Flexibility stressed for encryption and key management in the cloud

Virtustream,  an infrastructure-as-a-service (IaaS) provider focused on the enterprise, says the key to meeting demand for encryption in cloud services is to offer lots of options.

Virtustream, a Bethesda, Md., company that launched in 2009, has integrated multiple vendor's products in ways to support encryption of data at rest and in motion between the cloud and the customer's on premises applications or mobile systems. Its focus is on customers that often host large-scale ERP applications, and that include the likes of Goodyear Tires, Domino Foods and Kawasaki. One thing Virtustream has learned over time is that integrating encryption for such companies is best done as the "on-boarding" process begins to shift on-premises IT assets to the cloud.

"People rightly perceive certain risks when they're outsourcing to service providers," says Pete Nicoletti, chief information security officer for the IaaS provider. The challenge is to show that the IaaS virtual-machine-based data center can be at least as secure as the customer's data center and preferably more so, he points out.

[RELATED:VMware, Citrix and Microsoft virtual desktops get encryption security]

One tool that Virustream uses is Vormetric's data encryption and key-management software tailored for cloud environments.

Nicoletti says the process Virtustream typically follows is to install Vormetric in applications the enterprise has on site that might communicate with other customer applications in the cloud. The purpose is to ensure not only that data is encrypted but that only certain designated apps can access those that customers maintain in the Virtustream cloud.

Encryption key management plays a big role here, says Nicoletti, because "if you have the encryption keys, you have the keys to the kingdom."

The Vormetric data security management component is hosted in the Virtustream facilities and Nicoletti says experience has shown that customers are diverse in how they want their encryption keys to be managed. Some prefer the key escrow approach to key rotation, while others want to hold the keys, and some even let Virtustream manage -- or co-manage -- the keys in use. Virtustream has a "two-man rule" in which logging into the system requires two people.

Virtustream makes a point of ensuring all network connections and backups are encrypted, including virtual-machine images. The IaaS provider hopes this kind of effort will result in it becoming accredited under the federal government's FED RAMP.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags VirtustreambethesdaMicrosoftsecurityCloudWide Area Networkcloud computinginternetVMware

More about Citrix Systems Asia PacificIDGMicrosoftVMware AustraliaVormetric

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts