+1.800.357.1019

+1.800.357.1019

Feel free to call us toll free at +1.800.357.1019.

If you are in the area you can reach us at +1.360.359.4400.

Standard support
6:30am - 4:00pm PST, Monday - Friday, Free

Premium support
If you own Townsend Security 24x7 support and
have a production down issue outside normal
business hours, please call +1.800.349.0711
and the on-call person will be notified.

International customers, please dial +1.757.278.1926.

Townsend Security Data Privacy Blog

Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program [Part 8 of 8]

Posted by Patrick Townsend on Nov 11, 2020 11:25:00 AM

Can I also resell Alliance Key Manager?

VMware Cloud Providers & MSPs - Win New BusinessYes, you can operate as an MSP and also as a reseller partner for those customers who are not using your MSP services. Reselling Alliance Key Manager is governed by a different agreement. Contact us if you have a resale opportunity.

I need to have our legal team review your MSP agreements. How is this done?

Just contact us. We will send you a copy of the MSP license agreement for legal review. 

We would like to use a copy of the key manager for training and customer demos. How is this done?

We will gladly support your internal training and demo needs. We do this through special Not For Resale (NFR) licenses. All MSP and Reseller partners qualify for NFR licenses for our key manager. There is no charge for NFR licenses.

How do you handle special bids?

While we believe that the MSP program provides you with a lot of flexibility, we understand that special bids are sometimes needed. Contact us to discuss the special bid requirements. We work with our partners around special bids on a frequent basis.

Are volume discounts available?

Yes, if you have a very large number of VMs to encrypt and would like to pay in advance for those we have a discount program available. 

How can I get started?

This web page has information about our MSP partner program and a form to get started. Complete the form and we will get in touch with you:

https://townsendsecurity.com/msp

You can also contact us by email and phone:

Email: sales@townsendsecurity.com
Phone: (360) 359-4400
International: +1 360 359 4400

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption Key Management for VMware Cloud Providers

Topics: VMware, MSP

How Can an MSP Use Encryption Security to Improve Revenues and Profitability? [Part 7 of 8]

Posted by Patrick Townsend on Nov 9, 2020 11:19:00 AM

Almost everyone considers encryption a sunk cost. You almost never see any type of Return On Investment (ROI) calculation when it comes to Key Management Server (KMS) systems. Acquiring a KMS system usually falls into the Capital Expense financial category when it comes to budgeting.

Let me change your thinking about KMS systems!

VMware Cloud Providers & MSPs: Winning New Business with Encryption and Key Management WebinarHere is a simple financial calculation based on a fictional MSP business. Let’s assume that as an MSP you charge your end customer $50 per month per managed VM. If you are managing 50 VMs for your customer your gross revenue for that customer is $2,500 per month.

However, you have costs, too. Hardware, VMware licenses, IT experts, administrative costs, etc. Let’s just guess that this might add up to $1,250 per month, or half of the gross revenue. Your margin after direct costs might be $1,250. 

This example is probably extremely generous in terms of your gross margin. I suspect that your costs are probably higher and margins much lower. But let’s run with this example where gross margins are 50% of revenue.

Imagine that you become a Townsend Security MSP Partner and pay $5 per month per encrypted VM on a usage basis. You charge your customer $8 per month per encrypted VM netting $3 per month gross revenue per encrypted VM. The direct costs are very minimal. Your hardware and infrastructure costs are minimal. There are no minimum KMS license fees. There are no extra charges as you expand your use of the KMS. And very minimal IT Expert costs due to the encryption and KMS automation provided by VMware.

You probably just gained an additional $150 in gross margin from this customer. 

That represents a whopping 12% increase in overall gross margin! It is not often that adding one simple service to your business offering can net that much gross margin gain.

This is, of course, a very simplified example. However, I believe that many of our MSP partners are recognizing larger gains as they add VMware encryption to their set of offerings. One MSP partner told me that it is a “no-brainer” for the customer to sign up for the small additional cost per VM for encryption due to its low cost. You can have that experience, too.

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Delivering Secure VMware Hosting with Encryption and Key Management

Topics: VMware, MSP

As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs? [Part 6 of 8]

Posted by Patrick Townsend on Nov 4, 2020 11:12:00 AM

Business continuity and resilience is at the heart of the value proposition MSPs provide to their customers. That means that the key management server (KMS) system at the center of VMware encryption must be able to provide real time recovery along with your service strategy. There are several components to a good high availability (HA) strategy, and these vary from one KMS solution to another. Here is how our Alliance Key Manager integrates with VMware to achieve high availability:

KMS Real Time Mirroring

Encryption & Key Management for VMware Cloud ProvidersAlliance Key Manager implements real-time, active-active key mirroring between a production and one or more high availability key servers. When VMware creates a new key on the KMS for an encrypted VM, that key is immediately mirrored by Alliance Key Manager to a high availability key server. Mirroring is done in real time so that you always have a KMS ready to take over. All transmission of encryption keys is performed over a TLS encrypted connection with mutual authentication, and you have the option to deploy a failover key server in a different vCenter environment.

vSphere KMS Cluster Configuration and Automatic KMS Failover

The purpose of the vSphere module called KMS Cluster is to define your key managers to VMware and to establish trust between vSphere and the key server. A KMS cluster is a list of key servers along with connection and credential information. Normally you would define two key servers in a KMS Cluster – one key server for production use and one key server for failover use. By default, the first entry in the KMS Cluster is the production key server, and failover key servers follow in the order that vSphere will use them. vSphere automatically connects to a failover key server in the event it cannot communicate with the production key server.

You are not limited to one KMS Cluster configuration. If you want to deploy a dedicated key manager for a particular customer you can create a new KMS Cluster configuration and define the dedicated key servers in this new configuration.

KMS Backup, Scheduled and On Demand

It is always a good idea to have a backup of your critical applications. Alliance Key Manager lets you define a schedule for automatic, secure backups. The backup server, usually a Linux instance running sFTP, can be located offsite.

Of course, you can always perform a manual backup on demand. This manual backup can go to a local directory on the key server and be downloaded by the administrator for secure offsite storage.

MSP Backup

Most MSPs offer a backup service to their end customers. Since Alliance Key Manager is a normal VMware virtual machine you can use your current backup strategy to back up the key server, too.

Disaster Recovery as a Service (DRaaS)

If you offer your customers a DRaaS service you can also offer them key management through the Townsend Security MSP partner program. You can deploy a key manager on the customer’s premises and mirror keys to your DRaaS service at your hosting site. 

VMware Monitoring

Lastly, we can’t forget that VMware offers a rich set of tools to monitor the health of VMs. You can use those tools to monitor the health of Alliance Key Manager, too. Your MSP license agreement allows you to install VMware Tools on the key manager server. 

In summary there are a number of layers of high availability built into the deployment of Alliance Key Manager. This will give you and your end customer a high level of confidence in the resilience of your encryption offering.

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption & Key Management for VMware Cloud Providers

Topics: VMware, MSP

Key Management Server (KMS) for Multiple vCenter Clusters and Nodes [Part 5 of 8]

Posted by Patrick Townsend on Nov 2, 2020 11:04:00 AM

We often get questions from MSPs about deploying our Alliance Key Manager solution across multiple vCenter nodes. Here is some good news for our MSP partners:

Multiple MSP Hosting or Cloud Locations

VMware Cloud Providers & MSPs - Win New BusinessMany MSPs operate multiple regional hosting centers. Even small MSPs will typically have two locations in order to support high availability and backup. Each physical location will have one or more vCenter servers. Multiple vCenter clusters are not uncommon at a single data center location. Global MSPs often have to work within a country’s data sovereignty laws. This means a data center in each designated country. This increases the number of key management servers (KMSs) that must be deployed.

Production and High availability Key Servers

Under the Townsend Security MSP partner program, there are no licensing restrictions and you can run as many KMS servers as you wish. This typically means running two key servers in each vCenter environment – one for production and one for high availability (HA) failover. Since the MSP partner program involves a usage based cost model, you can deploy as many KMS servers as you need. You only pay for the encrypted VMs and vSAN directories regardless of physical location and number of key servers.

Customer Dedicated Key Servers

You may find the occasional customer who doesn’t want to share a key server with other customers. VMware makes this easy to accomplish. You can just create a new KMS Cluster definition and add the new production and failover key servers to this configuration. The start encryption of VMs and vSAN for that end customer using this new KMS Cluster configuration. Voila! Since there is no licensing cost for deploying key servers this is a cost effective way of meeting this customer requirement. You just report this customer’s encrypted VMs and vSAN directories during normal monthly reporting.

On-premise to Hosted or Cloud vCenter Nodes

If you are managing an end customer’s on-premise IT infrastructure, you can also deploy Alliance Key Manager on-premise and mirror to a hosted or cloud vCenter node. This is especially helpful to MSPs who are providing Disaster Recover as a Service (DRaas). The production environment can be in the end customer’s data center and you can mirror encryption keys to an Alliance Key Manager failover key server in your own environment. This helps achieve seamless failover for your customer.

Customer Dedicated vCenter Nodes

It is also not uncommon for an MSP to dedicate a vCenter server to a specific customer. That customer may have heightened security concerns, or may not want to share infrastructure with other customers. There may be corporate governance and security restrictions that require this. Again, MSPs only pay for the number of encrypted VMs and vSAN directories, regardless of the number of vCenter clusters and how they are used, and regardless of physical location.

In summary, we provide our MSP partners with all of the flexibility they need to support current customers and attract new customers. VMware encryption is a core security control that your customers demand, and you now have the tools to meet the need.

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption Key Management for VMware Cloud Providers

Topics: VMware, MSP

How Does Townsend Security Help an MSP Overcome the KMS Challenge? [Part 4 of 8]

Posted by Patrick Townsend on Oct 28, 2020 9:12:00 AM

In this blog series we’ve put the focus on the MSP’s challenges. Now let’s talk about how we at Townsend Security are helping meet those challenges.

Two years ago Townsend Security treated its MSP customers the way most legacy KMS vendors do. That is, we were a part of the problem. Thanks to the coaching and mentoring of some MSP leaders, we came to understand the need for a new approach, and we launched our MSP partner program. 

Key elements of our MSP partner program:

VMware Cloud Providers & MSPs - Win New BusinessMSPs need confidence in the key management solutions they deploy. Townsend Security has been providing their Alliance Key Manager solution for VMWare for more than 10 years. Alliance Key Manager is certified by VMware for every release of vSphere and vSAN that support encryption, it is FIPS 140-2 compliant, and it is validated to PCI-DSS compliance.

The Townsend Security MSP partner program provides their key management server (KMS) to the MSP with no upfront license fees and no annual minimums. In fact, there is no perpetual or subscription license agreement at all, just a simple end user license agreement tailored for the MSP. The MSP gets training from Townsend Security and deploys the KMS into production. The cost of the solution is based on a low monthly charge per encrypted VM and vSAN directory. Just pay for what you use and nothing else. You can scale up and down your use of the KMS as needed. 

How many KMS servers can you deploy? As many as you want. You can share a KMS server across multiple customers, or deploy a dedicated KMS for a customer. You can deploy the KMS in your hosted environment, in the cloud (AWS, Azure, Google, IBM, etc.), and on the customer’s premises. No license or cost per KMS server, no restriction on the number of keys, no restriction on the number of encrypted VMs

Each month you will report the number of encrypted VMs and encrypted vSAN directories you are managing. Payment is also simple and is made electronically through ACH bank transfer, wire transfer, or credit card. 

Townsend security provides full 24/7 technical support for business interruption issues. There is no extra charge for software maintenance and support. 

It is not just all about technology. We also help you with marketing content, joint webinars, joint podcasts and security reviews. We understand that the typical MSP has a lot on their plate and does not need to spend time on deep security questions. We’ll help answer those tough customer questions about encryption and key management. 

We are committed to helping you be successful. We align with your business, service and revenue models. We will train your team. We will support your technical team. And we will help you with marketing support. Our goal is to lean in and help, and take risks with you. We want to be the KMS partner you’ve always wanted.

MSPs have told me that the current COVID crisis is impacting their business and revenue streams. They are losing some customers and revenue but are seeing increased demand from existing customers. Everyone seems to need more help from the experts. It’s a tough time for MSPs. Now is the time to migrate your existing KMS deployment to Alliance Key Manager and gain predictability and scalability in your KMS costs. It’s easy to do.

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption Key Management for VMware Cloud Providers

Topics: VMware, MSP

What are the Biggest Obstacles to Offering VMware Encryption to Customers? [Part 3 of 8]

Posted by Patrick Townsend on Oct 26, 2020 12:55:00 PM

MSPs fine tune their services to satisfy customers. You are the experts in configuring, deploying, monitoring and protecting the customer’s sensitive applications and digital assets. The services you offer are crucial to organizations large and small.

So why don’t MSPs lead by offering VMware encryption?

It often boils down to the Key Management Server (KMS).

VMware Cloud Providers & MSPs - Win New BusinessKMS vendors by and large are stuck on old and costly licensing models. It is not uncommon to find legacy KMS vendors charging in excess of $200,000 for an initial deployment in an MSP’s infrastructure. On top of that there are often additional charges as you do more encryption, and annual maintenance and support fees. This represents a major upfront investment by the MSP with no guarantee of realizing a positive return on that investment. This KMS pricing and licensing model almost assuredly locks out a small to midsize MSP.

Then there is the complexity of most KMS systems. The MSP may have to invest a lot of time and resources in learning how to configure, deploy, and maintain the KMS. An MSP needs technology to be simple. Why? The complexity of end customer systems means that the average MSP has to know dozens or even hundreds of hardware and software application systems well. When you factor in PC, Server, Web, and Remote support, the MSP is responsible for a massive knowledge base and trained internal staff. A complex KMS system is just sand in the gears and another headache. It should be better, and it can be better. 

KMS deployments can also be complex and not match the MSP business model. It is not uncommon for MSPs to charge their end customers a monthly fee based on the number of VMs and vSAN directories under management. When a KMS system requires handholding for each end customer, and uses a legacy pricing model with annual minimum payments and commitments, it becomes a nightmare for the MSP to realize a gain on encryption.

For all of these reasons many MSPs avoid encryption. It is understandable. Here is what one MSP told me before they learned how we approach the KMS need:

“You said the magic words of MSP and Low cost, consumption based! We’ve struggled to find a KMS solution we can properly price and sell to our customers to do VM encryption. Solutions like XXXXXX are prohibitively expensive. Your low cost per encrypted VM per month is very reasonable. I’m glad those MSP’s helped you understand our market and that you were able to see the opportunity. You NEED to be marketing this. You’re solving a problem that MSP’s a) don’t think they can afford to fix, and b) are just ignoring the compliance of because it’s “too hard and too expensive.” I highly encourage you to get the word out through marketing to MSP’s. Thank you, Patrick. You made my day.”

Sound familiar?

In the next blog I will describe how we are solving the KMS headache for MSPs. Not only can we make life easier, encryption can be a profit center for you without tipping over your business or putting you at a competitive disadvantage.

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption Key Management for VMware Cloud Providers

Topics: VMware, MSP

What Has VMware Done to Help with Encryption Security? [Part 2 of 8]

Posted by Patrick Townsend on Oct 21, 2020 12:15:00 PM

VMware has been very sensitive to the security needs of its Enterprise customers. They know that VMware infrastructure and applications are critical to an organization’s overall security. Network segmentation, access controls, monitoring and many other VMware applications help the MSP protect their customer’s applications and data. When it comes to encryption of sensitive data, VMware has your back, too!

VMware Cloud Providers & MSPs - Win New BusinessEncryption of VMs was introduced with vSphere 6.5. With this version you could easily select VMs that you want to be encrypted, and quickly and easily start encryption. The MSP VMware administrator can easily see which VMs are encrypted and which were not. Of course, the architecture fit right into the normal VMware architecture. vCenter, vSphere, ESXi all come into play during the implementation and maintenance of the encrypted state of the VMs. A real bonus is that the performance of encrypted VMs is stellar. MSPs rarely need to add additional resources to implement encryption of VMs.

Encryption of vSAN was introduced in vSAN 6.6. The implementation of encryption support is quite different than encryption of VMs, but the encryption key management interface is exactly the same (more on that below). vSAN encryption has been a boon to MSPs. Typically the MSP has relied on storage hardware encryption which often is less expensive, but harder to manage. And encryption key management is generally weak in hardware solutions. Using vSAN lets the MSP integrate the rich set of VMware applications and security. With vSAN encryption you get a flexible place to store commercial and open source databases, big data repositories, and much more. All encrypted efficiently by VMware.

Some MSP customers want to implement TPM to protect their application OS images. Hardware based TPM has many disadvantages in a VMware environment. However, VMware now supports virtual TPM (vTPM) which is much more flexible and resilient in VMware infrastructure. And the good news is that vTPM handles key management in the same was as vSphere encryption of VMs and vSAN encryption of directories. A big plus!

With all of this great support for encryption, how do we properly manage encryption keys? This is a core requirement of compliance regulations and security best practices. VMware handles this well. The key management configuration is provided by the vSphere KMS Cluster configuration. With KMS Cluster configuration you can configure your key management interfaces one time and all of the VMware encryption applications use this definition. And more good news – the interface to key management systems is based on the open OASIS Key Management Interoperability Protocol (KMIP). This means that you have a lot of flexibility and choice in your acquisition and deployment of a KMS for your encryption deployment. (We will talk more about our Alliance Key Manager solution in a following blog).

Key management systems are inherently complex, and the KMIP protocol is also complex. As an MSP you don’t have to deal with this complexity, VMware handles all of the technical implementation. To help VMware customers and partners understand which KMS systems work well with VMware, they make available a certification program for KMS vendors. A KMS vendor who implements the KMIP standard (we are one) can certify their solution for use with VMware. This really sets VMware apart from many infrastructure platform providers. They have made the certification process easy for KMS vendors and publish the results. This means the MSP has an easy way to determine if a key management system is compatible and reliable.

All VMware releases that support encryption also support encryption key management in the same way. This consistency from one release to the next means no disruption to the MSP operating environment after an upgrade, and assurance of the MSP investment in internal training and KMS investments.

Version 7 of VMware now supports a new encryption security interface called Trusted Authority, or vTA. The previous encryption interfaces are still fully supported, but now you have a new option for encryption and key management. vTA offers slightly different architecture and a higher level of security that some organizations need.

All of these features that VMware has implemented make it easy for the MSP to provide encryption support to end customers. In the next blog we will talk about the challenges MSPs face and how to overcome them.

 

[For More Reading]

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption Key Management for VMware Cloud Providers

Topics: VMware, MSP

Why Do MSP Customers Want Encryption of Their VMs and vSAN? [Part 1 of 8]

Posted by Patrick Townsend on Oct 19, 2020 1:15:00 PM

This is the first in a series of blogs on the topic of Managed Service Providers (MSPs) and VMware encryption. They are meant to be read in order as each blog topic builds on the previous topics, and leads to the next. 

Encryption & Key Management for VMware Cloud ProvidersAs an MSP, I hope you will take this journey with me about VMware encryption, the technical and business challenges you are facing, how Townsend Security solves these challenges, and the surprising business benefit waiting for you when you offer your customers encryption under your MSP service umbrella. 

Here is the complete topic list:

  1. Why do MSP customers want encryption of their VMs and vSAN (this blog)
  2. What has VMware done to help with encryption security?
  3. What are the biggest obstacles to offering VMware encryption to customers?
  4. How does Townsend Security help an MSP overcome the KMS challenge?
  5. KMS for multiple vCenter clusters and nodes
  6. As an MSP how do I ensure high availability for encrypted VMs?
  7. How can an MSP use encryption security to improve revenues and profitability?
  8. Some common questions and how to get started with the Townsend Security MSP partner program

Customers of MSPs read almost daily about data breaches and ransomware attacks, and are rightly concerned about the security of their data under the control of the MSP. MSPs are usually the lead security provider for these customers and bring a great deal of expertise to the deployment of security solutions. Let’s explore the some of the concerns and motivations of the MSP end customer:

Regulations, regulations, and more regulations:

In addition to the fear of a data breach, customers are also concerned about regulations like the California Consumer Privacy Act (CCPA), the New York SHIELD Law, HIPAA, PCI-DSS, GDPR, and many others. No one wants to be subject to compliance actions and litigation due to a data breach. It is natural for a business or organization to turn to their MSP for assurance that their sensitive information is safe and security meets compliance regulations.

Business secrets and intellectual property:

In addition to the regulatory concerns, many small businesses and organizations are concerned about the compromise of business secrets and intellectual property. We now know that a number of state actors are aggressively attempting to steal this type of information. While business secrets and IP are a different category of sensitive information, the loss of this information can be devastating to a business or organization. It can take years to develop new ideas and move through the IP protection process. The compromise of this information can destroy the value of a company, and years of work by its employees and investors.

Reputational risk:

Lastly, the loss of any sensitive information can harm the reputation of an organization. If your value to an end customer involves managing aspects of their sensitive information, losing that information can cause irreparable damage to customer trust. We can all think of retailers, credit reporting agencies, government agencies, and many others who have had large data breaches. It affects consumer behavior and can exact a financial penalty for many years. No one wants to suffer reputational damage from a preventable data breach.

A data breach can be an existential event. According to Cybercrime Magazine about 60% of small companies close within 6 months of a data breach. This is an astoundingly high number. If you think about it, the surviving 40% of companies probably experienced a lot of distress recovering from the data breach. How much lost opportunity was there? 

For MSPs, the takeaway is that your customers are concerned about encryption to protect their sensitive data, business secrets, and look to you to provide solutions. How can MSPs turn that into actions that are based on security standards and which provide a justifiable business opportunity?

Stay tuned.

 


 

More Reading

Part 1: Why Do MSP Customers Want Encryption of Their VMs and vSAN?

Part 2: What Has VMware Done to Help with Encryption Security

Part 3: What are the Biggest Obstacles to Offering VMware Encryption to Customers

Part 4: How Does Townsend Security Help and MSP Overcome the KMS Challenge?

Part 5: KMS for Multiple vCenter Clusters and Nodes

Part 6: As an MSP, How Do I Ensure High Availability (HA) for Encrypted VMs?

Part 7: How Can an MSP Use Encryption Security to Improve Revenues and Profitability?

Part 8: Some Common Questions and How to Get Started with the Townsend Security MSP Partner Program

 

Encryption & Key Management for VMware Cloud Providers

Topics: VMware, MSP

Press Release: Townsend Security Announces True Usage-Based  Licensing for VMware Cloud Providers & MSPs

Posted by Luke Probasco on Jun 17, 2020 10:00:00 AM

With simplified usage-based licensing with no upfront fees, no annual minimums, and built-in support, VMware Cloud Providers and MSPs can offer customers better security with encryption and key management at a lower cost.

Press Release

Townsend Security today announced new flexible licensing of Alliance Key Manager, their FIPS 140-2 compliant encryption key management server (KMS) to VMware Cloud Providers and MSPs. The new program allows these businesses to offer better security with encryption and VMware-certified key management at a lower cost, while maintaining their current pay-per-use and pay-as-you-go business model.

VMware Cloud Providers and MSPs need to help their customers achieve encryption of VMs and vSAN storage to meet compliance requirements and new regulations like GDPR and CCPA. However, typical commercial KMS solutions are expensive, hard to maintain, and have complex licensing requirements. Legacy KMS systems create a business problem for VMware partners who are trying to grow their business, compete with large Cloud Service Providers (CSPs), and don’t match the VMware partner’s business model. Townsend Security has addressed all of these obstacles with their new program for VMware Cloud Providers and MSPs.

The new program offered by Townsend Security allows VMware Cloud Providers and MSPs the ability to encrypt VMs and vSAN with FIPS 140-2 and KMIP compliant Alliance Key Manager. The solution is easy to install, configure, and deploy. Once deployed it requires no routine maintenance and partners have total flexibility in how and where they deploy the KMS system to help their customers. Crucially, the  new Townsend Security program will match the VMware Cloud Provider’s business model eliminating KMS licensing headaches, unmanageable reporting requirements, and unreliable KMS high availability implementations.

“Many VMware Cloud Providers and MSPs provide usage-based deployments for their end customers. Alliance Key Manager fits seamlessly into their business strategy to match the way they do business,” said Patrick Townsend, Founder & CEO of Townsend Security. “With Alliance Key Manager, you will never have up-front fees, annual minimums, complex software maintenance contracts, or restrictions on how you do business. Our partners are empowered to grow their business without concerns about how to allocate KMS costs. Predictable SaaS usage-based pricing makes it easy to sell, implement, and support end customers and their security needs - and an additional benefit is the incremental revenue and positive impact on margins.”

Once enrolled in Townsend Security’s new VMware Cloud Provider and MSP program, the company will assign training and support resources to help partners get started. There is no charge for training and Townsend Security’s technical support team is available for 24/7 business interruption support. 

Visit www.townsendsecurity.com/msp to learn more about Townsend Security’s new VMware Cloud Provider and MSP partner program.

Encryption Key Management for VMware Cloud Providers

Topics: VMware, Press Release

Encryption and Key Management for VMware Hosting Providers and MSPs

Posted by Luke Probasco on Jun 12, 2020 9:40:30 AM

VMware has become the most trusted name in on-premise computing infrastructure. Because of its ease of use and administration, reliability and security, VMware is able to provide exceptional services to small and large organizations alike. As these organizations move to the cloud, VMware hosting partners and managed service providers (MSPs) are able to service this market by providing off-premise deployments of VMware and an extensive array of VMware management and administrative services. For more information on how VMware hosting providers can better secure customer data, check out our "Definitive Guide - Encryption Key Management for VMware Cloud Providers" page.

Delivering Secure VMware Hosting with Encryption & Key ManagementI recently sat down with Patrick Townsend, Founder and CEO of Townsend Security, to talk about how Townsend Security is helping VMware hosting providers meet the challenge of encryption and encryption key management, while supporting the usage-based business model core to many of these hosting providers.  Additionally, Patrick discussed VMware architecture, VMware security, delivering compelling hosting & services, and compliance, standards, and encryption.

Hi Patrick. In recent years VMware has embraced the movement to the cloud with key partnerships with leading cloud service providers. What is less well known is that VMware has spawned and supports a broad set of hosting providers that serve local and regional markets. These VMware hosting providers also provide the expertise and managed services that many large cloud providers do not.

There are a fair number of VMware hosting providers and MSPs now with their own hosted, or cloud, platforms who are running VMware full stack implementations for their customers. Customers now have many options for managing their VMware infrastructure on premise or at a VMware hosting provider data center.  Many of these customers maintain both on-premise and hosted environments to meet their customers’ business needs. The VMware ecosystem is growing and resilient, and an important part of the IT services landscape.

Security has got to be essential for these hosting providers and MSPs. What do you think they are doing well and where could they use a little help?

Well, security is a core focus of VMware applications, and the security features have had a lot of time to mature. For example, VMware now offers encryption in several of their products. However, the deployment of proper encryption relies on support from third party KMS vendors. Realizing the importance of key management, VMware adopted the Key Management Interoperability Protocol (KMIP) standard, which allows vendors like Townsend Security to provide key management solutions that allow businesses to store and manage their encryption keys through their entire lifecycle.

Townsend Security is proud to help VMware hosting providers and MSPs implement encryption and do it the right way that matches their business model.

So, let’s spend a minute and discuss delivering compelling hosting and services.

VMware hosting providers and MSPs are rapidly changing the way that VMware customers are managing their IT infrastructure. These VMware partners are filling a services and support gap left by typical, large cloud service providers. Hosted VMware infrastructure, Disaster Recovery as a Service (DRaaS), automated backup and recovery, and expertise on demand provide compelling value to VMware end customers. Amazingly, many of these VMware hosting partners are providing a far more affordable solution than large Cloud Service Providers. Townsend Security’s Alliance Key Manager is filling the KMS gap for VMware hosting providers and MSPs by providing an Enterprise KMS system that matches the way they do business. Gone are the complexities of sourcing, deploying, licensing and administering a KMS for the VMware environment. Townsend Security empowers the VMware hosting provider with on-premise and customer premise solutions for every VMware KMS need.

There are a few strategies that these hosting providers and MSPs can use to secure customer data in VMware environments.  For example, data can still reside on-premises or in the cloud and be encrypted in VMs or in vSAN, or even through Virtual Trusted Platform Module (vTPM).  First, let’s cover On-Prem and the Cloud. 

Sure. Many VMware hosting providers and MSPs often are the experts who manage a customer’s on-premise VMware infrastructure. If you don’t have in-house expertise these partners can step up to help you. This means that the same security tools that are used at the hosting site need to be available at the customer site. This is a core part of the value that a VMware hosting provider and MSP provides to their customers - run VMware on-premise, on their cloud, or combine the two. Some VMware MSPs provide expertise and services to help their customers move to one of the larger cloud platforms. 

If you are a VMware hosting provider and you provide this type of service to help customers move to Microsoft Azure VMware Solution, Google VMware Cloud Engine, or IBM Cloud for VMware, or other full-stack VMware cloud service, we can help you with your KMS needs in the same way. 

Let’s circle back to how data is being encrypted in VMware

As a VMware hosting provider or MSP, you are able to quickly and easily deploy encryption of VMs for your customers with vSphere encryption. It is important to not forget about also deploying a KMS. The second most popular encryption option in a VMware environment is the encryption of vSAN virtual directories. The VMware architecture for key management for vSAN is the same vSphere KMS cluster configuration used for encrypting VMs. Encryption of vSAN storage is one of the great ways to protect databases in the VMware infrastructure. It can be expensive to upgrade Oracle, SQL Server or MongoDB to get encryption support, but you can easily provide encryption at rest by deploying these databases on encrypted vSAN storage at a fraction of the cost of an upgrade. And you can do encryption at rest for open source databases that do not directly implement encryption or proper key management. This includes MariaDB, PostgreSQL, SQLite and others.

Another option is to use OS encryption through the virtual trusted platform module (vTPM), right?

The Trusted Platform Module (TPM) chip is implemented on many Intel architecture servers and provides an additional level of encryption key protection in traditional server environments. Unfortunately, the TPM architecture works poorly in a VMware environment where workloads can move and migrate between servers. Thankfully, VMware came to the rescue with Virtual TPM (vTPM)!  By installing the appropriate vTPM drivers from VMware you can achieve TPM security that works natively with your VMware platform. vTPM also leverages the same vSphere KMS interface, so encryption and proper key management are easy to deploy.

How is Townsend Security helping VMware hosting providers and MSPs with encryption and key management? 

Townsend Security has been a VMware partner for many years.  Our KMS, Alliance Key Manager, is certified by VMware on all releases of vSphere and vSAN that support encryption. At Townsend Security we have worked hard to create a hosting provider/MSP program that takes the pain out of a KMS partnership. Most notably, if you provide VMware hosting services on a usage-based model, we will help you deliver a KMS for encrypted VMs and vSAN with the same model. For example, if you are charging your customers per virtual machine or per main memory, depending on how much you use, we will snap right in to your environment and help you deliver encryption of VMs and vSAN in the same way.We do this with no upfront fees, no annual license charges or separate maintenance fees, we just make it really simple to deploy and use for the VMware hosting provider.

Is there anything else that you would like to share about your partner program?

First, it is very easy and simple to get started with our partner program.  Just visit www.townsendsecurity.com/msp. If you are interested in more information, there is a short form to fill out. We make it extremely cost effective for hosting providers to deploy encryption and key management for their customers.  I’d also like to mention that our KMS is certified for every version of vSphere and vSAN that support encryption, is validated for PCI-DSS compliance, and has been through a FIPS 140-2 validation.

You can actually download Alliance Key Manager for VMware directly from our website and immediately load it into VMware.  We also have our support team ready to help you get deployed - without a charge. It just takes minutes. We are proud to have lowered the barrier to entry and administrative overhead typically associated with encryption key management - which makes it easier than ever for VMware hosting providers and MSPs to offer better security to their customers.

To hear this conversation in its entirety, download the podcast “Delivering Secure VMware Hosting with Encryption & Key Management” to hear Patrick Townsend, Founder and CEO, further discuss VMware architecture, VMware security, delivering compelling hosting & services, and compliance, standards, and encryption.

Delivering Secure VMware Hosting with Encryption & Key Management

Topics: Encryption Key Management, VMware, Hosting Providers

Blog-CTA-VMware-CSP
 
The Definitive Guide to AWS Encryption Key Management
 
Definitive Guide to VMware Encryption & Key Management
 

 
 

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all