+1.800.357.1019

+1.800.357.1019

Feel free to call us toll free at +1.800.357.1019.

If you are in the area you can reach us at +1.360.359.4400.

Standard support
6:30am - 4:00pm PST, Monday - Friday, Free

Premium support
If you own Townsend Security 24x7 support and
have a production down issue outside normal
business hours, please call +1.800.349.0711
and the on-call person will be notified.

International customers, please dial +1.757.278.1926.

Townsend Security Data Privacy Blog

Encryption and Key Management for VMware Hosting Providers and MSPs

Posted by Luke Probasco on Jun 12, 2020 9:40:30 AM

VMware has become the most trusted name in on-premise computing infrastructure. Because of its ease of use and administration, reliability and security, VMware is able to provide exceptional services to small and large organizations alike. As these organizations move to the cloud, VMware hosting partners and managed service providers (MSPs) are able to service this market by providing off-premise deployments of VMware and an extensive array of VMware management and administrative services. For more information on how VMware hosting providers can better secure customer data, check out our "Definitive Guide - Encryption Key Management for VMware Cloud Providers" page.

Delivering Secure VMware Hosting with Encryption & Key ManagementI recently sat down with Patrick Townsend, Founder and CEO of Townsend Security, to talk about how Townsend Security is helping VMware hosting providers meet the challenge of encryption and encryption key management, while supporting the usage-based business model core to many of these hosting providers.  Additionally, Patrick discussed VMware architecture, VMware security, delivering compelling hosting & services, and compliance, standards, and encryption.

Hi Patrick. In recent years VMware has embraced the movement to the cloud with key partnerships with leading cloud service providers. What is less well known is that VMware has spawned and supports a broad set of hosting providers that serve local and regional markets. These VMware hosting providers also provide the expertise and managed services that many large cloud providers do not.

There are a fair number of VMware hosting providers and MSPs now with their own hosted, or cloud, platforms who are running VMware full stack implementations for their customers. Customers now have many options for managing their VMware infrastructure on premise or at a VMware hosting provider data center.  Many of these customers maintain both on-premise and hosted environments to meet their customers’ business needs. The VMware ecosystem is growing and resilient, and an important part of the IT services landscape.

Security has got to be essential for these hosting providers and MSPs. What do you think they are doing well and where could they use a little help?

Well, security is a core focus of VMware applications, and the security features have had a lot of time to mature. For example, VMware now offers encryption in several of their products. However, the deployment of proper encryption relies on support from third party KMS vendors. Realizing the importance of key management, VMware adopted the Key Management Interoperability Protocol (KMIP) standard, which allows vendors like Townsend Security to provide key management solutions that allow businesses to store and manage their encryption keys through their entire lifecycle.

Townsend Security is proud to help VMware hosting providers and MSPs implement encryption and do it the right way that matches their business model.

So, let’s spend a minute and discuss delivering compelling hosting and services.

VMware hosting providers and MSPs are rapidly changing the way that VMware customers are managing their IT infrastructure. These VMware partners are filling a services and support gap left by typical, large cloud service providers. Hosted VMware infrastructure, Disaster Recovery as a Service (DRaaS), automated backup and recovery, and expertise on demand provide compelling value to VMware end customers. Amazingly, many of these VMware hosting partners are providing a far more affordable solution than large Cloud Service Providers. Townsend Security’s Alliance Key Manager is filling the KMS gap for VMware hosting providers and MSPs by providing an Enterprise KMS system that matches the way they do business. Gone are the complexities of sourcing, deploying, licensing and administering a KMS for the VMware environment. Townsend Security empowers the VMware hosting provider with on-premise and customer premise solutions for every VMware KMS need.

There are a few strategies that these hosting providers and MSPs can use to secure customer data in VMware environments.  For example, data can still reside on-premises or in the cloud and be encrypted in VMs or in vSAN, or even through Virtual Trusted Platform Module (vTPM).  First, let’s cover On-Prem and the Cloud. 

Sure. Many VMware hosting providers and MSPs often are the experts who manage a customer’s on-premise VMware infrastructure. If you don’t have in-house expertise these partners can step up to help you. This means that the same security tools that are used at the hosting site need to be available at the customer site. This is a core part of the value that a VMware hosting provider and MSP provides to their customers - run VMware on-premise, on their cloud, or combine the two. Some VMware MSPs provide expertise and services to help their customers move to one of the larger cloud platforms. 

If you are a VMware hosting provider and you provide this type of service to help customers move to Microsoft Azure VMware Solution, Google VMware Cloud Engine, or IBM Cloud for VMware, or other full-stack VMware cloud service, we can help you with your KMS needs in the same way. 

Let’s circle back to how data is being encrypted in VMware

As a VMware hosting provider or MSP, you are able to quickly and easily deploy encryption of VMs for your customers with vSphere encryption. It is important to not forget about also deploying a KMS. The second most popular encryption option in a VMware environment is the encryption of vSAN virtual directories. The VMware architecture for key management for vSAN is the same vSphere KMS cluster configuration used for encrypting VMs. Encryption of vSAN storage is one of the great ways to protect databases in the VMware infrastructure. It can be expensive to upgrade Oracle, SQL Server or MongoDB to get encryption support, but you can easily provide encryption at rest by deploying these databases on encrypted vSAN storage at a fraction of the cost of an upgrade. And you can do encryption at rest for open source databases that do not directly implement encryption or proper key management. This includes MariaDB, PostgreSQL, SQLite and others.

Another option is to use OS encryption through the virtual trusted platform module (vTPM), right?

The Trusted Platform Module (TPM) chip is implemented on many Intel architecture servers and provides an additional level of encryption key protection in traditional server environments. Unfortunately, the TPM architecture works poorly in a VMware environment where workloads can move and migrate between servers. Thankfully, VMware came to the rescue with Virtual TPM (vTPM)!  By installing the appropriate vTPM drivers from VMware you can achieve TPM security that works natively with your VMware platform. vTPM also leverages the same vSphere KMS interface, so encryption and proper key management are easy to deploy.

How is Townsend Security helping VMware hosting providers and MSPs with encryption and key management? 

Townsend Security has been a VMware partner for many years.  Our KMS, Alliance Key Manager, is certified by VMware on all releases of vSphere and vSAN that support encryption. At Townsend Security we have worked hard to create a hosting provider/MSP program that takes the pain out of a KMS partnership. Most notably, if you provide VMware hosting services on a usage-based model, we will help you deliver a KMS for encrypted VMs and vSAN with the same model. For example, if you are charging your customers per virtual machine or per main memory, depending on how much you use, we will snap right in to your environment and help you deliver encryption of VMs and vSAN in the same way.We do this with no upfront fees, no annual license charges or separate maintenance fees, we just make it really simple to deploy and use for the VMware hosting provider.

Is there anything else that you would like to share about your partner program?

First, it is very easy and simple to get started with our partner program.  Just visit www.townsendsecurity.com/msp. If you are interested in more information, there is a short form to fill out. We make it extremely cost effective for hosting providers to deploy encryption and key management for their customers.  I’d also like to mention that our KMS is certified for every version of vSphere and vSAN that support encryption, is validated for PCI-DSS compliance, and has been through a FIPS 140-2 validation.

You can actually download Alliance Key Manager for VMware directly from our website and immediately load it into VMware.  We also have our support team ready to help you get deployed - without a charge. It just takes minutes. We are proud to have lowered the barrier to entry and administrative overhead typically associated with encryption key management - which makes it easier than ever for VMware hosting providers and MSPs to offer better security to their customers.

To hear this conversation in its entirety, download the podcast “Delivering Secure VMware Hosting with Encryption & Key Management” to hear Patrick Townsend, Founder and CEO, further discuss VMware architecture, VMware security, delivering compelling hosting & services, and compliance, standards, and encryption.

Delivering Secure VMware Hosting with Encryption & Key Management

Topics: Encryption Key Management, VMware, Hosting Providers

Encryption for VMware Hosting Providers and MSPs

Posted by Patrick Townsend on Jun 8, 2020 8:58:16 AM

This blog is an excerpt from the white paper Delivering Secure VMware Hosting with Encryption & Key Management.


Delivering Secure VMware Hosting with Encryption and Key ManagementVMware is the most trusted name in on-premise computing infrastructure. Its ease of use and administration, reliability and security provide exceptional services to small and large organizations alike. As organizations move to the cloud, there are now a large number of VMware hosting partners and managed service providers (MSPs) who provide off-premise deployments of VMware and an extensive array of VMware management and administrative services. This white paper discusses how Townsend Security is helping VMware hosting providers meet the challenge of encryption and encryption key management, while supporting the usage-based business model core to many of these hosting providers.

VMware Architecture and Benefits

The benefits of VMware in the data center are now well recognized. Reduction in hardware and utility costs, reduction in administrative costs, improvement in managing ever-changing workloads, resilience and business continuity, and exceptional security are just some of the primary benefits. This is why VMware is the leading infrastructure virtualization technology on a global basis.

In recent years VMware has embraced the movement to the cloud with key partnerships with leading cloud service providers. What is less well known is that VMware has spawned and supports a broad set of hosting providers that serve local and regional markets. These VMware hosting providers also provide the expertise and managed services that many large cloud providers do not. 

The growth of the VMware hosting provider eco-system provides important support for VMware customers. Customers now have many options for managing their VMware infrastructure on premise or at a VMware hosting provider data center. Many customers maintain both on-premise and hosted environments to meet their business needs. The VMware eco-system is growing and resilient, and an important part of the IT services landscape.

VMware and Security

While VMware has always been a leader in IT security, the company recognized the importance of encryption and proper encryption key management to meet security best practices and evolving compliance regulations. In 2016 VMware released version 6.5 of vSphere which enabled built-in support for encryption of virtual machines (VMs) and virtual storage (vSAN). In any encryption strategy, it is important to protect the encryption keys using a purpose-built key management security system that secures the keys away from the protected information. The VMware security architecture integrates with a key management server (KMS) to protect the encryption keys that are used by ESXi and vSAN. The interface between vSphere and the key management server is based on the Key Management Interoperability Protocol (KMIP), an open standard for KMS systems. 

In vSphere the administrator defines a primary key manager and one or more failover key managers using the KMS Cluster module. vSphere manages the failover to a backup key server in the event the primary key server is not available. This also enables failover to a disaster recovery VMware node in an automatic fashion. The result is a robust implementation of encryption with key management based on the open OASIS KMIP standard and deployed in a highly resilient fashion.

VMware Hosting and MSP Partners

VMware hosting partners and MSPs are called on to deploy proper security in the VMware infrastructure. Security is largely provided by native VMware applications such as NSX and others. However, the deployment of a key management system depends on support from third party KMS vendors. Townsend Security is one of those vendors with its Alliance Key Manager solution.

Unfortunately, most enterprise KMS systems are expensive, difficult to deploy, lack needed failover reliability, and have complex licensing and management requirements. Many VMware hosting providers provide their infrastructure and services on a usage-based model. Enterprise KMS systems generally do not fit this delivery, reporting and billing model.

Townsend Security is solving this problem by providing its Alliance Key Manager solution on a usage basis. VMware hosting providers will benefit from the Townsend model as it matches their business delivery model and makes KMS affordable to their end customers. When your encryption key management strategy lines up with your business model you are able to manage your growth in a predictable way.

Delivering Compelling Hosting and Services

VMware hosting providers and MSPs are rapidly changing the way that VMware customers are managing their IT infrastructure. These VMware partners are filling a services and support gap left by typical, large cloud service providers. Hosted VMware infrastructure, Disaster Recovery as a Service (DRaaS), automated backup and recovery, and expertise on demand provide compelling value to VMware end customers. 

Townsend Security’s Alliance Key Manager is filling the KMS gap for VMware hosting providers and MSPs by providing an Enterprise KMS system that matches the way they do business. Gone are the complexities of sourcing, deploying, licensing and administering a KMS for the VMware environment. Townsend Security empowers the VMware hosting provider with on-premise and customer premise solutions for every VMware KMS need.

Delivering Secure VMware Hosting with Encryption and Key Management

Topics: Hosting, Encryption Key Management, VMware

State of Encryption Key Management - 2020

Posted by Luke Probasco on Apr 20, 2020 8:05:12 AM

Data security compliance requirements and corporate security initiatives continue to drive the adoption of encryption and key management to protect private information - ranging from customer information to electronic protected health information (ePHI) to a company’s intellectual property (IP). Deploying encryption naturally means properly protecting encryption keys, which historically has been the biggest challenge that organizations face with their encryption strategy. As such, it is far too common to see businesses not properly storing their encryption keys - for example, keeping them in a database in the clear or even burned into their application’s code.

State of Encryption Key ManagementFortunately, encryption key management solutions are more affordable and easier than ever, however, not all solutions are created equal. Standards such as FIPS 140-2 remain, but what does that mean in a virtual environment? Additionally, we are seeing all the major cloud service providers (CSPs) offer encryption key management as a service, but there are several fundamental reasons enterprises are hesitant to adopt them.

I recently sat down with Patrick Townsend, Founder and CEO, to discuss the current state of encryption key management, databases/applications that natively provide encryption and key manager integrations, and questions to ask your key management vendor. 

Hi Patrick. Let’s just take a minute and acknowledge how far encryption key management has come.

It is incredible how far encryption key management has come over the last 15 years. As I think back to when we started this journey, it was a very different environment. One of the motivating factors for us to get in the key management game was that key management systems used to be terribly expensive and complex - and usually involved a team of expensive consultants to deploy. Early on, I even had a key management system (KMS) vendor tell me that they didn’t want to do a deal under $10 million - and that just isn’t going to work for smaller companies. This just really influenced how we got started. Companies of all sizes deserve to have good encryption and key management as part of their defense in depth security strategy. I am very proud of our team for creating a key management solution that has been FIPS 140-2 validated and affordable to the small and medium sized enterprises who need to protect their employees and customers without having to pay for every database, connection, or encryption key. We have now passed the 10 year mark with Alliance Key Manager. While it was first introduced as a physical hardware security module (HSM), we have added VMware and cloud platforms (AWS and Microsoft Azure) - and starting at $4,800 is affordable to every customer. I am proud that we have played a part in making encryption key management affordable to businesses of all sizes.

Speaking of cost, could you imagine if deployments were still $10 million?

It really is incredible. If that were still the cost, small and medium sized businesses would be priced out of the market - and their data a lot more vulnerable. With that said, it still amazes me how much KMS vendors are still charging for some of their solutions. Recently we had a prospective customer forward us a quote from another KMS vendor and it was astonishing. The customer was trying to protect 12 Microsoft SQL Server databases and the quote was for $194,000! And that was just the start. As the customer adds additional databases in their environment, there is going to be more and more cost as they go forward. For the same hardware-based HSM solution, we would charge $36,000 for two HSMs and save the customer $158,000! Alternatively, we even could offer VMware or cloud instances that would have been even less expensive.

As a company, we are passionate about keeping a low and predictable total cost of ownership (TCO). You shouldn’t have to go back to your key management vendor every time you want to add a database or encrypt something in a new environment. This model of pricing can add up very quickly. We offer a simple pricing structure - license the KMS, pay annual maintenance, and use the key manager to protect as much data as you’d like. From my point of view, there is no justification for a pricing strategy that penalizes businesses for doing more security.

Aside from cost and ease of deployment, there really has been a growing awareness on the importance of key management. 10 years ago when you first started, small and medium sized businesses didn’t even know what key management was.

Certainly. Key management is the cornerstone of an encryption strategy. If you are doing encryption, you must protect encryption keys. In fact, key management is starting to show up in regulatory compliance requirements. For example, if you look at the California Consumer Privacy Act (CCPA), you will find proper key management called out as being core to protecting data. If you are not using key management, you are NOT adequately protecting your encryption keys and you lose some of the protections under the CCPA.

As businesses deploy modern key management solutions, they need to make sure the key manager has been FIPS 140-2 validated and is key management interoperability protocol (KMIP) compliant. The industry as a whole is still catching up to these standards. For example, with AWS KMS or Azure Key Vault, businesses do not have industry standards based interfaces for key management. Rather than using the KMIP standard, they are requiring customers to use their proprietary interface. Standards, like KMIP, are incredibly important when it comes to reducing your cost of encryption in the long run. Fortunately, we are seeing most major database and application vendors adopting the KMIP standard and natively supporting encryption, leaving the key management to the user.

Also, it is still the wild west out there in regards to some KMS vendors. I think people should avoid solutions that require external, third party hardware modules to back up the key manager. That is completely unnecessary. There are open source solutions that provide vaults that are not FIPS 140-2 compliant unless they are backed up by an HSM.

Again, key management is core to a security strategy and really has come a long way since the early days. It now takes a few minutes to get a KMS up and running, you don’t need outside consultants or someone to come on site, and most of the time doesn’t take any paid services!

You mentioned KMIP. It has been great to see more databases and applications adopt the standard.

That’s right. Encryption usually doesn’t require application changes anymore - it has become a non-technical exercise. KMIP has fundamentally changed the way businesses deploy encryption and key management. For example, we have seen databases like MongoDB and MySQL and VMware’s vSphere and vSAN support KMIP. Let’s take a look at MongoDB. MongoDB Enterprise includes 256-bit AES encryption built into the database. Knowing the importance of key management, they built in support for KMS vendors with the KMIP standard. Now their users can seamlessly encrypt data and easily manage the encryption keys separate from the data that they protect.

KMIP really has been a game changer for the key management industry and really underscores the importance of basing solutions on industry standards. Unfortunately, it isn’t everywhere - yet. Typically, KMIP is reserved for Enterprise versions of databases. With that said, there are still options for shops running “Standard” or “Community” versions.

There are. Chances are that these shops are running a version of VMware that supports vSphere and vSAN encryption. By deploying “Standard” versions of databases directly in vSAN, they can utilize the encryption and key management options already included in their VMware products. Furthermore, VMware has developed excellent guidance that is available on their website on how to install databases into an encrypted vSAN. If you are an Oracle customer, for example, and feel like you can’t afford the expense of upgrading to Oracle Enterprise with Advanced Security in order to get encryption, VMware has your back. By doing this, businesses can affordably meet regulatory compliance and protect their sensitive data. Same is true for other databases.

Let’s keep talking about compliance. Compliance has been a major driving force for organizations adopting encryption key management.

Yes. Businesses of all sizes and industries fall under a variety of compliance regulations. If you take credit cards, you fall under PCI DSS. If you are a covered entity in the medical segment you fall under HIPAA. California recently passed the California Consumer Privacy Act (CCPA) which has reach far beyond the borders of California. It is important to note that CCPA also requires proper key management. Storing encryption keys next to the secured data provides you no protection from data breach notification and class action lawsuits. You have to get key management right. 

Regulations certainly are one major factor driving the uptake in encryption. Over time, we have seen regulations evolve and encryption keeps getting more embedded in these regulations and is recognized as a core part of a defense in depth strategy. With that said, compliance isn’t the only reason a company deploys encryption and key management. We regularly talk with customers concerned with reputation, protection of intellectual property (IP), or a host of other reasons.

For businesses who haven’t deployed encryption key management yet, what are some questions that they should ask vendors?

There are definitely some baseline qualifiers here. Look for a FIPS 140-2 validation. Has the solution ever been validated by the National Institute of Standard and Technology (NIST)? Some key management vendors out there will say they are compliant and unable to prove it because they have never received a formal validation. It is important to ask for their certificate number. Don’t accept a third-party letter saying that the solution is compliant. There is no substitute for a NIST validation. They aren’t cheap or easy, which is a major differentiator between the good and not-so-good key management vendors.

As discussed earlier, good key management systems will adopt the KMIP interface. You should easily be able to use your key management solution seamlessly with the growing number of databases and applications that support KMIP.

Who has administrative access to the keys? Do you have exclusive control or is access shared with a cloud service provider (CSP) or key management vendor? Most of the CSP key management offerings are in shared environments - both you and your CSP have access to your keys. Also a consideration, are you OK with CSP lock-in? Most businesses today are trying to achieve a cloud-neutral implementation and you don’t want your key management solution to defeat that effort.

I think that these are the topics that should be top of mind for businesses as they move through their cloud encryption strategy and think about key management.

Is there anything that you would like to share about Townsend Security’s Alliance Key Manager that you haven’t mentioned yet?

Alliance Key Manager comes along with a wide variety of client applications and SDKs - at no charge - to help you secure databases and applications like VMware, Microsoft SQL Server, MongoDB, MySQL and others. As I mentioned earlier, it is cost effective and affordable to organizations of all sizes. I think that our key manager is the most cost-effective, standards-based solution in the market. By offering the key manager on multiple platforms, which are all cross-compatible, businesses have a variety of options for their encryption strategy that are easy to deploy.

The last thing that I would like to point out is that our solution is very partner friendly. Alliance Key Manager is embedded in many ISV environments and products. We have flexible programs that allow our partners to get encryption right by embedding key management into their solution.

To hear this conversation in its entirety, download the podcast “State of Encryption Key Management - 2020” to hear Patrick Townsend, Founder and CEO, further discuss the latest trends and perspectives around encryption key management and how to better protect your data.

Podcast: State of Encryption Key Management

Topics: Encryption Key Management

Enterprise Key Management System (KMS) vs Cloud Key Service (KMS, Key Vault)

Posted by Patrick Townsend on Mar 16, 2020 3:38:00 PM

I am often asked about public cloud provider encryption key services like AWS KMS and Azure Key Vault. There are substantial differences between an Enterprise Key Management System (we have one) and the key services provided by Amazon and Microsoft (and Google has one, too). Enterprise Key Management Systems provide dedicated, full lifecycle key management under your exclusive control. Cloud key services provide a small subset of encryption key management support, in a non-dedicated, multi-tenant, shared environment. 

Perhaps the best way to show the differences is in a side-by-side table comparing our Alliance Key Manager for AWS and Azure, and Cloud Service Provider (CSP) key services:

Feature

Alliance Key Manager

Cloud Key Service

     

Standards

   

FIPS 140-2 Compliant

Yes

Back end only

OASIS KMIP compliant

Yes

No

     

Operational

   

Dedicated control

Yes

No, Shared Custody

Cross cloud

Yes

No

Mirror keys to on-premise

Yes

No

On-premise to cloud seamless migration

Yes

No

Backup off cloud

Yes

No

Key mirroring across regions/zones

Yes

No

Migrate to HSM

Yes

No

Automatic failover across regions/zones

Yes

No

     

VMware and Kubernetes

   

VMware encrypted VM support

Yes, certified

No

VMware encrypted vSAN support

Yes, certified

No

VMware vTPM support

Yes

No

     

Database & Application

   

SQL Server TDE support

Yes

No

MongoDB Enterprise Advanced support

Yes

No

MySQL Enterprise support

Yes

No

IBM DB2 support

Yes

No

Drupal

Yes

No

     

SDKs

   

Java

Yes

Yes

.NET (C#)

Yes

No

Python

Yes

Yes

C/C++

Yes

Yes

PHP

Yes

No

Perl

Yes

No

RPG

Yes

No

COBOL

Yes

No

 

Download Alliance Key Manager

Topics: Encryption Key Management

Do You Have Encryption Key Management Server (KMS) Sticker Shock?

Posted by Patrick Townsend on Mar 10, 2020 9:11:45 AM

In any industry you will probably find a number of really responsible vendors, and of course, you will find the outliers and the outlaws. It is true in the security vendor community, too. There are a core group of responsible vendors, there are those that exaggerate the capabilities of their products, and there are those who just charge as much as they can get away with. I guess that is just human nature.

Download Alliance Key ManagerWhen I set out 15 years ago to bring encryption and key management solutions to market, I knew that the existing Key Management Server (KMS) products were highly priced and out of reach for most companies and organizations. A KMS vendor once told me that they did not want to work with any customer who did not want to spend at least $10 Million or more on their solution! I wanted to create a KMS solution that would be in reach for the average business, non-profit, and local government agency. Everyone deserves to deploy a really good security solution to protect their employees and their customers. We’ve now passed the 10-year anniversary of the first release of our Alliance Key Manager solution, and I am proud of the price disruption we created in every part of the KMS market – on-premise HSMs, VMware software appliances, and in the cloud (AWS, Azure).

I had a real shock this last week. Maybe things have not changed as much as I thought.

A prospective customer sent me a price quote from one of the mainstream KMS vendors. Their company wanted to purchase two key manager HSMs to protect 12 SQL Server databases. Look at how this was priced (numbers rounded):

Two key management HSMs:                                 $ 90,000

Annual software support for the HSMs:                  $ 16,000

 

12 Endpoint licenses for SQL Server                       $ 73,000

Annual software support for the endpoints:           $ 15,000

                                                                                 ========

Total:                                                                       $ 194,000

Unbelievable !!!

This company was going to pay $106,000 for two key managers, and THEN pay for each database that had to be encrypted. There is no reason on Planet Earth why this customer should have to pay so much to protect a small number of databases. I feel sorry for them if they have other databases they need to protect as they will have to pay for each of those, too. It is not hard to see how this cost would rapidly escalate as the company worked to protect more data - and it is clear that the average small business or organization could never afford this solution.

Let me show you how we would price our solution for the same requirement:

Two key management HSMs:                                 $ 30,000

Annual software support and maintenance:         $ 6,000

 

12 Endpoint licenses for SQL Server                     $ 0

Annual software support and maintenance:         $ 0

                                                                                 ========

Total:                                                                        $ 36,000

That’s right. For the same solution we would save this customer $158,000 out of the starting gate. Further, we would save them even more as they deployed encryption over additional databases - and the software maintenance costs would escalate, too.  How can we save you this much? Easy, we ask a fair price for our key management solution, and we don’t charge you at all for each database or application. If you purchase a key manager, we want you to use it for every security project you have. You don’t need to keep dredging up money each time you want to use the key management solution. With our pricing policy, it would be easy to envision saving this customer several MILLION dollars in KMS costs over a period of a few years!!!

Can you think of something you could spend that money on? Raises, new hires, new technology, business investment, and so much more. I am sure you can think of something useful to do with those funds. This kind of cost can drag a company down and reduce its competitiveness. This is outrageous.

You are not trapped and you have choices. Just talk to us.

In addition to being affordable, we make it easy to evaluate our Alliance Key Manager solution. You can now download it from our website, get access to documentation and quick start guides, and get access to full technical support.

You have options, just talk to us.

Patrick

Download Alliance Key Manager

Topics: Alliance Key Manager, Encryption Key Management

California Consumer Privacy Act (CCPA) and Encryption Key Management

Posted by Patrick Townsend on Jan 31, 2020 9:46:06 AM

In October of 2019 I blogged about the California Consumer Privacy Act (CCPA) and its impacts on businesses. I knew that a lot of businesses were aware of the CCPA coming into effect on January 1, 2020, but I thought that there was a lot of misinformation and confusion about the CCPA. In that blog I laid out a number of facts about CCPA and some suggestions on actions you can take. I also noted that the law was very likely to get an update by the end of the year. You can find that original blog here:

California Consumer Privacy Act (CCPA) - Things You Need To Know

Podcast: CCPA - What You Need to KnowWell, that update to CCPA and related notification laws has happened. Several new laws were enacted in December 2019 that clarify and modify the CCPA. While the broad requirements of CCPA remain intact, there were some changes that bear noting.

One important change relates to encryption key management and breach notification. Let’s do a deeper dive.

First, it is important to note the role that encryption of sensitive information plays in CCPA. Among other things, the CCPA dramatically empowers consumers to recover damages after a data breach of unencrypted data, and limits the ability of businesses to inhibit that recovery. Here are a few aspects of CCPA law:

  • Businesses are not allowed to limit the ability of consumers to seek recovery. The widely used practice of liability limitation, arbitration clauses, and so forth are prohibited.
  • The California Department of Justice can levy steep fines on businesses that suffer a data breach and who have not adequately protected sensitive data.
  • Consumers are empowered to bring class action lawsuits around a data breach to recover damages. This kind of litigation is specifically enabled by the CCPA and should scare covered businesses.
  • However, class action lawsuits are only allowed with the loss of unencrypted sensitive data. Encryption is your friend!

So, what is different with the new laws?

AB1130 is one of those recent bills that modifies the CCPA notification requirements. It retains the litigation protections provided by encryption, but further clarifies that encryption keys must be properly protected. Here is what AB1130 says about breach notification (extracted and highlight added):

SECTION 1. Section 1798.29 of the Civil Code is amended to read:

1798.29. (a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California (1) whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person, or, (2) whose encrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person and the encryption key or security credential was, or is reasonably believed to have been, acquired by an unauthorized person and the agency that owns or licenses the encrypted information has a reasonable belief that the encryption key or security credential could render that personal information readable or usable. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

The full text of AB1130 is here:

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1130

Security professionals know that encryption is only as good as the protection you provide to the encryption key. The CCPA notification rules now embed that understanding right in the law. And you must understand what this means in terms of your litigation protections.

Let’s take one example:

Microsoft SQL Server is a widely used database for business information. SQL Server implements Transparent Data Encryption (TDE) to protect all data in the database. And it gives you two options for storing encryption keys:

  • Local storage of the key on the same server as the database.
  • Remote storage of the key by integrating with a professional key management system.

A lot of Microsoft SQL Server customers store the key locally on the same server as the database. Why? Well, it is easy and free. 

Here is the problem:

It is trivially easy for a cybercriminal to recover a locally stored encryption key if they have access to the server or a backup of the server. In fact, there are ready made programs that will just recover the key for the hacker and unlock the encrypted data, in just a few seconds. This is a prime example of where poor encryption key management will damage your ability to limit notification and liability under CCPA. Don’t expect to argue that the key was properly protected. Every security professional knows how poorly protected a locally stored key is.

Is there a way to mitigate this poor encryption key strategy?

Yes. 

Microsoft SQL server also supports remote encryption key management systems through a special interface known as Extensible Key Management, or EKM. You don’t have to store the key locally - you can easily plug in a key management system and protect the encryption key properly as the CCPA recommends. Problem solved, from a CCPA perspective. Our own Alliance Key Manager supports remote key management through the EKM interface.

Here are a few takeaways:

  • Under the CCPA, encryption is a critical part of your compliance strategy, and your strategy to limit liability after a data breach. It is hard to overstate the importance of encryption.
  • When you do encryption, you have to manage the keys properly. Use a professional key management system like our affordable Alliance Key Manager to accomplish this. Alliance Key Manager is NIST FIPS 140-2 compliant which is the gold standard for key management certification.
  • If you are currently storing the key locally, it is easy to move to a proper key management system. It usually just takes a few minutes.
  • There is no such thing as a good, secure method to store keys locally with your data. Just don’t do it.
  • Key management systems are now affordable and easy to deploy. We can prove it!

The California Consumer Privacy Act and subsequent laws change everything in terms of how we process and protect sensitive data. Encrypting that sensitive data, and protecting the encryption key, is not hard and is within reach of every business. 

Talk to us. We’ll show you how fast and easy it is to meet this part of the new CCPA and notification regulations.

Patrick

P.S. I don’t mean to pick on Microsoft SQL Server here. The same issue applies to almost every commercial and open source relational and NoSQL database! 

Podcast: CCPA - What You Need to Know

Topics: Encryption Key Management, CCPA

2019 SQL Server Encryption Survey

Posted by Ken Mafli on Jan 15, 2020 6:00:00 AM

This last November (Nov. 6-8, 2019) we had a chance to participate in the 21st annual PASS Summit in Seattle as an exhibitor. It was a great time as SQL Server professionals from around the world attended. We had an opportunity to ask them about their company's encryption and key management practices. Below are the results as well as some expert weigh-in on the findings. Enjoy!

The SQL Server Encryption Survey—2019

 

2019-SQL-Server-Encryption-Survey

 

A special thanks to our contributors for their expertise and guidance. You all are clear-minded professionals that have a lot to offer those looking to better secure their data:

-Ed Leighton-Dick, Kingfisher Technologies
-Tim Roncevich, CyberGuard Compliance
-Justin Garren, LyntonWeb
-Sharon Kleinerman, Townsend Security
-Patrick Townsend, Townsend Security

If you are looking to protect your encryption keys for your sensitive data in SQL Server, you need a FIPS 140-2 compliant centralized key manager that:

  • Never charges you additional fees for connecting a new end-point.
  • Never limits the number of end-points based on the model of the KMS.
  • Never limits the number of encryption keys generated or stored.
  • Never forces you to pay extra fees for software patches.
  • Never forces you to pay extra fees for routine software upgrades.
  • Always gives you unmatched customer service.
  • Always protects your keys, 24/7.

You need Alliance Key Manager for SQL Server.

Alliance-Key-Manager-for-SQL-Server 

 

 

Topics: Key Management, Extensible Key Management (EKM), SQL Server 2008, Microsoft, Info-graphic, SQL, Encryption Key Management, SQL Server, Transparent Data Encryption (TDE), SQL Server encryption

Living on the Edge

Posted by Luke Probasco on Dec 9, 2019 8:02:59 AM

As the world of edge computing becomes more distributed, billions of connected devices live on the edge, which need to be secured, managed and automated. For many businesses, this means deploying a VMware and cloud infrastructure and using VMware vSphere, for example, to encrypt private information.  While it is easy enough to encrypt data on the edge, key management has proven to be a challenge.

Podcast: Living on the EdgeI recently sat down with Patrick Townsend, Founder and CEO of Townsend Security to talk about deployments on the edge, achieving a strong security posture with key management, and other ways that businesses can better secure their private data. 

Patrick, Townsend Security has had key management solutions for VMware for a number of years. What is special about Edge computing?

Well, Edge computing is fascinating.  It isn’t really that different from how we currently think about computing and data security in the cloud or on-premise. By moving applications closer to the end user, Edge computing brings a better, faster user experience to the end user.  So, if you are running an application in the cloud, perhaps in a retail or healthcare environment, the delay over the network can degrade the experience or inhibit the ability to collect a lot of data, for example, from IoT devices. Edge computing is a natural evolution of making things more efficient with a better user experience.  However, Edge computing also brings new security challenges too. If we are collecting data that is sensitive in nature, it is just as sensitive out on the Edge as it is in our data center.

So what is special or different about Edge computing from a security point of view?

There are a number of challenges.  How do we deploy applications in a secure way?  How do we do application patching? One of the most important security efforts that we make is to keep everything patched and up to date.  When you have Edge computing, there are a lot more environments in distant locations. The security process really becomes more complex when we move to Edge computing.  Those challenges can be solved, but they represent things that we really need to pay attention to.

At the same time, as we are pushing applications out to the Edge, compliance regulations are getting more stringent.  Just look at the California Consumer Privacy Act (CCPA) and GDPR before it. Both of those are making the protection of sensitive data much more important.  The risks of data loss to an organization are escalating, and at the same time, we are pushing data to more and more places - so we have a big security challenge that we need to step up to.

Protecting data data in a centralized IT data center is a challenge, but one that we are used to.  Edge computing brings unique problems with it. For example, let’s say you pushed some data out to a dozen Edge computing environments.  You’ll need to encrypt that data to meet compliance, but where is the key manager? Is it back at your central on-site data center? If so, you may have just lost the advantage of pushing everything to the Edge.  Encryption and key management also need to be pushed out to the Edge in order to meet security best practices, just as you would in on-premise environments.

In terms of the cloud, can you give some examples of Edge environments?

Sure.  In the Cloud, we try to deploy applications close to the end-customer which gives us better response times and a better customer experience.  So, in AWS or Azure, we can move applications closer to where the end-customer lives. CSPs are making this easier by automating some of the deployment tasks.  By pushing applications to the Edge, you get really close to the physical location of the customer. For example, if you live in Sweden, you don’t need to connect to a key manager that is sitting back in Silicon Valley.  You should connect to a key manager that is near you. When moving to the Edge, encryption and key management need to move with you.  

By the way, you may have noticed that VMware has been working much more closely with Cloud Service Providers to provide true VMware infrastructure on cloud platforms.  For example, on Azure, you can deploy a full bare metal stack - VMware in the cloud and managed the way you want. But again, when you push those VMware environments to the Edge, what about the encryption key management?  The good news is, that with our new Alliance Key Manager for Edge Computing, we can make that easy and affordable to accomplish.

How about some examples of non-Cloud Edge environments?

Almost all of us use VMware on premise, and it isn’t really all that different to what we are currently doing.  Think of a medium or large retail organization with hundreds or thousands of storefronts. When you walk into the store, there is a very good chance that there is a local VMware node out there that is running many applications.  Think about a large box store with retail, pharmacy, and automobile services. The VMware environment in a single store might support dozens or hundreds of specialized applications. How do you protect data in that environment? Sometimes when we think of Edge computing we think of “just” the cloud, but this isn’t the case.  Again, just like with the Cloud, it doesn’t need to be difficult to push encryption and key management to the Edge, it just needs to get done.

How do compliance requirements impact Edge computing?

Well, compliance requirements, which are getting stronger as we speak, make the challenge of Edge computing even more important to address.  If you think about it, when we have centralized IT processing, we have one environment to protect. It may be a very data rich environment with sensitive data that cybercriminals may want to steal - but it something that isn’t that difficult to protect.  What if we have 500 of those environments out there across on-prem and cloud locations? The attack surface has been dramatically increased. The data is still important and still a target, but now we have a lot more to deal with. I think people are waking up to the security challenge and need to focus just as much effort on securing data at the Edge as we do at the centralized, on-premise data center.  We have to deploy all of our security defenses at the Edge in the same way that we do with core IT systems. The data is the same.

How is Townsend Security trying to help resolve this challenge.

The barriers to getting Edge data protection right are only party technical.  Key management vendors have not adapted to the new reality of the Edge. The huge expense of traditional KMS solutions is the primary barrier to protecting data at the Edge.  For small businesses, they can even be completely priced out of the market around doing encryption and key management right. Large organizations have been priced out as well.  When there are hundreds or thousands of endpoints that need protected, vendors need to step up to help these businesses secure their data.  

At Townsend Security, we have two distinct advantages.  First, our Alliance Key Manager for Edge Computing solution is virtualized, automated, and VMware Ready.  For example, our key management solution has been certified by VMware for vSphere key management - to protect VMs and vSAN storage.  We are seeing many organizations deploy VMware at the Edge. Second, we have the ability to flexibly license and price our solutions for the Edge.  Enterprises can now deploy full VMware VM encryption and key management at Edge with an affordable solution.

To hear this conversation in its entirety, download our podcast Living on the Edge and hear Patrick Townsend further discuss deployments on the edge, achieving a strong security posture with key management, and other ways that businesses can secure their private data.

Podcast: Living on the Edge

Topics: Encryption Key Management, Alliance Key Manager for Edge Computing

Don’t Let Your Application or Database Limit Your Encryption Strategy

Posted by Luke Probasco on Sep 23, 2019 8:37:27 AM

Historically, encryption and key management have been deployed at the application or database level. There are even several databases who’s “Enterprise” edition (like Microsoft SQL Server or MongoDB, for example) include options for encryption and external key management built right in the database. Unfortunately, these types of databases are the exception, rather than the rule. If you were to examine an organization's IT infrastructure, you are more likely to find a wide variety of databases and applications, some natively supporting encryption, some not, and many containing unprotected private information or personally identifiable information (PII). Simply put, their encryption strategy has been limited due to cost and resources required to properly protect private information. 

Podcast: Don't Let Your Application or Database Limit Your Encryption StrategyFortunately, these same enterprises have deployed VMware infrastructure, and starting with vSphere 6.5 and vSAN 6.6, are able to encrypt sensitive workloads in VMware using the advanced cryptographic features in vCenter. To put it a little more simply, businesses can protect their sensitive information in their internal applications and databases that don’t natively support transparent encryption with tools offered by VMware.

I recently sat down with security expert and CEO, Patrick Townsend, to talk about how enterprises can leverage VMware’s vSphere and vSAN to encrypt private data - regardless of whether their applications or databases support encryption. 

Hi Patrick. Let’s jump right in. With the introduction of vSphere encryption in 6.5 and vSAN 6.6, it has become much easier for businesses to encrypt private data. In the past they have relied on encryption at the application level or used the encryption that comes with their database. With so many enterprises deploying VMware, they no longer need to let their application or database limit their encryption strategy.

That’s absolutely correct. There are databases like Microsoft SQL Server and MongoDB EA, for example, that have encryption built right in - which makes it easy. But there are other times when encryption can be much more difficult. SQL Server Standard edition and the Community edition of MySQL, for example, do NOT support encryption. So, you have these widely used databases, with lots of unprotected data because that can be a challenge to encrypt. Using vSphere and vSAN encryption is a great way to address these gaps in an organization's encryption strategy with industry standards-based encryption. 

Sometimes the barrier to encryption is the cost of upgrading databases to “Enterprise” editions. Almost all of us are running VMware in our infrastructure anyway, so in many cases we already have the tools we need - the encryption support is there, we just need to use it. VMware even provides excellent guidance for encrypting databases, like Oracle and SQL Server, for example.

So, one of the most obvious questions. How is performance?

This is always a concern that people bring up. I can say that VMware has done a great job with performance in both encrypted VMs and vSAN - and performance continues to improve. These days, you can even deploy a large database on vSAN. This is a technology that has matured and gained the trust of customers, and they are adopting it at a rapid rate. There is also some really good material from VMware about performance expectations - white papers, solutions briefs, etc. Furthermore, both vSphere and vSAN take advantage of the Intel AES-NI on-chip accelerator for encryption, which provides a great performance boost.

Of course the key manager is the critical component that ensures the encrypted data stays encrypted. Without proper key management, it is like leaving the keys to your house under the welcome mat. What should our readers be looking for in a key manager?

Here is something that I think VMware did right. You must use a key manager in order to activate vSphere encryption of VMs or vSAN encryption. Within vSphere you are able to create a KMS cluster, define failover key managers, multiple KMS clusters, etc. They did a great job. Furthermore, VMware based their interface on the Key Management Interoperability Protocol (KMIP) industry standard. Other databases vendors, for example, allow local storage of encryption keys. That is really such a BAD security practice, so I am glad that VMware saw implications of that. If you are going to use VMware data-at-rest encryption, you are going to use proper encryption key management and that will be much better from a security perspective. I also think that this reflects on VMware as a company and their concern for their enterprise customers.

What to look for in a key manager? All enterprise level key managers are validated to FIPS 140-2 by the National Institute of Standards and Technology (NIST). Be absolutely sure you key management vendor has completed this validation. Secondly, your key manager should support the KMIP protocol. Finally, if you are taking credit cards for payments, look for a PCI validation. We validated our Alliance Key Manager with both Coalfire and VMware, as a joint project. This helps our customers easily get through an audit, which can be quite difficult.

While I have you, I was hoping you could also offer some clarification on the term KMS. For example, VMware defines KMS as a Key Management Server. Amazon defines their KMS as a “Key Management Service.” How should our readers be thinking about a KMS in regards to VMware encryption?

Ah, the chaos of three letter acronyms. KMS, in general terms, means Key Management Server. It is a broad term covering key management devices that manage the entire lifecycle of a key - from creation to destruction. You are right, Amazon does call their key management service KMS, which can lead to some confusion. This service is NOT to be confused with a key management server - and does not give you full control over the entire key lifecycle. It is a shared administrative environment where you share access to the keys with Amazon.

You need to approach cloud service provider (CSP) implementations of key management services with trepidation. It is important for YOU to hold exclusive access to your keys and that only you have the only administrative control. Cloud lockin can be another concern as well.

To hear this conversation in its entirety, download our podcast Don’t Let Your Application or Database Limit Your Encryption Strategy and hear Patrick Townsend further discuss Encrypting applications and databases that don't natively support encryption, encryption performance, and other fundamental features of an enterprise grade key manager.

 

[Podcast] Don't Let Your Application or Database Limit Your Encryption Strategy

 

Topics: Encryption Key Management, VMware, vSphere, vSAN

2019 Encryption Key Management Survey Results

Posted by Ken Mafli on Sep 11, 2019 9:56:26 AM

Recently, we here at Townsend Security had the opportunity to poll the fans of our Newsletter to see how folks are doing with encryption and key management for their data-at-rest. We conduct this survey, and surveys like it, so that the larger InfoSec community can get a snapshot of how businesses, in general, are doing in securing their sensitive data. Below are a few key findings, hope you enjoy!

 

Overall Results

Using Encryption

First, the good news: 73% of respondents report that they encrypt their sensitive data while at-rest. This makes sense as all the respondents are fans of our Newsletter; the group is a little self-selecting in that they have already expressed an interest in data security. Of course, we would like to see the number at 100%, but that would mean our work is already done—and we know we still have a long way to go.

To give a bit of perspective, we conducted two additional surveys that represent a more general audience that we published, here and here. In those two surveys the adoption rate for encryption is closer to 50%. So, hats off to our fans for being above the curve!

Using Key Management

Now, the bad news: Only 50% of respondents say that they use proper key management to secure their encrypted data-at-rest (again, a little self-selecting in that, as part of the reason they like our Newsletter is that they are learning more about key management). Interestingly, even if you adjust the data to only look at those who replied that they do use encryption, the number only jumps to 66%.

As a comparison with the wider community, only about 30% of respondents in our other two polls (referenced above) said that they use encryption key management to securely manage their keys.

Expert Weigh-In: Patrick Townsend, CEO of Townsend Security
"Encryption is not enough. In order for encryption to be secure, the keys must be properly managed—100% of the time. If you don’t properly manage your encryption keys, it is like placing your house keys under your welcome mat. Every good thief knows to look in the obvious places for easy entry. Hackers do as well."

 

Encryption and Key Management Use, per Database/Blob Storage

Using Encryption per Database

It is no surprise to see that, overall, if a database/blob storage reports a rise/fall in the use of encryption, there is also a corresponding rise/fall in the use of proper key management. What is interesting, however, is the databases/blob storage where the respondents reported the widest gap in adoption of key management in comparison to the adoption of encryption. Here are the top five databases and their corresponding adoption gaps:

Database Gap in Encryption to Key Management Adoption
SharePoint: 40%
SAP: 28%
SQL Server Enterprise Edition: 26%
MySQL, SQLite, PostgreSQL, etc: 26%
MongoDB: 24%

 

Encryption & Key Management for SQL Server - Definitive GuideWhat may or may not be surprising is that SharePoint leads the pack in lack of key management adoption (compared to encryption adoption) and SQL Server Enterprise Edition comes in third. SharePoint is built on top of Microsoft SQL Server as its datastore (for structured data, at least). For SQL Server 2008 Enterprise edition and up, you now have the ability to not only take advantage of SQL Server’s Transparent Data Encryption (in SharePoint and SQL Server), but you also can leverage the power of a third-party encryption key manager using Extensible Key Management (EKM). This means it is incredibly easy to not only deploy encryption but also proper manage the encryption keys.

What is less surprising is the other three that made the top of the list. All these come with free editions that do not come with encryption libraries, let alone the ability to properly manage the keys. So anyone spinning up a free version of these databases will, by their very nature, not be able to secure their data.

Expert Weigh-In: Tim Roncevich, Partner at CyberGuard Compliance
"Many Enterprise editions of databases come with robust AES encryption and a way for a third-party vendor to manage the encryption keys. If you are storing sensitive data in an open-source, or free, version of a database, upgrade today. Hacks similar to the Cathay Pacific breach of 2018 were due to the company not upgrading to the Enterprise edition to take advantage of the encryption and key management that were available to them."

 

What Virtualization Do You Use?

Virtualization Used

About three-quarters of respondents said that they use VMware in their environment. The other quarter reported using Hyper-V, Red Hat Virtualization, Citrix Hypervisor, or KVM. Less than 10% said they used multiple virtualization platforms.

This is great news for the majority of businesses, then, in terms of encryption and key management. VMware’s vSphere 6.5 and up come with encryption ready to use. Not only that, but using a third-party encryption key manager is easy to set up and deploy.

Expert Weigh-In: Sharon Kleinerman, Director of Sales at Townsend Security
"For those organizations struggling to secure their data-at-rest with encryption and key management, doing so has never been easier. If you have VMware 6.5 and above, you simply set up your third-party key manager through vSphere’s KMS Cluster KMIP interface, tell vSphere which VMs you want encrypted, and your data is encrypted. Same with vSAN. It really is easy to encrypt with VMware as your virtual environment."

 

Backup & Recovery Solutions

Backup and Recovery Used

Backup and recovery solutions are an integral part of business continuity. In fact, Allied Market Research estimates that the market will grow by almost 25% year over year through 2023. In the next few years, however, Gartner estimates that 50% of companies will augment or replace their current backup solution with another.

Our findings fall roughly in line with Gartner’s research. According to our survey, about 40% of respondents say they will, or don’t know if they will, replace their current backup and recovery solution.

Expert Weigh-In: Steve Brown, Partner at Rutter Networking Technologies
"For those thinking of switching your B&R solution, it is important to make sure that the solution you are switching to provides encryption and a way to manage your encryption keys. Encryption should not be an afterthought. Instead, it should be one of the main drivers as to why you would either stay with your current solution or look farther afield."

 

Conclusion

The rate at which data breaches are happening is not slowing down. We all know this. But the adoption rate of best practices is still lagging. While it is heartening to see our blog’s fanbase beating the overall average for using encryption and key management to secure sensitive data-at-rest, We still have a long way to go.

The good news, it is easier than ever to adopt best practices. If you are thinking about truly defending yourself with a defense-in-depth strategy, talk to us today.

 

Encryption

 

Topics: Encryption Key Management

Blog-CTA-VMware-CSP
 
The Definitive Guide to AWS Encryption Key Management
 
Definitive Guide to VMware Encryption & Key Management
 

 
 

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all