The benefits of cloud computing are well documented including business process optimization, adaptability to change, accessibility and extensibility. However, as the era of cloud computing progresses, valid concerns have arisen relating to the delicate matters of regulatory compliance and security risks, particularly provider access to tenant data, which have held back even broader adoption of cloud-based solutions. Data security leader SafeNet (News - Alert) has moved to address these concerns marking its entrance into the virtual security market with the introduction of Protect V.

The challenge

Ever since the cloud has emerged as an attractive alternative to premises-based solutions and the types of “(fill in the blank) as a Service” have proliferated helping accelerate the virtualization of many if not most computing capabilities, security has consistently ranked as the number one concern/fear of IT asset managers.   Indeed, as SafeNet notes, “As more data moves to private or public clouds, the number of super-users with access to an organization’s data multiplies, the risk of virtual machines (VMs) being copied without the owner knowing increases.”  

The challenge has been to develop a solution that can provide the proper level of security risk management to the point where it crosses the perception threshold in order to assuage IT fears.  SafeNet ProtectV does just that. It centralizes the management of encrypting VMs in AWS and VMware environments.  This means that users can manage the policy of what VMs encrypt and who should have access and by doing so, ensuring unified security policies throughout.  

SafeNet says that: “In this way, it is possible to enjoy the advantages of the cloud and virtualization, while at the same time, achieving full, auditable compliance with regulations and maintaining the visibility for governance.” 

The ProtectV solution

 As SafeNet explains, they packed ProtectV with an impressive number of capabilities. These include:

• Complete VM Security and Data Isolation:  Users can run their systems as if they were their own private data center, even in co-mingled or multitenant environments. This means security teams can isolate sensitive assets and maintain data ownership throughout its lifecycle.
• Protection from Rogue Admins: All VMs and associated storage volumes are encrypted meaning Super User Admins, who may have control of the virtualization infrastructure, cannot access the encrypted VMs.
• Enforced Compliance: ProtectV provides undisputed control and proof of data governance through audit logs. Organizations can enforce the proper controls, present a trusted audit control regardless of where the data is hosted or stored and sustain compliance with regulations, including PCI (News - Alert) DSS, HIPAA and HITECH.
• Data Governance and Visibility: ProtectV affords cloud security visibility through a centralized policy enforcement and audit point giving organizations and their compliance auditors complete control of the keys to their data and ownership with the complete logs for the necessary visibility.
• Cross-Platform Key Management:  ProtectV integrates with SafeNet’s Enterprise Key Management solution, KeySecureTM enabling security teams to centrally and uniformly manage cryptographic keys across an organization’s encryption platforms, streamlining key and policy administration.

Importantly it should be noted that ProtectV has VMware Ready status. It is compatible with VMware vCenter and VMware vShield virtual infrastructures as well as AWS EC2 & EBS environments.

Securing mission criticality

What does all of this translate into in terms of providing IT asset managers with peace of mind?  The deliverables are significant according to SafeNet:

• Customers can migrate mission-critical applications to virtual/cloud environments while ensuring data ownership through encryption and control of sensitive data.
• Customers can secure critical data throughout the information lifecycle – from provisioning to termination. Key capabilities include encryption of VMs, pre-launch authentication, central auditing and FIPS certified key management.

Looking at the risks currently associated with the ability of privileged users to create copies of virtual environments outside of the purview of IT manager consoles, Mike Rothman of Securosis, stated, “Security needs to be implemented directly within the virtualized instances, and organizations cannot rely solely on the cloud infrastructure to provide it.” That is why solutions such as that being provided in the ProtectV are so important. 

As Sangeeta Anand, corporate vice president and general manager, Data Protection Business Unit, SafeNet, explained: 

“Virtualization and cloud computing offer tremendous benefits in cost and agility, but organizations cannot use the same security approach they use for a physical datacenter. Today, organizations have more data than ever before – more data means more threats, and some of the biggest threats are right there in the organization... With ProtectV, organizations achieve the same control and security level in their virtual environment as they had in their physical datacenter.”

As noted above, security and compliance concerns have dominated enterprise hesitancy to either move some of their data to cloud-based solutions, or to increase the amount they already have placed in the cloud. The hesitancy is understandable both from a pure security mitigation standpoint, i.e., concern about rouge administrators wreaking immense damage, and from the standpoint of dealing with individual country governance and compliance mandates as to where, when, how and why data is stored and transmitted and the requirements for the motoring and auditing of data flows to assure compliance with a growing number of public policy rules and regulations. 

The kinds of protections being offered by SafeNet with ProtectV, especially when coupled with other data protection solutions, address the obstacles that IT asset managers fear in terms of greater use of the cloud and further virtualization of their enterprises representing justification why it can now be safe to move to the cloud, including public multi-tenant services.

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX.  Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.