Securing Cloud Storage Security Guide
4
Securing Cloud Storage Security Guide TRUSTED CLOUD FABRIC
description
For many organizations, leveraging elastic, pay-as-you-go cloud services for housingexponentially expanding amounts of fi les and digital assets represents a signifi cantopportunity. However, for those enterprises that must comply with regulatory mandates orstrict internal security policies, the security risks posed by keeping information in multitenantcloud storage servers can make migrating to the cloud a nonstarter.In these cloud environments, sensitive data resides on virtualized, multi-tenant storageinfrastructures, which can pose signifi cant challenges from a security standpoint. How dosecurity organizations ensure sensitive data isn’t inadvertently exposed to other tenants ofthe cloud? How can organizations address mandates for separation of administrative duties,so those with super-user privileges in the cloud infrastructure can’t exploit their accessrights?
Transcript of Securing Cloud Storage Security Guide
Securing Cloud Storage
Security Guide
TRUSTED CLOUDFABRIC
Securing Cloud Storage Security Guide 1
Introduction: The Promise, and Security Obstacles, of Cloud Storage
For many organizations, leveraging elastic, pay-as-you-go cloud services for housing exponentially expanding amounts of fi les and digital assets represents a signifi cant opportunity. However, for those enterprises that must comply with regulatory mandates or strict internal security policies, the security risks posed by keeping information in multi-tenant cloud storage servers can make migrating to the cloud a nonstarter.
In these cloud environments, sensitive data resides on virtualized, multi-tenant storage infrastructures, which can pose signifi cant challenges from a security standpoint. How do security organizations ensure sensitive data isn’t inadvertently exposed to other tenants of the cloud? How can organizations address mandates for separation of administrative duties, so those with super-user privileges in the cloud infrastructure can’t exploit their access rights?
Securing Cloud Storage with SafeNet ProtectV Volume
SafeNet offers a range of solutions that enable organizations to leverage the business benefi ts of cloud services, without making compromises in security. With SafeNet ProtectV Volume, organizations can leverage cloud storage for their most sensitive assets. ProtectV Volume enables security teams to encrypt entire storage volumes in remote cloud deployments, ensuring data is isolated and secured even in shared, multi-tenant environments. ProtectV Volume addresses the critical requirements needed to secure cloud storage:
Data isolation. With ProtectV Volume, security teams can logically separate volumes that • hold sensitive data, so, for example, a cloud provider’s administrators can’t abuse their super-user privileges and a user with access to one volume can’t “jump” partitions and gain access to another group’s containers.
Compliant key management. ProtectV Volume offers the key management capabilities • administrators need to support the logical segmentation of data, users, and groups, and enforce the policies required to ensure the confi dentiality and integrity of data, so they can adhere to internal policies and external compliance mandates in the near and long term.
Granular authentication. ProtectV Volume also delivers strong pre-launch authentication, • including password-based protection at the user level, to control which resources can be accessed, when, and by whom.
Securing Cloud Storage
SECURITY GUIDE
ProtectV Volume: Key
Features
Data Isolation•
Compliant Key Management•
Granular Authentication•
Multi-tenant Protection•
Separation of Duties•
SSecuring
SSEECURITY GUIDEDE
Securing Cloud Storage Security Guide 2
Multi-tenant protection. With its comprehensive, robust capabilities, organizations can • ensure that, even in shared, multi-tenant cloud environments, administrators can have the visibility and controls they need to safeguard sensitive assets.
Separation of duties. ProtectV Volume enables security teams to separate administrative • responsibilities, for example, data encryption roles can be separated from data access controls. The solution offers controls for ensuring that any one administrator can’t abuse his or her privileges. For example, using approaches like “M of N separation”, organizations can require that multiple administrators must always conduct such critical administrative tasks as policy changes and key export.
In addition, ProtectV Volume offers support for strong encryption algorithms, including FIPS-approved AES 256 and 3DES, and it delivers the reporting, auditing, and logging capabilities required by PCI and many other regulatory mandates for data privacy and protection.
Deployment Scenario
ProtectV Volume can be used in VMware and Xen virtualized environments, as well as Amazon Web Services deployments. ProtectV Volume can be deployed in tandem with SafeNet DataSecure, an appliance-based platform that offers data encryption and granular access control capabilities. DataSecure can be applied to databases, applications, mainframe environments, and individual fi les, making it a comprehensive solution for enterprises.
When the combined solution is deployed, DataSecure is used as the central management mechanism for cryptographic keys, security policies, and administration. DataSecure resides in the customer’s premises, so administrators can retain the control and visibility required. ProtectV Volume resides on virtualized servers and communicates with cloud storage systems, enforcing encryption protection, so that only users that have been authenticated through DataSecure will be allowed to decrypt and use information.
By employing the ProtectV Volume solution, organizations can retain control over sensitive assets stored in
virtualized, multi-tenant cloud environments.
SafeNet DataSecure® (Supplemental Security Option):• Manages file protection• Lifecycle key management
• Security policy enforcement• Access control
On-premiseData
Storage
Virtual Server
ProtectV™Volume
Securing Cloud Storage Security Guide 3
Contact Us: For all offi ce locations and contact information, please visit www.safenet-inc.com
Follow Us: www.safenet-inc.com/connected
©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. ScG (EN)-02.01.11
Benefi ts of SafeNet
With its unparalleled combination of robust security, fl exible deployment, effi cient administration, and granular control, SafeNet enables organizations to move more applications to the cloud, without making any compromises in security.
With ProtectV Volume, enterprises can realize a range of benefi ts:
Maximize cloud storage security. With ProtectV Volume, organizations can apply policy-• based controls to isolate and secure data in multi-tenant environments—and so effectively guard against an array of threats posed to sensitive assets in the cloud.
Ensure and demonstrate compliance. With its compliant key management, separation of • duties, robust encryption support, and granular authentication, ProtectV Volume enables organizations to address the core requirements for ensuring data confi dentiality and integrity—so they can ensure they remain compliant with a host of policies and mandates.
Maximize control. Through ProtectV Volume’s integrated authentication, security • administrators can maintain control of where, when, and how instances are allowed to run, ensuring only authorized usage of cloud-based volumes.
Increase business agility. Inherently, cloud offerings enable organizations to scale or • contract storage much more quickly and cost effectively than if they were relying on internally hosted infrastructures. With ProtectV Volume, organizations can leverage multi-tenant, cloud-based storage services that would have previously been off limits from a security standpoint. Consequently, ProtectV Volume provides organizations with an unparalleled ability to take advantage of the cloud’s fl exibility to more quickly adapt to changing requirements.
Strengthen confi dence in cloud deployments. Through its strong security and separation • of duties, business management can have the confi dence that sensitive data will remain secure, and that no category of users will be able to get to data without proper authorization.
Part of the SafeNet Trusted Cloud Fabric
ProtectV Volume is a part of the SafeNet Trusted Cloud Fabric™, a blueprint that equips organizations moving data, applications, and systems to the cloud with the trust and control they need to ensure security and compliance. SafeNet offers a modular approach that gives organizations the fl exibility to migrate to the cloud in the most effective and effi cient manner, and according to their specifi c timeframes, business objectives, and security policies. SafeNet solutions support traditional data centers, private clouds, public clouds, and hybrid cloud infrastructures. As a result, SafeNet’s Trusted Cloud Fabric gives enterprises a practical roadmap for moving into the cloud, while leveraging the same technologies they know and trust for their private data centers. With the SafeNet Trusted Cloud Fabric, enterprises sustain optimal security—while fully leveraging the breakthrough agility, elasticity, and effi ciencies offered by the cloud.
About SafeNet
Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet.
