• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Securing Cloud Storage Security Guide
 

Securing Cloud Storage Security Guide

on

  • 810 views

For many organizations, leveraging elastic, pay-as-you-go cloud services for housing...

For many organizations, leveraging elastic, pay-as-you-go cloud services for housing
exponentially expanding amounts of fi les and digital assets represents a signifi cant
opportunity. However, for those enterprises that must comply with regulatory mandates or
strict internal security policies, the security risks posed by keeping information in multitenant
cloud storage servers can make migrating to the cloud a nonstarter.
In these cloud environments, sensitive data resides on virtualized, multi-tenant storage
infrastructures, which can pose signifi cant challenges from a security standpoint. How do
security organizations ensure sensitive data isn’t inadvertently exposed to other tenants of
the cloud? How can organizations address mandates for separation of administrative duties,
so those with super-user privileges in the cloud infrastructure can’t exploit their access
rights?

Statistics

Views

Total Views
810
Views on SlideShare
810
Embed Views
0

Actions

Likes
1
Downloads
16
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Securing Cloud Storage Security Guide Securing Cloud Storage Security Guide Document Transcript

    • SecuringCloud StorageSecurity GuideTRUSTED CLOUDFABRIC
    • Securing Securing Cloud Storage SECURITY SECURITY GUIDE DE Introduction: The Promise, and Security Obstacles, of Cloud StorageProtectV Volume: Key For many organizations, leveraging elastic, pay-as-you-go cloud services for housingFeatures exponentially expanding amounts of files and digital assets represents a significant opportunity. However, for those enterprises that must comply with regulatory mandates or• Data Isolation strict internal security policies, the security risks posed by keeping information in multi-• Compliant Key Management tenant cloud storage servers can make migrating to the cloud a nonstarter.• Granular Authentication In these cloud environments, sensitive data resides on virtualized, multi-tenant storage• Multi-tenant Protection infrastructures, which can pose significant challenges from a security standpoint. How do• Separation of Duties security organizations ensure sensitive data isn’t inadvertently exposed to other tenants of the cloud? How can organizations address mandates for separation of administrative duties, so those with super-user privileges in the cloud infrastructure can’t exploit their access rights? Securing Cloud Storage with SafeNet ProtectV Volume SafeNet offers a range of solutions that enable organizations to leverage the business benefits of cloud services, without making compromises in security. With SafeNet ProtectV Volume, organizations can leverage cloud storage for their most sensitive assets. ProtectV Volume enables security teams to encrypt entire storage volumes in remote cloud deployments, ensuring data is isolated and secured even in shared, multi-tenant environments. ProtectV Volume addresses the critical requirements needed to secure cloud storage: • Data isolation. With ProtectV Volume, security teams can logically separate volumes that hold sensitive data, so, for example, a cloud provider’s administrators can’t abuse their super-user privileges and a user with access to one volume can’t “jump” partitions and gain access to another group’s containers. • Compliant key management. ProtectV Volume offers the key management capabilities administrators need to support the logical segmentation of data, users, and groups, and enforce the policies required to ensure the confidentiality and integrity of data, so they can adhere to internal policies and external compliance mandates in the near and long term. • Granular authentication. ProtectV Volume also delivers strong pre-launch authentication, including password-based protection at the user level, to control which resources can be accessed, when, and by whom. Securing Cloud Storage Security Guide 1
    • • Multi-tenant protection. With its comprehensive, robust capabilities, organizations can ensure that, even in shared, multi-tenant cloud environments, administrators can have the visibility and controls they need to safeguard sensitive assets. • Separation of duties. ProtectV Volume enables security teams to separate administrative responsibilities, for example, data encryption roles can be separated from data access controls. The solution offers controls for ensuring that any one administrator can’t abuse his or her privileges. For example, using approaches like “M of N separation”, organizations can require that multiple administrators must always conduct such critical administrative tasks as policy changes and key export. In addition, ProtectV Volume offers support for strong encryption algorithms, including FIPS- approved AES 256 and 3DES, and it delivers the reporting, auditing, and logging capabilities required by PCI and many other regulatory mandates for data privacy and protection. Deployment Scenario ProtectV Volume can be used in VMware and Xen virtualized environments, as well as Amazon Web Services deployments. ProtectV Volume can be deployed in tandem with SafeNet DataSecure, an appliance-based platform that offers data encryption and granular access control capabilities. DataSecure can be applied to databases, applications, mainframe environments, and individual files, making it a comprehensive solution for enterprises. When the combined solution is deployed, DataSecure is used as the central management mechanism for cryptographic keys, security policies, and administration. DataSecure resides in the customer’s premises, so administrators can retain the control and visibility required. ProtectV Volume resides on virtualized servers and communicates with cloud storage systems, enforcing encryption protection, so that only users that have been authenticated through DataSecure will be allowed to decrypt and use information. Data On-premise ProtectV™Volume Storage Virtual ServerSafeNet DataSecure® (Supplemental Security Option):• Manages file protection • Security policy enforcement• Lifecycle key management • Access control By employing the ProtectV Volume solution, organizations can retain control over sensitive assets stored in virtualized, multi-tenant cloud environments. Securing Cloud Storage Security Guide 2
    • Benefits of SafeNetWith its unparalleled combination of robust security, flexible deployment, efficientadministration, and granular control, SafeNet enables organizations to move more applicationsto the cloud, without making any compromises in security.With ProtectV Volume, enterprises can realize a range of benefits: • Maximize cloud storage security. With ProtectV Volume, organizations can apply policy- based controls to isolate and secure data in multi-tenant environments—and so effectively guard against an array of threats posed to sensitive assets in the cloud. • Ensure and demonstrate compliance. With its compliant key management, separation of duties, robust encryption support, and granular authentication, ProtectV Volume enables organizations to address the core requirements for ensuring data confidentiality and integrity—so they can ensure they remain compliant with a host of policies and mandates. • Maximize control. Through ProtectV Volume’s integrated authentication, security administrators can maintain control of where, when, and how instances are allowed to run, ensuring only authorized usage of cloud-based volumes. • Increase business agility. Inherently, cloud offerings enable organizations to scale or contract storage much more quickly and cost effectively than if they were relying on internally hosted infrastructures. With ProtectV Volume, organizations can leverage multi- tenant, cloud-based storage services that would have previously been off limits from a security standpoint. Consequently, ProtectV Volume provides organizations with an unparalleled ability to take advantage of the cloud’s flexibility to more quickly adapt to changing requirements. • Strengthen confidence in cloud deployments. Through its strong security and separation of duties, business management can have the confidence that sensitive data will remain secure, and that no category of users will be able to get to data without proper authorization.Part of the SafeNet Trusted Cloud FabricProtectV Volume is a part of the SafeNet Trusted Cloud Fabric™, a blueprint that equipsorganizations moving data, applications, and systems to the cloud with the trust and controlthey need to ensure security and compliance. SafeNet offers a modular approach that givesorganizations the flexibility to migrate to the cloud in the most effective and efficient manner,and according to their specific timeframes, business objectives, and security policies. SafeNetsolutions support traditional data centers, private clouds, public clouds, and hybrid cloudinfrastructures. As a result, SafeNet’s Trusted Cloud Fabric gives enterprises a practical roadmapfor moving into the cloud, while leveraging the same technologies they know and trust fortheir private data centers. With the SafeNet Trusted Cloud Fabric, enterprises sustain optimalsecurity—while fully leveraging the breakthrough agility, elasticity, and efficiencies offered bythe cloud.About SafeNetFounded in 1983, SafeNet is a global leader in information security. SafeNet protects itscustomers’ most valuable assets, including identities, transactions, communications, dataand software licensing, throughout the data lifecycle. More than 25,000 customers acrossboth commercial enterprises and government agencies and in over 100 countries trust theirinformation security needs to SafeNet.Contact Us: For all office locations and contact information, please visit www.safenet-inc.comFollow Us: www.safenet-inc.com/connected©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.All other product names are trademarks of their respective owners. ScG (EN)-02.01.11Securing Cloud Storage Security Guide 3