In the cloud era, AWS and Azure security alone is not enough | Business + IT

By : ilikephone / On : 03/05/2022

Open / Close Button User Menu User Menu Content
Login

Solving business issues by integrating IT and management

What is Business + IT?

Login

New member registration

E-mail newsletter registration

What is Business + IT?

  • Sales Strategy
  • Cost reduction
  • Organizational reform
  • Production / manufacturing
  • crisis management
  • compliance
  • Energy saving and environmental friendliness
  • By industry / scale
  • Core system
  • Information system
  • Operation management
  • Security
  • network
  • mobile
  • hardware
  • development
  • Related genres

    Content provided by Winmagic

    In the cloud era, the reason why AWS and Azure security alone is not enough

    Many companies are now using or considering migrating to cloud services (IaaS / PaaS) such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform. However, if you believe that it has "reduced the security burden", it is recommended that you check the SLA of the cloud service you are using again. The more you use the cloud, the more likely it is that security issues are actually becoming more complex.

    The use of the cloud in enterprises will be unstoppable. In the past, mission-critical systems and mission-critical systems, which were naturally on-premises, are no exception. However, the trend toward cloud computing also poses new challenges for corporate IT. The representative is security. The concept of security and the measures required are different between on-premises and the cloud. One example is AWS, said James Lapalm of WinMagic, a security company known for its unique encryption technology. "AWS is responsible for the security of its own cloud and implements high security measures, but the customer is responsible for the inside of the cloud, that is, data, applications, OS, virtual machines, networks, etc. The SLA states that you must have one. It's easy to think that using the cloud will shift your security responsibilities to the cloud operator, but that's not the case. "(La Palm) AWS is its own IaaS. Responsible for the security of the CPU, memory, storage, database, network, etc. provided. However, it is not (or cannot) responsible for the security of the virtual machines, databases, applications, etc. that the customer runs on it. Therefore, even if a vulnerability in a database running on a virtual machine is attacked and personal information or sensitive information is leaked, it is the customer's responsibility. Of course, the situation is the same for other cloud services. Moreover, in the future, a mixed environment of on-premises, private cloud, and public cloud will become commonplace. Even if you are not a security expert, you can easily imagine how difficult it is to ensure high security. WinMagic, a company specializing in disk encryption software, was founded in 1997 to tackle these problems. The company is a company that features "pre-boot network authentication" that authenticates users via wireless or wired networks before the PC boots, and its own encryption technology. Originally, the company specializes in endpoint security. It has been introduced on a large scale in government agencies in Japan and in the Department of Defense and the National Security Agency in the United States, and boasts a track record of introduction to about 9 million endpoints worldwide. WinMagic has developed and provided two solutions, "SecureDoc Cloud Sync" and "SecureDoc Cloud VM", to solve the above-mentioned cloud security issues. Released in November 2015, "SecureDoc CloudSync" is an encryption service that supports enterprise-level file synchronization / sharing services (EFSS: Enterprise File Sync and Share) such as Dropbox, OneDrive, and Google Drive. Since the data is encrypted before it is stored in the cloud, the risk of information leakage on the cloud can be reduced. The other is "SecureDoc Cloud VM" released in May 2016. This is an IaaS-specific encryption service that enables encryption of virtual machines and virtual storage / servers on VMware, Microsoft Azure, Amazon AWS, Microsoft Private Cloud, and Citrix private / public clouds. do. The coverage rate of IaaS has already exceeded 90%. Lapalm explains the company's strategy: "We provide encryption to all data that needs to be encrypted, wherever it is. We have already provided encryption to over 9 million endpoints, but now we have cloud and servers. SecureDoc CloudSync will be a file synchronization / sharing service for enterprises, and SecureDoc Cloud VM will be a solution that provides encryption functions for IaaS cloud services. "(La Palm)" SecureDoc CloudSync " What both "SecureDoc Cloud VM" and "SecureDoc Cloud VM" have in common is the management of the keys used for encryption. "With SecureDoc CloudSync and SecureDoc CloudVM, companies can centrally manage the keys used for cloud encryption. Consistent encryption for multiple clouds, even if the cloud does not have an encryption function. In addition, since the company manages the key, it is possible to protect the data even if the cloud service you are using is damaged by hacking etc. "(Mr. Lapalm) For companies that are already using IaaS, SecureDoc Cloud VM will be a concern. This is a solution that supports the encryption of virtual machines running on IaaS specialized for IaaS, and has a function that can grasp which part is encrypted and how it is encrypted by the key management function. As mentioned above, the key can be centrally managed by the company, and it also supports virtual machine encryption based on scenarios such as automatic scaling, cloning, migration, backup, and disaster recovery. It also has the ability to understand the encryption status of individual virtual machines and create visual reports. In addition, it also has a secure deletion function that ensures the security of data by removing the key when deleting a virtual machine that is no longer needed. Lapalm explains that it's not a problem at all, whether it's a performance you care about. “Clone virtual machines require resources, but we tested on AWS and found that the resources needed for encryption were about 1% of the resources needed for the entire task. Is a very good number compared to other companies. Also, in the case of other companies, if a virtual machine is cloned, moved, or duplicated, decryption and re-encryption will be required, but SecureDoc CloudVM doesn't have to do that, so you can get high performance. In addition to the method of encrypting the entire area (default), you also have the option of encrypting only the area that is actually used. (However, files saved after encryption are also automatically encrypted.) We hope that by accelerating the introduction of encryption, more users will be able to use this function and confidential data will be protected. (Mr. Lapalm) In addition to the above five, there are plans to support three, "IBM Softlayer / Bluemix," "OpenStack," and "Google Cloud." If these are addressed, it will cover almost 98% of the cloud market. In Japan, but in the United States, many companies have already introduced SecureDoc CloudVM and have achieved good results. “We have customers in the healthcare field who use a combination of many servers and private / public clouds. With our solution, we are now able to centrally manage encryption keys in-house. It's also a big achievement to be able to delete instances that are no longer in use and ensure that the data is disabled. "(La Palm) Certainly, when the virtual machine is no longer needed, delete the virtual machine, and then One of the great benefits of SecureDoc Cloud VM is that you can remove the key to secure your data. From the perspective of data lifecycle management, it seems that the benefits are great. It is expected that similar encryption solutions will appear in Japan in the future, but Lapalm explains the company's strengths as follows. “Our strengths are three. One is that we can provide encryption for both endpoints and the cloud. In particular, we can centrally support multiple clouds such as AWS and Azure, and more than 90% of the cloud market. The second is performance. Our unique technology realizes high performance that can be used without being aware of encryption. The third is intelligent processing. That is, while other companies can control the on / off of encryption, in our case, we can change the level of encryption depending on the region and control the encryption according to the policy. "(LaPalme) Multiple SecureDoc Cloud VM that can centrally manage encryption keys across the cloud. The simple concept has great merits not only for general companies but also for government-affiliated institutions, medical care, finance, and universities. Even for companies and organizations that could not take advantage of the cloud due to the lack of a unified encryption mechanism, it will be an opportunity to shift to the cloud. If encryption is currently an issue in the use of the cloud, please consider it.

    To List

    To List

    To List

    PR

    SB Creative Co., Ltd.

    Business + IT is operated by SB Creative Corp. of SoftBank Group.

    Copyright © SB Creative Corp. All rights reserved.

    By registering as a business + IT member, you can subscribe to member-only content and e-mail newsletters, and invite you to special seminars!

    Registration merit Member registration (free)