Virtualization Technology News and Information
Q&A: Interview with Gazzang, Talking Amazon Public Cloud Security

I may not have had the opportunity to attend the AWS Summit last week, but that didn't "completely" stop me from following "some" of the action throughout the show.  I was able to connect with one of the event's sponsors, who happens to be here in my neck of the woods in Austin, TX.  Gazzang, a company that provides data security solutions and expertise to help enterprises protect sensitive information and maintain performance in big data and cloud environments, unveiled new technology for the AWS platform during last week's show.  So I reached out to David Tishgart, the company's senior director of marketing and business development, to find out more.

VMblog:  Last week sounded like a busy week for your company.  What did you guys announce?

David Tishgart:  Last week at AWS Summit, Gazzang launched a portfolio of Amazon Machine Images (AMIs), called CloudEncrypt, that come pre-built with encryption, key management, access controls and a host of other security best practices baked in. The solutions were developed to help organizations move sensitive workloads into the public cloud and grow their environments as business demands warrant, all while having the confidence that the data and applications are secure and protected against unauthorized access.

VMblog:  If you would, explain why a customer might need this.

Tishgart:  Let's say you want to run a genomics project in the public cloud using some sensitive datasets (tissue samples, identifiable DNA, beta-stage drug treatments). Today, this information is either encrypted at the client side and dropped into an S3 bucket, or uploaded in plaintext and then batch encrypted later on in S3. While option one is fairly secure, there's not much you can do compute-wise with encrypted data. Option two is a non-starter for most companies, not to mention a potential HIPAA violation.

VMblog:  So how does it work, exactly?

Tishgart:  We are taking a unique approach to cloud security by using encryption, key management and access controls to ensure the integrity of the image and protect the data itself. And because the cloud isn't static, we designed the solutions to take on the traits of the cloud they're protecting. That means the CloudEncrypt AMIs can scale to meet business needs and are flexible enough to work across multiple cloud applications.

To that end, Gazzang CloudEncrypt enables the user to work inside of an encrypted AMI on Amazon EC2. That means the cloud image itself is encrypted and cannot be viewed by a cloud admin or any unauthorized third party. It's also easy to provision as many instances as you need through the AWS console or Elastic Beanstalk, so your security scales along with your cloud.

VMblog:  How does this fit into Gazzang's larger product portfolio/strategy?

Tishgart:  CloudEncrypt actually includes three new products and adds to our existing portfolio of cloud security solutions for AWS. We are making a significant investment in cloud security, so this is really just the tip of the iceberg. Today we offer the following products under the CloudEncrypt umbrella:


  • Gazzang CloudEncrypt for Amazon EC2 is the encrypted AMI I mentioned earlier. From the AWS management interface a user can boot up a secure Ubuntu image and choose from a variety of SQL and NoSQL databases. So right away, you've got at-rest encryption, key management, process-based access controls and several other cloud security best practices baked right in. This means you don't need to be a cloud security architect to enjoy a secure cloud environment.
  • We also have a CloudEncrypt solution for AWS Elastic Beanstalk for those who want to auto-scale their cloud environment, and frankly, who wants to do it manually? With Elastic Beanstalk, users can get the exact same configuration for each node that requires encryption. So if you want to quickly go from five nodes of encrypted Mongo to fifty nodes, you can do that through CloudEncrypt for AWS Elastic Beanstalk.
  • Research organizations -- especially those who run grid large-scale compute jobs on Amazon -- can use CloudEncrypt for StarCluster, to secure highly sensitive workloads.
  • And rounding out the CloudEncrypt solutions is CloudEncrypt for Amazon EMR, which provides data encryption and key management at every stage of the Amazon Elastic MapReduce data lifecycle. You can think of this like a secure Hadoop as a Service offering.


VMblog:  Where is data security headed in light of the recent NSA/Edward Snowden revelations?

Tishgart:  US-based cloud providers are facing an uphill PR battle -- particularly with international customers -- following the latest Snowden revelations. But what many of the most cloud-resistant organizations don't realize is that even in the public cloud, it is possible to encrypt and control who can access your data. In fact, the cloud in some cases can be the safest place for your data.

There are a number of things an organization can do to protect their data in the cloud, but encryption and key management must be at the top of the list. Even Snowden would agree on that.



Once again, a special thank you to David Tishgart, senior director of marketing and business development at Gazzang, for taking time out to speak with VMblog.

Published Monday, March 31, 2014 7:09 AM by David Marshall
Q&A: Interview with Gazzang, Talking Amazon Public Cloud Security (VMBlog) | NMS Test - (Author's Link) - April 1, 2014 7:11 PM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2014>