+1.800.357.1019

+1.800.357.1019

Feel free to call us toll free at +1.800.357.1019.

If you are in the area you can reach us at +1.360.359.4400.

Standard support
6:30am - 4:00pm PST, Monday - Friday, Free

Premium support
If you own Townsend Security 24x7 support and
have a production down issue outside normal
business hours, please call +1.800.349.0711
and the on-call person will be notified.

International customers, please dial +1.757.278.1926.

Townsend Security Data Privacy Blog

SlimTrader Says: "Alliance Key Manager is a Godsend!"

Posted by Liz Townsend on Sep 8, 2014 1:59:00 PM

Protecting sensitive data stored in Amazon Web Services (AWS) is a major priority for SlimTrader, a company helping businesses and individuals in Africa complete secure transactions via mobile ecommerce solutions. SlimTrader chose AWS to host their extensive database of users based on their ability in AWS to reduce costs and scale up as their business grows. The challenge, however, was to find an encryption and encryption key management solution that also featured low initial costs and could scale as well.

Encryption Key Management AWSImplementing strong encryption and key management in the cloud has been a major challenge in the past. Recently, AWS released the AWS CloudHSM; however, the high startup costs for implementing this encryption key management solution as well as its limitations made this solution an impractical fit. That’s why SlimTrader chose Alliance Key Manager for AWS.  According to Martin Pagel, CTO of Slim Trader:

“Our main challenge is that we’re cloud based, so we can’t use an HSM because we don’t have a physical IT infrastructure. We want to do it the right way, and do it in the cloud. With Alliance Key Manager for AWS I can deploy encryption key management the way I want, and I don’t have to ask anyone in Amazon for help.”

Alliance Key Manager not only scales to meet your business needs, but also gives you complete administrative control over your own virtual key server. Having this level of control is critical in a cloud environment where you may not be sure who you are sharing resources with. Alliance Key Manager also uses the same FIPS 140-2-compliant encryption key management and NIST-validated AES encryption service found in Townsend Security’s HSMs so that you can provably meet compliance requirements for several industry security regulations. Meeting compliance requirements is important to SlimTrader and many of their larger customers.

Overall, Townsend Security helped SlimTrader achieve their security goals and overcome security challenges in four major ways:

  • Making encryption and key management in AWS easy. For many businesses, moving their data to the cloud is simply more practical than assembling an internal IT department. It is also significantly easier.  “The ease of firing up an AKM cloud instance and having control over it appeals to me,” said Pagel, “And I don’t have the limitations of needing to install a physical box.”
  • Making encryption and key management in AWS affordable. SlimTrader also chose AKM for AWS for affordability. With Alliance Key Manager for AWS, SlimTrader is taking advantage of Townsend Security’s no end-point license fee model that will allow them to grow without burdening their budget. For strong data security to become ubiquitous, and for data breaches to become fewer, encryption and key management must become affordable. With AKM for AWS, small businesses such as SlimTrader can lead the way in data breach prevention.
  • Providing encryption and key management that works with their applications. SlimTrader needed a key management solution that would work seamlessly with MySQL and Drupal in AWS. Alliance Key Manager is designed from the ground up to integrate with many platforms, applications, and databases and can protect encryption keys for data encrypted at the application level.
  • Certified Solutions. SlimTrader works with several banks and government agencies in Africa who consider PCI compliance important. “When we manage data on their behalf, we need to manage it securely,” says SlimTrader CTO Martin Pagel. FIPS 140-2 compliance is critical for many organizations who must meet government standards, and important for businesses that want provably defensible encryption key management.  Alliance Key Manager also provides onboard NIST-validated AES encryption service. This service allows you to provably meet compliance regulations for encryption.

To see for yourself how easy encryption and key management can be in Amazon Web Services, download a free 30-day evaluation.

Encryption Key Management AWS

Topics: Amazon Web Services (AWS), Case Study

Encrypting Data In Amazon Web Services (AWS)

Posted by Patrick Townsend on Aug 28, 2014 9:31:00 AM

Amazon Web Services is a deep and rich cloud platform supporting a wide variety of operating systems, AWS services, and third party applications and services. It is a bewildering array of capabilities with lots of places to store sensitive data. Let’s explore some of the ways that our Alliance Key Manager solution helps AWS customers and partners protect this data. This is a bird’s eye view, and we’ll dive into this in more depth in future blogs:

Amazon AWS Services

Encrypting data in AWS - What You Need to KnowAmazon Relational Database Service (RDS)
Alliance Key Manager provides encryption key retrieval and an on-device encryption service to make it easy for your applications to encrypt data in RDS. Townsend Security SDKs can easily be used to provide encryption at the application layer.

Amazon Simple Storage Service (S3)
Alliance Key Manager lets you retrieve 256-bit AES keys in Base64 encoded format ready for use with RDS customer supplied encryption key services. You can easily deploy an AKM dedicated key management service to support encrypting and decrypting files in S3 storage.

Amazon Elastic Block Storage
Amazon Machine Instances (AMIs) provide access to EBS for simple unstructured storage requirements. Townsend Security SDKs can easily be used to provide encryption at the application layer.

Amazon DynamoDB (NoSQL)
The AWS NoSQL implementation does not provide encryption services, but you can easily implement encryption at the application layer using the Townsend Security SDKs. With support for many programming languages you can implement the encryption and key management services you need to meet compliance regulations.

Application Databases:

Microsoft SQL Server
Alliance Key Manager includes a license for Townsend Security’s Key Connection for SQL Server application that supports Transparent Data Encryption (TDE) and Cell Level Encryption for Enterprise edition. This EKM provider installs in your Windows SQL Server environment and enables encryption without any programming. For SQL Server Standard and Web Editions Alliance Key Manager includes a license for the Townsend Security Windows Client for snap-in encryption support.

Oracle Database
Oracle Database encryption support is provided through SDKs that are free of charge with Alliance Key Manager. Java, Perl, PHP, Python, Ruby and C# SDKs and sample code enable rapid deployment of encryption in Oracle environments. Sample PL/SQL code is also available for Oracle Linux platforms.

MySQL, SQLite, PostgreSQL, etc.
Open source database encryption support is provided through SDKs that are free of charge with Alliance Key Manager. Java, Perl, PHP, Python, Ruby and C# SDKs and sample code enable rapid deployment of encryption in these environments.

Software SDKs for Amazon Web Services:

A rich set of application SDKs are available for many programming languages. These SDKs provide support for Java, Microsoft .NET languages (C#, VB.NET, etc.), Perl, Ruby, Python, PHP, and others. These SDKs are provided at no charge to Alliance Key Manager customers.

Application Plugins for Amazon Web Services:

Drupal Encryption and Key Management
Alliance Key Manager integrates naturally with the Drupal web CMS using the Drupal Encrypt module and Townsend Security’s Key Connection for Drupal module available on Drupal.org. Drupal users can retrieve encryption keys for use with local encryption, or use the Alliance Key Manager Encryption Service to encrypt and decrypt data in the key manager with NIST-validated AES encryption.

SQL Server Transparent Data Encryption
Alliance Key Manager integrates directly into the Microsoft SQL Server Enterprise edition database to provide Transparent Data Encryption (TDE) support using the Townsend Security Key Connection for SQL Server application.

SQL Server Cell Level Encryption
Alliance Key Manager integrates directly into the Microsoft SQL Server Enterprise edition database to provide Cell Level Encryption support using the Townsend Security Key Connection for SQL Server application.

Encryption & Key Management in AWS

Topics: Alliance Key Manager, Encryption, Key Management, Amazon Web Services (AWS)

Encryption & Key Management for Amazon Web Services (AWS)

Posted by Patrick Townsend on Aug 18, 2014 11:37:00 AM

Security is the biggest barrier to cloud adoption, and encryption of sensitive data is the hardest part of security. Once you decide to encrypt your sensitive data, getting encryption key management right is the biggest challenge. Storing an encryption key in the same cloud instance with the protected data is faux security, and won’t pass the sniff test in any audit or review of security best practices. So, where do you store the encryption keys?

Encrypting data in AWS - What You Need to KnowIn Amazon Web Services (AWS), you now have a new key management option that perfectly fits the AWS architecture and usage model, enables security best practices such as Separation of Duties and Dual Control, and provably meets industry standards such as FIPS 140-2.

Alliance Key Manager for AWS extends our Cloud Service Provider support to the popular Amazon platform alongside our existing cloud support for Microsoft Azure, IBM Cloud, and VMware vSphere cloud platforms. For cloud users who need dedicated key management HSMs, our existing Alliance Key Manager Cloud HSM solution will serve AWS customers.

Alliance Key Manager for AWS uses the same FIPS 140-2 compliant technology as our network-attached hardware security module (HSM) solution. You can deploy the Alliance Key Manager AMI directly from the AWS Marketplace, and have a functional encryption key management solution dedicated to you and ready to use in SECONDS with an automatic 30-day evaluation license. You do not share any part of your key management with anyone else, and you have exclusive management of encryption keys. There is no aspect of key management administration that is under the control of Townsend Security, the cloud provider, or anyone else. There is no part of your encryption key that is shared with Townsend Security, and no dependence on any encryption service outside of your key management AMI.

Customers who register with Townsend Security get access to our encryption applications, SDKs, customer support, extended documentation, developer program, and optional Premium support. It’s the perfect AWS key management solution for both small organizations and large enterprises who want to deploy an affordable key management solution based on industry standards and certifications.

In addition to traditional key management, Alliance Key Manager for AWS implements Encryption-as-a-Service. You don’t have to retrieve an encryption key, perform encryption in your application, and then zero the encryption key. To minimize the chance of exposing the encryption key to loss, you can directly send data to the key manager and have it encrypted and returned to your applications. You leverage Alliance Key Manager’s NIST-validated AES encryption and the key never leaves the key manager.

Until now Amazon Web Service customers had no access to simple, affordable, and compliant encryption key management solutions. All of that has changed with Alliance Key Manager for AWS.

Enjoy.

Patrick

Topics: Alliance Key Manager, Amazon Web Services (AWS), Encryption Key Management

The Definitive Guide to AWS Encryption Key Management
 
Definitive Guide to VMware Encryption & Key Management
 

 

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all