing cloud and system admins to perform their duties without having access to sensitive data.

If your organization is moving to the cloud to improve performance and scalability, it’s critically important that you do so methodically and with a laser focus on security. Proper planning will avoid the nightmare scenario that can threaten the existence of entire companies: a monumental data breach that causes your customers to lose faith in you.

Related Blogs

  • AWS Data Migration Services" alt="">
    Best Practices for Using AWS Data Migration Services for Your Cloud Migration

    Following these best practices can ensure a smooth data migration to the cloud Key Takeaways: Data migration is the most important element in a cloud-based digital transformation A well-planned data...

    Learn More
  • This image is a drawing of a man in a business suit with a large magnifying glass. He’s standing in front of a backdrop of a cityscape, and in front of him are a number of clouds; one of them is red, the others are white. This represents making a choice of cloud service providers." alt="">
    AWS and Beyond: The Cloud Service Providers Your Company Should Consider

    Cloud migration is a must for business today, here’s how to be sure you choose the right cloud services provider. Key Takeaways: It’s important for businesses to choose the right cloud service...

    Learn More
  • AWS ad on a subway station wall." alt="">
    3 Ways Businesses on AWS Can Extract Huge Benefits From the Overarching Amazon Ecosystem

    Being on AWS means you not only have the most widely adopted cloud service but also access to several tools that can be immensely valuable for your business Key Takeaways: AWS cloud service is part...

    Learn More