Contact Us

Amazon Web Services (AWS) with SafeNet Data Protection

About Amazon Web Services (AWS)

In 2006, Amazon Web Services (AWS) began offering IT infrastructure services to businesses in the form of web services -- now commonly known as cloud computing. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business. 

With the Cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster.

Today, Amazon Web Services provides a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world.

Gemalto is excited to be an APN Advanced Technology partner that collaborates to remove companies’ cloud adoption barriers. AWS has several resources discussing how the best encryption and key management solutions available – including our own – have been incorporated into AWS:

Overview

Amazon Web Services (AWS) offers applications that integrate with SafeNet solutions to provide users with powerful data protection solutions.

Amazon Web Services (AWS) with SafeNet Data Protection

P.O. Box 81226
Seattle, WA 98108-1226
United States
North America
shaander@amazon.com

Integrated Application(s):

    NetApp Cloud ONTAP: Key Management and SafeNet Virtual KeySecureVerified Partner Logo

    Gemalto's SafeNet Virtual KeySecure for NetApp Cloud ONTAP is a hardened, 64-bit, virtual security appliance that provides centralized key management and data access policies for NetApp Cloud ONTAP. 

    SafeNet key management simplifies the operational challenges of managing encryption keys, making sure keys are secure and information is always available to authorized users across your NetApp Cloud ONTAP environment. Virtual KeySecure maintains data confidentiality on NetApp Cloud ONTAP through efficient centralized key management and by enforcing customized security policies surrounding data access. 

    This combination of a modern storage infrastructure and SafeNet key management delivers the peace of mind that your data and its encryption keys are protected against unauthorized access, while simultaneously making the most efficient use of your storage investments. 

    Virtual KeySecure centralizes all key management activities, including key signing, role-based administration, quorum control, backup and distribution of encryption keys, and an optional hardware root of trust using SafeNet Hardware Security Modules or Amazon CloudHSM service. 

    Meeting compliance mandates in the cloud is greatly simplified through verifiable and auditable enterprise key management all keys, certificates, and passwords are securely managed; key ownership is clearly defined; and key lifecycle management is logged to provide a non-repudiative audit trail.

    Resources & Additional Information

    AWS Cloud HSM: Key Management and SafeNet Crypto Command CenterVerified Partner Logo

    SafeNet Crypto Command Center remotely administers AWS CloudHSMs hosted on AWS, enabling enterprise and service providers to take full advantage of the benefits of virtualization including easy access and reduced total cost of ownership, without compromising security or compliance. 

    With the market's first true crypto hypervisor, organizations can manage one to thousands of CloudHSMs from one central location. Easily provision crypto services by partitioning CloudHSMs in a manner that makes a single appliance behave as if it is many appliances with cryptographic keys kept secure from the other partitions. 

    The result is a single appliance, or a device pool of appliances, that can serve many lines of business and applications at once. Additionally, the rightful key owner retains control of the keys—even in multi-tenant environments—through role separation and crypto isolation for administrators and owners.

    Resources & Additional Information

    Amazon EC2: File and Disk Encryption and SafeNet TokenizationVerified Partner Logo

    SafeNet Tokenization protects sensitive data (primary account numbers, social security numbers, phone numbers, passwords, email addresses, etc.) stored on Amazon EC2 by replacing it with a unique token that is stored, processed or transmitted in place of the clear data. 

    Using Format Preserving Tokenization (FPT), SafeNet Tokenization preserves the length and format of the sensitive data. SafeNet Tokenization is also flexible in its ability to support a variety of token formats, such as last four, first six, custom formats, and regular expression. The solution utilizes Web APIs for easy deployment, requires no changes to existing databases and applications, and is extremely scalable across multiple data centers in the distributed enterprise.

    Deployed with SafeNet KeySecure hardware or virtual appliance for centralized key and policy management, SafeNet Tokenization provides a single, centralized interface for logging, auditing, and reporting access to protected data, keys, and tokens. 

    Tokenization also features built-in, automated key rotation and data re-keying, a critical feature for compliance and data protection. Compliant with PCI Tokenization Guidelines and VISA Tokenization Best Practices, Tokenization is an ideal solution for organizations with high compliance costs as it significantly reduces regulatory scope, facilitates the annual audit process, and results in reduced total cost of ownership.

    Resources & Additional Information

    AWS WorkSpaces: Virtual Desktop Infrastructure and SafeNet Authentication ServiceVerified Partner Logo

    Amazon WorkSpaces is a managed desktop computing service in the cloud. It allows customers to access and easily provision cloud-based desktops with the device of their choice.

    SafeNet Authentication Service is a cloud-based authentication service that offers multi-factor authentication solutions that protect identities and ensure that individuals accessing Amazon WorkSpaces are who they claim to be. SafeNet Authentication Service, combined with Amazon WorkSpaces, offers enterprises a best-in-class virtual desktop system with strong authentication.

    Resources & Additional Information

    AWS Admin Console: SaaS and Web Apps and SafeNet IDProveVerified Partner Logo

    Your AWS Management Console is a powerful tool that can control many facets of your AWS infrastructure. Logging into the service with just a username and password doesn’t provide organizations with the confidence that users are who they say they are, and, for many companies, their AWS infrastructure is too valuable not to provide an additional layer of identity validation. SafeNet IDProve products generate passcodes for secure remote access with strong authentication for increased protection when signing onto your AWS Management Console or accessing AWS Service APIs.

    SafeNet IDProve 100 (OTP Token)

    The IDProve 100 is a secure and convenient OTP password token that offers strong protection for your network using two-factor authentication. With the touch of a button, this unconnected device generates a one-time password (OTP). When used in combination with a valid username, the authentication server validates the code and access is granted to the appropriate network resources.

    Learn More

    Amazon S3: File Encryption with SafeNet ProtectFileVerified Partner Logo

    SafeNet ProtectFile provides data security with automated file encryption of unstructured data contained in S3 servers. SafeNet ProtectFile deploys in tandem with SafeNet KeySecure, and encrypts flat files that contain sensitive data, such as text documents, spreadsheets, bitmap images, and vector drawings. 

    Encryption keys and policies are managed on the SafeNet KeySecure appliance, improving security and reducing operational overhead. SafeNet ProtectFile enables data-centric security by rendering files containing sensitive data useless to attackers. 

    As opposed to systems that secure a perimeter or device, SafeNet ProtectFile secures the data itself, ensuring that files are protected regardless of whether the file resides in S3 or on your desktop. For customers that need to demonstrate that they maintain control of their data even as it resides in the cloud, SafeNet ProtectFile is the perfect solution.

    Resources & Additional Information

    Amazon EC2: File and Disk Encryption with SafeNet ProtectFileVerified Partner Logo

    SafeNet ProtectFile provides data security with automated file encryption of unstructured data contained in network drives and file servers. 

    SafeNet ProtectFile is deployed in tandem with SafeNet KeySecure, and encrypts flat files that contain sensitive data, such as text documents, spreadsheets, bitmap images, and vector drawings. Encryption keys and policies are managed on the SafeNet KeySecure appliance, improving security and reducing operational overhead.

    The solution combines encryption and access control policies to protect designated folders and files residing on file shares and network drives. SafeNet ProtectFile enables data-centric security by rendering files containing sensitive data useless to attackers. As opposed to systems that secure a perimeter or device, ProtectFile secures the data itself, ensuring that files are protected regardless of where files reside or where they are sent.

    Administrators can set policies to encrypt particular folders and files, granting access only to authorized individuals or groups. When a folder is selected for protection, any file that is deposited in the folder is automatically encrypted.

     

    Resources & Additional Information

    Amazon S3: Client-Side Object Encryption with SafeNet ProtectAppVerified Partner Logo

    SafeNet ProtectApp, when integrated with AWS SDKs, provides customer controlled client-side object encryption for storage in Amazon’s Simple Storage Service (S3). ProtectApp’s Java API and AWS SDK for Java interoperate to form an encryption client that provides keys as input to applications in order to encrypt an object before loading it to storage.

    SafeNet KeySecure—either on-premises or as a hardened virtual appliance run in an AWS EC2 environment—work with the SafeNet/AWS encryption client to store the cryptographic keys and offload cryptographic functions in order to encrypt data prior to archiving in S3 without impacting performance.

    The SafeNet/AWS encryption client gives customers control of their data by encrypting it within the application before it is uploaded to S3. AWS customers can ensure their data will be unreadable by unauthorized users since encryption occurs in the customer’s control before AWS storage receives the data and the KeySecure appliance protects the corresponding encryption keys.

    In this setup, AWS  administrators can manage the storage environment but never have access to cleartext data nor the keys to render the data as cleartext.

    Resources and Additional Information:

    Amazon EC2: Virtual Disk Encryption and SafeNet ProtectVVerified Partner Logo

    SafeNet ProtectV encrypts entire virtual machine instances and attached storage volumes while ensuring complete isolation of data and separation of duties. SafeNet ProtectV StartGuard pre-boot authentication ensures that no virtual machine instance can be launched without proper authorization. The copies and snapshots of virtual machine instances are tracked and are impossible to instantiate without authorized access.

    SafeNet ProtectV, available on AWS Marketplace, enables organizations to unify encryption and control across virtualized and cloud environments, improving business agility and lowering costs by securely migrating even the most sensitive, highly regulated data to the cloud. 

    Organizations choose between several levels of assurance and deployment modes for centralized key management and retain access to and control of encryption keys at all times. 

    Resources and Additional Information:

    AWS CloudHSM: Cloud Services with SafeNet Network HSMVerified Partner Logo

    AWS CloudHSM uses SafeNet Network HSM to provide a “rentable” hardware security module (HSM) service that dedicates a single-tenant appliance located in the AWS cloud for a customer’s cryptographic storage needs. 

    CloudHSM allows customers to generate, store and manage the keys to their encryption deployment using a FIPS 140-2 validated hardware security module located in the same center as their data. 

    With a HSM, only authorized users can access stored encryption keys making it an essential tool for demonstrating data control for security audits and regulators. Additionally, CloudHSM, can be used as a root of trust for SafeNet Virtual KeySecure.

    Resources & Additional Information

Back to Partner Search
Back to Top

Contact Us

Thank you for your interest in our products. Please fill out and submit the form to receive more information about Gemalto or to be contacted by a Gemalto specialist.

Your Information

* Email Address:  
* First Name:  
* Last Name:  
* Company Name:  
* Phone:  
* Country:  
* State (US Only):  
* Province (Canada/Australia Only):  
Comments:  
 


By submitting this form I agree to receive information from Gemalto and its affiliates as described in our Privacy statement.