Townsend Security Data Privacy Blog

Simplified Encryption Key Management in Virtual Environments

Posted by Liz Townsend on Jul 22, 2013 2:38:00 PM

Businesses are virtualizing their IT infrastructure to save time, money, and manage many other resources that often go unused in IT environments. Virtualization of data centers evolved from the basic principles of resource sharing used in hosting and cloud environments. Virtualization enables businesses to have more efficient data center operations. With multiple operating systems running on a single server, multiple applications can also run on that server which in the long run allows a company to reduce the number of servers that they run and maintain. 

VMware encryption key management

However, virtualization introduces new security concerns for companies that must protect sensitive data. Because virtualization allows businesses to run multiple applications on the same server, the encryption of sensitive data must work in conjunction with the virtualization platform. For businesses such as retailers and banks who run payment and financial applications on virtualized operating systems, they must encrypt sensitive credit card and financial information on their virtualized platforms, which requires a specialized third-party security solution.

Previously, companies would encrypt data on a server by server basis, using a single key management server to securely provide encryption keys to multiple servers on the network. The new infrastructure that virtualization brings into play, however, has caused encryption key management to need a different approach. New security concerns such as shared disk storage, network infrastructure, processing CPU components, need to be addressed.

Townsend Security has addressed the concerns in a new version of our encryption key manager, Alliance Key Manager for VMware. Alliance Key Manager for VMware is a NIST and Payment Card Industry (PCI) compliant virtual instance, identical to our original Alliance Key Manager hardware security module (HSM) that is in use by over 3,000 customers worldwide.

Simplified and Cost Effective Data Security

If you’re trying to reduce costs by moving to virtualized environments, implementing powerful data security that helps you meet compliance regulations doesn’t have to negate those efforts. Just like you choose virtualization to reduce costs in the long run, you can choose an encryption and key management solution that does the same, at a lower upfront cost. Townsend Security’s Alliance Key Manager for VMware is a specialized version of our key manager that allows you to encrypt data and securely manage encryption keys in a virtualized environment.

Alliance Key Manager for VMware manages encryption keys throughout the key lifecycle from the generation of those keys to their activation and use all the way through to retirement and deletion of keys.

Meet Compliance Regulations

Key management complianceBy themselves, applications running VMware aren’t PCI compliant. Companies using VMware to reduce costs and consolidate their IT infrastructure still need to take responsibility for their own PCI compliance. Thankfully, VMware has made achieving PCI compliance through third-party security solutions easy with open architecture and standard APIs. VMware also recognizes the need for security in virtualized environments and has gone so far as to team up with CoalFire, a QSA auditing firm to publish guidelines for achieving PCI compliance in a virtual environment.

Many people believe that their hosting company is protecting their sensitive data. In actuality, it is never safe to assume your hosting company is doing this. Individuals and companies are responsible for protecting their own sensitive data. If you’re hosting in a virtualized environment, there are some hosting companies who have passed an infrastructure certification for compliance regulations, but they are few and far in between. In order to achieve compliance, businesses must review PCI standards and implement data security controls such as encryption and key management

Alliance Key Manager for VMware works in vCloud as well as any hosted environment that supports vCloud.  If you are moving your virtualized environment in the cloud, Alliance Key Manager for VMware will support this migration and can provide you with powerful encryption key management for the cloud.

Podcast: Virtualized Encryption Key Management

Topics: Encryption Key Management, VMware, Virtualized Encryption Key Management