Enhancing Encryption and Key Management in AWS

Last updated: 16 May 2016

AWS re:Invent 2013 LogoIt’s rare to encounter a company that lacks a desire to migrate from the traditional datacenter to the cloud. Instead, progress in this area is most often impeded by the lingering questions companies have surrounding the ability to illustrate control of data in multi-tenant environments.

Gemalto is excited to continue our strong partnership with Amazon Web Services (AWS) to remove companies’ cloud adoption barriers. Amidst the annual AWS re:Invent conference, a pair of noteworthy AWS releases highlighted how the best encryption and key management solutions available – including our own – have been incorporated into AWS.

  • Data at Rest Encryption Whitepaper: AWS has released a new whitepaper, Securing Data at Rest with Encryption, which outlines the wide range of options available for encrypting data at rest in the cloud based on where encryption keys are stored and how they are accessed. The whitepaper highlights a number of SafeNet solutions from Gemalto to deliver data at rest protection in AWS:
    • Client side object encryption for AWS S3 with SafeNet ProtectApp and the AWS SDKs
    • Storage encryption for the AWS Storage Gateway with SafeNet StorageSecure
    • Encryption and pre-boot authentication for EC2 instances and EBS volumes with SafeNet ProtectV
    • Hardware root of trust for AWS RDS TDE and Redshift with SafeNet Network HSMs
    • Enterprise key management for the above solutions, as well as any Key Management Interoperability Protocol (KMIP) based key management partners.
  • Amazon Redshift HSM Support: Thanks to an update to Amazon Redshift, users can now protect their Redshift encryption keys at the highest level possible with a hardware security module (HSM) – in the cloud with AWS CloudHSM and on-premises with SafeNet Network HSMs. Read Amazon’s HSM management documentation to learn more about how to leverage an HSM to encrypt your Redshift cluster.

It’s exciting to see AWS driving new ways to incorporate HSMs as the root of trust in the cloud, as encryption is the key for illustrating control, security, and compliance. The above represents just some of the ways we are working with AWS to make it possible to deploy sensitive workloads in the cloud, and we’re looking forward to building from this foundation in the near future.

Virtual KeySecure and ProtectV on AWS MarketplaceAs a reminder, we also recently made SafeNet ProtectV and Virtual KeySecure available to deploy from AWS Marketplace. This provides customers with a complete encryption solution for protecting virtual machines, storage volumes, and encryption keys in a cloud consumption model, but in a way that is entirely controlled by the customer.

Want to put customer-controlled encryption in the cloud to the test?  All this month, you can try Virtual KeySecure and ProtectV free from AWS Marketplace.

If you’re attending AWS re:Invent this week, you can also visit us at booth #300 to learn how these solutions can address your unique encryption and key management requirements.


Leave a Reply

Your email address will not be published. Required fields are marked *