In
today's world more and more companies are considering the transition to
the cloud , and many stops on the choice of such a path is the only
issue - the issue of data protection . And the source of this kind of concern are the representatives of
business and security departments , traditionally suspicious of anything
new , especially if it is associated with a decrease or increase in the
control list of persons admitted to the data .In this case the specific tasks that are put before the service
provider - is to ensure protection of data from access by any customer
is not authorized persons , whether employees of the service provider or
by any third parties whose access to the data of the customer considers
undesirable .As
a solution to this problem seems obvious way encryption of all data
residing in the cloud, however, is how to implement encryption, where
traditional solutions are or are not supported in a virtual environment (
such as bitlocker for boot disks ) or not supported ( such as free
truecrypt ) , and most importantly - create a huge management overhead to ensure their efficiency.However , few people know that there are corporate solve this problem ,
which combines high security with ease of operation and use.As a solution for encrypting data in the cloud , we offer the use of
the product SecureCloud company Trend Micro, a company with a worldwide
reputation, the main profile of activity is corporate security .This
solution provides controlled data encryption customers located in
public clouds , and is compatible with most available types of public
clouds , including clouds VMware vCloud, that we use. Also , this solution is compatible with most operating systems which may be used in the virtual machines.Solution
is provided directly by TrendMicro model SaaS, which allows on the one
hand , to keep the customer's convenience for the cloud approach to IT-
services , billing model with " subscription " , no need to create and
support their own servers , and for such a business - critical solutions
and ensure their high availability , and on the other hand , leaves
the encryption key management and access to data outside the control of
the service provider .The
model assumes the use of solutions that drives the virtual machines are
encrypted using encryption keys that are stored in the system
SecureCloud. Through a system of processes initiated SecureCloud encryption or decryption of the initial protected discs. When you try to access the data by querying the system SecureCloud, in
which , depending on the policies defined by the system , is either an
automatic one-time issuance of the encryption key to decrypt the data
(for example, for booting OS ) or issuance of a key only after
administrator approval .For
use in the cloud , it is important that the possibility of using
automatic key policies allow , on the one hand, to increase the
availability of services excluding reaction time administrator of the
client processes the machine is rebooted , for example, in the case of
hardware failures and triggering automatic reboot machines to other
servers in the cases concerted
plan of works related to reboot the machine in the maintenance window ,
while maintaining the inability to obtain any software key , except the
protected operating system or outside the specified operating
conditions , inability to access the offline copies of data and the
ability to discontinue automatic key .In this article we will not delve into the study of encryption mechanisms used , their reliability and etc. and raise hollywar- s such subjects. Virtually
all modern solutions to meet the needs of data encryption typical
customer cloud providers , and the primary goal of the system of
protection is not the target of limiting the use of the data, not the
opposition attempts to decrypt the state secrets to foreign intelligence
agencies. More information on the details of the technology used can be explored on the Internet. Highlights that we pay attention - this control mechanisms and integration with existing systems and processes.Architectural
solution consists of a control system , provided as a service to access
the management console and agents installed on the protected virtual
machines. Management Console SecureCloud available on web at
console.securecloud.com / and looks typical of most web console and the
agent is available for download from the company website trendmicro.Primarily
for use by the service user accounts are created , who will manage the
encryption and tolerance to encrypted data (including access policies
and requests for access).
SecureCloud also can be connected to the installation DeepSecurity security checks to ensure the machine from viruses before deciding whether to grant size:
To start using the system, you must install the agent on a virtual machine and connect it to the control system. At the same time using the specified settings in the key management system virtual machine will be automatically added to the Inventory:
Also, you can initiate the initial data encryption (you can do this in the future via the management console):
After configuring the appropriate entry is made available via the management console, the progress of encryption is also reflected in the console:
If necessary , you can export the keys for safe keeping to the backup media and import .After completing the data on the drives are fully encrypted with a key stored in the system only SecureCloud RAM and OS virtual machine . For managing access to the keys used policies that allow us to determine the conditions under which there is an automatic or manual issuance , or revocation of the encryption key. As conditions in addition to common , such as ip address of the client can be used antivirus options TrendMicro:
As a possible action on request - manual or automatic approval or denial of a key
Also, there is the possibility of inclusion of periodic consistency check machine conditions specified in the policy, using the specified actions if conditions change.
When downloading an encrypted machine before OS is loaded agent that installing a secure connection with system SecureCloud, produces the key request to access data:
Further, in accordance with established policies, is either automatic key or the system prompts you to SecureCloud key, requiring a manual response:
Following the approval of key system continues to boot.
To ensure a rapid response, the system supports a flexible mechanism SecureCloud notifications about events that require your response:
All information about the events and actions taken on the system either manually or automatically , is available for viewing via logging or to create regular reports .Easy to start and use and , at the same time , a high level of control and security , in our opinion , make this system preferable for use by companies , on the one hand are interested in protecting their data from unauthorized access of any kind, and on the other hand , are interested in the convenience and business - effectiveness of cloud services as a replacement or to expand their own IT infrastructure.
SecureCloud also can be connected to the installation DeepSecurity security checks to ensure the machine from viruses before deciding whether to grant size:
To start using the system, you must install the agent on a virtual machine and connect it to the control system. At the same time using the specified settings in the key management system virtual machine will be automatically added to the Inventory:
Also, you can initiate the initial data encryption (you can do this in the future via the management console):
After configuring the appropriate entry is made available via the management console, the progress of encryption is also reflected in the console:
If necessary , you can export the keys for safe keeping to the backup media and import .After completing the data on the drives are fully encrypted with a key stored in the system only SecureCloud RAM and OS virtual machine . For managing access to the keys used policies that allow us to determine the conditions under which there is an automatic or manual issuance , or revocation of the encryption key. As conditions in addition to common , such as ip address of the client can be used antivirus options TrendMicro:
As a possible action on request - manual or automatic approval or denial of a key
Also, there is the possibility of inclusion of periodic consistency check machine conditions specified in the policy, using the specified actions if conditions change.
When downloading an encrypted machine before OS is loaded agent that installing a secure connection with system SecureCloud, produces the key request to access data:
Further, in accordance with established policies, is either automatic key or the system prompts you to SecureCloud key, requiring a manual response:
Following the approval of key system continues to boot.
To ensure a rapid response, the system supports a flexible mechanism SecureCloud notifications about events that require your response:
All information about the events and actions taken on the system either manually or automatically , is available for viewing via logging or to create regular reports .Easy to start and use and , at the same time , a high level of control and security , in our opinion , make this system preferable for use by companies , on the one hand are interested in protecting their data from unauthorized access of any kind, and on the other hand , are interested in the convenience and business - effectiveness of cloud services as a replacement or to expand their own IT infrastructure.
No comments:
Post a Comment