The Vormetric Data Firewall for Amazon Web Services (AWS) provides layered protection for your sensitive information within AWS hosted systems. The solution starts by encrypting data at the file system level. Fine-grained, centrally managed access policies define processes and users for whom data is decrypted, and deny access to all others. For instance – decrypting a database table for a database process and user, but allowing a root user or domain admin to see only an encrypted block. The result, no changes to operation of applications or system management are required. Privileged users (even AWS cloud administrators) can manage systems without risk of exposure to protected information. Data is further protected with Security Intelligence information in Security Information and Event Management (SIEM) compatible logs. Revealing unauthorized access attempts, and unusual access patterns within authorized accounts that may indicate a malicious insider attack, or an account compromised by an Advanced Persistent Threat (APT).
When implementing solutions within Amazon Web Services, organizations have the same needs for data protection as any enterprise on premise installation, but with the added complication of a shared multi-tenanted underlying infrastructure that is no longer under their direct control. These needs include:
Vormetric’s data-centric security approach incorporates encryption with integrated key management, access policies to protected data with privileged user controls, security intelligence data about protected data access, automation for policy management and deployment of data protection as well as multi-tenancy features. In effect, this creates a data firewall. Key benefits of this approach include a single solution that protects structured data within databases, as well as unstructured file system data, transparent operation that requires no changes to business or operational processes; easy implementation; and the ability to separate user access and define policies to meet compliance and data protection requirements. Core capabilities include:
With commercial tools, such as Vormetric, you can actually give certain people certain access without root-level privileges. You can encrypt your data in storage to set up roles of who actually gets to see the data. The admins can do their jobs, and they don’t get access to any data files.
former CISO at the CIA
GovInfoSecurity – June 21, 2013