Thales Blog

One Small Step For Vormetric, One Giant Leap For #CloudSecurity

September 10, 2013

AWS Market Place Thales PartnersWhat a difference six months can make. Last winter, Gartner predicted that from 2013 through 2016 the worldwide spend on cloud services would be $677 billion, with US companies playing a prominent role. Then came intensely negative global reaction to government surveillance programs, leading to renewed discussion and debate on the topic of cloud security. Enterprises, government organizations and cloud service providers alike are looking at how to mitigate any potential downside consequences stemming from the NSA backlash. Fortunately, Vormetric can help them do exactly that.

This morning, we made an important contribution to enhanced cloud security by announcing the immediate availability of Vormetric Data Firewall™ for Amazon Web Services (AWS). Our new, fully virtualized solution works seamlessly within AWS, providing important data-centric security and delivering security intelligence to enterprises and SaaS providers around the globe. For organizations looking to migrate to the cloud knowing that they can both meet compliance requirements and protect their sensitive data within AWS implementations, Vormetric Data Firewall can put their minds at ease.

AWS is clearly the 800-lb. gorilla in the market for cloud-based virtual infrastructure services, topping all measures for dollar volume, compute capacity, services and number of customers. Amazon achieved its position of dominance by pioneering new markets, continuously innovating to stay ahead of the competition, and forging the right partnerships in areas that fall outside their areas of core competence. That’s where we fit in.

By far the most applicable service for most customers is the capability to run server instances within their environment – Amazon’s Elastic Compute Cloud (EC2) – and permanent file systems associated with those servers using Amazon’s Elastic Block Store (EBS). But, while Amazon offers strong layered security within its management and network environment, it doesn’t lock down EC2- and EBS-accessible data. Within AWS instances, the responsibility for data protection resides with the customer.

Given the surveillance-driven concerns around cloud security, customers rightly want and need assurances that their sensitive data will remain protected in the cloud. This is why our news is so exciting for millions of AWS customers (not to mention prospective customers).

Regardless of whether an organization is a new startup, building a new scalable virtual infrastructure for a SaaS application, or an established enterprise that wants to take advantage of the business flexibility and economic benefits of using AWS, there are three common drivers for securing sensitive data:

· Compliance with industry and government regulations

· Protection from data breach disclosure requirements

· Intellectual property (IP) protection

Compliance with industry and government regulations is — and will remain — a core driver, but protection from data breach disclosure and remediation requirements is critical for maintaining brand equity, and enterprises and government organizations alike must vigorously protect their valuable IP, even as they embrace the cloud.

Within AWS environments, the concept of a privileged user extends beyond employees and contractors to include cloud administrators. And, AWS snapshots create another risk vector. Privileged users who have access to snapshots of EC2 instances that access critical data in local storage also have access the information they contain. If those privileged accounts are compromised, or misused by a malicious insider, the data those snapshots contain becomes another possible exposure point.

To mitigate this risk, organizations must put protections in place at the file system level accessed by their EC2 instances, both local and EBS-based. And they should also protect data in snapshots, backup location repositories and disaster recovery locations as well. (In other words, wherever the critical data lives within any particular AWS implementation.)

This is what Vormetric does. Complementing AWS’ security scheme, Vormetric Data Firewall for AWS enhances cloud security by providing core data protection within AWS environments. We also made it simple for AWS customers to get started by devising three different options: 1) a 30-day free trial; 2) a pay-by-the-hour (or month) AWS marketplace offering; and 3) a Bring Your Own License (BYOL) capability for larger customers. Our solution allows organizations of all sizes to take advantage of the convenience, business flexibility and scalability of AWS environments, certain that they can meet compliance requirements beyond what AWS supports and protect their sensitive data at the source.