AWS Security – Encryption and Key Management
Secure virtual workloads with DataControl AWS Security
The public cloud, including offerings like Amazon Web Services (AWS), can offload IT requirements and offer better business agility, but recent IT surveys show more than 50% of IT managers withhold sensitive data from the cloud because of security concerns. It is clear that while many are eager to embrace the cloud, that concerns about AWS security remain.
The reality is that virtualization introduces security concerns that escalate significantly as organizations move to the cloud, particularly hybrid or public clouds.
If you are moving to AWS – or any other public cloud – HyTrust can help. HyTrust DataControl AWS Encryption offers strong encryption with integrated key management to secure virtual machines and their data throughout their lifecycle. DataControl is easy to deploy and is uniquely able to encrypt or re-key data without taking applications offline. HyTrust offers NIST approved encryption available as a native Amazon Machine Image (AMI) but is also deployable in seconds to new and existing Amazon EC2 Linux and Windows VMs.
Advantages of the HyTrust approach to security and encryption for AWS include:
- Transparency: leveraging a simple policy agent that installs into the OS of each virtual machine, HyTrust DataControl encryption is transparent to applications, ensuring data is encrypted as it goes into storage, and decrypted when requested by the application.
- Mobility: HyTrust DataControl encryption is also truly mobile. Even if a VM is copied for backup or availability, customers can be sure data is secure. Encryption moves with the VM, providing both enhanced security as well as greater ease of use.
- Ease of Use: HyTrust DataControl encryption is easy to deploy, and the policy-based key management system is both highly secure and easy to manage.
- Zero Downtime: HyTrust DataControl Security for AWS also has the advantage of zero downtime – zero downtime for deployment and zero downtime for rekeying, making it easier to not only deploy secure encryption but also easier to maintain compliance with PCI-DSS and other regimes that require periodic cryptographic rekey.