I’m sure you’ve seen endless articles about organizations jumping on the cloud computing bandwagon. I know what you’re thinking, how very 2013. But there is a fast growing trend in this shift to the “cloud” movement with enterprises increasingly deploying cloud infrastructures that are managed by service providers. Even enterprises (who traditionally invest in their own data center infrastructure and deploy “on premise”) are re-architecting their data centers to be service oriented (i.e. similar to that of a service provider’s architecture).
Underlying the service oriented data center architectures are the following key tenets:
- “Lights out” data centers – Data centers may be located anywhere in the country where it makes financial sense. However, having data centers doesn’t necessarily mean that there are individuals to manage those data centers. This means those servers and applications must be administered remotely.
- Virtualization – All physical infrastructure is virtualized allowing for efficient use of capital investments (physical infrastructure such as servers, switches, storage etc.) and provides the elasticity to scale or shrink capacity to meet peak business demands.
- Automation – All aspects of the data center, from physical servers to applications, must support automation. Automation requires all enterprise software products to offer Application Program Interfaces (APIs). Where applicable these products must also offer multi-tenancy capabilities which allows for strict isolation of data and ensures privacy.
Recognizing the trend in the “shift to cloud” and the resulting “API economy” Vormetric invested in data security products to meet the demand. In the past year and culminating in the recent 5.3.1 release, the Vormetric Data Security Manager (DSM) has several features that make it suitable for deployment in public or private clouds:
- RESTful APIs – “REST”, which means “Representational State Transfer” is the architecture for the World Wide Web. Systems that conform to the REST architecture are called RESTful. The Vormetric Data Security manager offers RESTful APIs through the HTTP protocol. Collectively, these APIs allow the DSM to be deployed, configured and administered remotely by the service provider administrators. To put it simply, these APIs support the automation paradigm.
- Key brokering – A rich set of RESTful APIs provide key brokering between customers (customer applications) and software as a service (SaaS) providers. Key brokering enables a customer to be the custodian of encryption keys. These keys are sourced or “brokered” from the data security manager.
- Virtualized Images – The data security manager is available in several machine image formats such as ISO (that allows deployment on bare metal or virtualized machines), OVA (a format used for VMware virtual machines), and QCOW (a format used for Kernel-based Virtual Machines (KVM)). The availability of DSM software in these images gives customers the choice to select a variety of cloud service providers.
- Multi-tenancy: A popular feature in the Data Security Manager is “domains”. Domains form the basis for multi-tenancy and allow for isolation or containerization of the various security objects (keys, certificates, etc.) on a per tenant basis. The 5.3.1 release allows security administrators to create and restore domain level backups which contain domain configuration information, including key and policy data. DSM System Administrators can delegate domain backup responsibilities to domain administrators. This results in a more secure multi‐tenant environment enabling individual domain administrators to manage their own domains.
- Licensing: Hourly, monthly, term and perpetual licenses (for Vormetric Transparent Encryption agents) offered by the DSM provides flexibility for both service providers and customers.
- Billing and Reporting: DSM has several license usage reports for the service provider administrator or customer domain administrator. The following reports help service providers bill their tenants (customers) for the services they consume.
- System License Usage Summary Report
- License Usage by Domains Report
- Domain License Usage Summary Report
- License Usage by Hosts Report
- Host Registration Activities Report
In addition to these “cloud ready” features in the Data Security Manager, the Vormetric Transparent Encryption agents support several Linux distributions with a rich release taxonomy that offers the latest Linux Kernel updates and security patches to help service providers meet service level agreements with customers. Both the Data Security Manager and the Transparent Encryption agents can be deployed in Amazon Web Services (AWS) infrastructure.
Vormetric, will continue investing in products that embrace the key tenets of service oriented architectures – automation, virtualization, multi-tenancy and needless to say, strong security.