In 2011, government information security practitioners face increased scrutiny on both performance and budget. Constraints
due to slashed budgets, potential governmental shutdowns and a
consistent barrage of new threats on sensitive networks, has many
concerned for the risks faced by their organization. Cloud
computing raises some pretty vexing questions when it comes to
security. Some challenges are shared by most federal agencies. Today,
issues of risk, information/data privacy, and compliance are the chief
inhibitors to most federal agencies’ adoption of cloud services in both
public and private clouds. Enforcing security policy, data loss
prevention, and multi tenant environments are amongst the greatest
reservations about cloud computing. Therefore, delivering cloud
solutions that meet federal tenants’ mission requirements and enable
cross-domain/agency information sharing is an invaluable asset.
Understanding how to effectively safeguard data in the cloud, federal
agencies can begin to fully maximize the potential of cloud offerings to
enhance the efficiency of government operations, improve performance,
and provide better service to the American people.
-
Securing Government Data in Cloud Environments
- SafeNet offers a range of solutions that enable
organizations to harness the business benefits of cloud services,
without making compromises in security. With SafeNet ProtectV solutions,
organizations can leverage the cloud for applications that would have
previously been off limits from a security standpoint. The SafeNet
ProtectV product family features these two solutions:
ProtectV Instance:
ProtectV Instance enables organizations to encrypt and secure entire
contents of virtualized machine (VM) images, protecting these assets
from theft or exposure.
ProtectV Volume:
With ProtectV Volume,security teams can encrypt entire storage volumes
in remote cloud deployments, ensuring cloud data is isolated and
secured—even in shared, multi-tenant cloud environments used for
application hosting, data storage, or disaster recovery.
- ProtectV solutions are built on proven SafeNet
technologies, while extending robust security capabilities to the new
demands of cloud environments. SafeNet offers a full suite of integrated products to address the key requirements needed to secure virtual instances:
Data isolation: With
ProtectV, security teams can logically separate the volumes and virtual
instances that hold sensitive data from other areas in the environment.
In addition, these solutions enable organizations to implement
safeguards against potential hackers who might breach cloud hypervisors,
and from the cloud super-users who administer the virtual environment.
Separation of duties: ProtectV enables security
teams to separate administrative responsibilities for specific instances
and volumes from the cloud super-users who control the larger virtual
environment. The solution offers controls for ensuring that any one
administrator can’t abuse his or her privileges. For example, using
approaches like “M of N separation”, organizations can require that
multiple administrators must always conduct such critical administrative
tasks as policy changes and key export.
Cloud compliance: ProtectV offers the core
confidentiality and integrity controls that are key requirements for
ensuring compliance with regulatory mandates, including version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes rules on safeguarding payment data in virtual environments.
Strong pre-launch access authentication. Featuring
password-based protection at the user level, ProtectV enables
authentication controls over which resources can be accessed, when, and
by whom.
Multi-tenant protection: With ProtectV’s
comprehensive, robust capabilities, organizations can ensure that, even
in shared, multi-tenant cloud environments, administrators gain the
visibility and controls they need to safeguard sensitive assets.
Featuring support for robust encryption algorithms,
including FIPS-approved AES 256 and 3DES, ProtectV can be deployed in
VMware and Xen virtualized environments, as well as Amazon Web Services
clouds.
View Specification
Resource Library