I may not have had the opportunity to attend the AWS Summit last week, but that didn't "completely" stop me from following "some" of the action throughout the show. I was able to connect with one of the event's sponsors, who happens to be here in my neck of the woods in Austin, TX. Gazzang, a company that provides data security solutions and expertise to help enterprises protect sensitive information and maintain performance in big data and cloud environments, unveiled new technology for the AWS platform during last week's show. So I reached out to David Tishgart, the company's senior director of marketing and business development, to find out more.
VMblog: Last week sounded like a busy week for your company. What did you guys announce?
David Tishgart: Last week at AWS Summit, Gazzang launched a portfolio of Amazon
Machine Images (AMIs), called CloudEncrypt, that come pre-built with
encryption, key management, access controls and a host of other security best
practices baked in. The solutions were developed to help organizations move
sensitive workloads into the public cloud and grow their environments as
business demands warrant, all while having the confidence that the data and
applications are secure and protected against unauthorized access.
VMblog: If you would, explain why a customer might need this.
Tishgart: Let's say you want to run a genomics project in the public
cloud using some sensitive datasets (tissue samples, identifiable DNA,
beta-stage drug treatments). Today, this information is either encrypted at the
client side and dropped into an S3 bucket, or uploaded in plaintext and then
batch encrypted later on in S3. While option one is fairly secure, there's not
much you can do compute-wise with encrypted data. Option two is a non-starter
for most companies, not to mention a potential HIPAA violation.
VMblog: So how does it work,
exactly?
Tishgart: We are taking a unique approach to cloud security by using
encryption, key management and access controls to ensure the integrity of the
image and protect the data itself. And because the cloud isn't static, we
designed the solutions to take on the traits of the cloud they're protecting.
That means the CloudEncrypt AMIs can scale to meet business needs and are
flexible enough to work across multiple cloud applications.
To that end, Gazzang CloudEncrypt enables the user to work
inside of an encrypted AMI on Amazon EC2. That means the cloud image itself is
encrypted and cannot be viewed by a cloud admin or any unauthorized third
party. It's also easy to provision as many instances as you need through the
AWS console or Elastic Beanstalk, so your security scales along with your
cloud.
VMblog: How does this fit into
Gazzang's larger product portfolio/strategy?
Tishgart: CloudEncrypt actually includes three new products and adds to
our existing portfolio of cloud security solutions for AWS. We are making a
significant investment in cloud security, so this is really just the tip of the
iceberg. Today we offer the following products under the CloudEncrypt umbrella:
- Gazzang CloudEncrypt for Amazon EC2 is the encrypted AMI I
mentioned earlier. From the AWS management interface a user can boot up a
secure Ubuntu image and choose from a variety of SQL and NoSQL databases. So
right away, you've got at-rest encryption, key management, process-based access
controls and several other cloud security best practices baked right in. This
means you don't need to be a cloud security architect to enjoy a secure cloud
environment.
- We also have a CloudEncrypt solution for AWS Elastic Beanstalk
for those who want to auto-scale their cloud environment, and frankly, who
wants to do it manually? With Elastic Beanstalk, users can get the exact same
configuration for each node that requires encryption. So if you want to quickly
go from five nodes of encrypted Mongo to fifty nodes, you can do that through
CloudEncrypt for AWS Elastic Beanstalk.
- Research organizations -- especially those who run grid
large-scale compute jobs on Amazon -- can use CloudEncrypt for StarCluster,
to secure highly sensitive workloads.
- And rounding out the CloudEncrypt solutions is CloudEncrypt for
Amazon EMR, which provides data encryption and key management at every stage of
the Amazon Elastic MapReduce data lifecycle. You can think of this like a
secure Hadoop as a Service offering.
VMblog: Where is data security headed in light of the recent NSA/Edward Snowden revelations?
Tishgart: US-based cloud providers are facing an uphill PR battle --
particularly with international customers -- following the latest Snowden
revelations. But what many of the most cloud-resistant organizations don't
realize is that even in the public cloud, it is possible to encrypt and control
who can access your data. In fact, the cloud in some cases can be the safest
place for your data.
There are a number of things an organization can do to protect
their data in the cloud, but encryption and key management must be at the top
of the list. Even
Snowden would agree on that.
##
Once again, a special thank you to David Tishgart, senior director of marketing and business development at Gazzang, for taking time out to speak with VMblog.