Backup Collaboration Mobile Security Storage Strategy Virtualisation

Gemalto SafeNet ProtectV 2.0

Article Type: Review          Published: 05-2015         Views: 7622      



The cost benefits alone make moving virtualised data centres into the cloud a no-brainer, but concerns about security are still a major stumbling block.

SafeNet ProtectV by Gemalto is an elegant solution to these issues, as it applies complete end-to-end encryption to physical, virtual and cloud environments.

Nothing is left to chance, as SafeNet ProtectV can encrypt entire VMs and their associated storage volumes. All VM instances, including snapshots and backups, are also encrypted and it even protects the OS partition.

Cloud provider support is extensive, as SafeNet ProtectV works with Amazon Web Services Marketplace, EC2 and VPC, VMware vSphere, Microsoft Azure and bare-metal IBM SoftLayer deployments. Client platform support extends to Microsoft Windows Server 2008 upwards, along with all current CentOS, Red Hat, Ubuntu and SUSE Linux distributions.

SafeNet ProtectV comprises three components, with the Manager providing a central console for viewing VMs and their encryption/decryption status, managing access and deploying security policies. The ProtectV Client is installed on each VM, and uses security policies to apply data encryption and the StartGuard pre-boot authentication.

Last up is Gemalto's SafeNet KeySecure, which is deployed as a physical or virtual FIPS-validated, high availability appliance. It provides an on-premises or cloud key storage repository, centralised management for multiple key types, plus full auditing and logging.

We looked at SafeNet ProtectV for AWS and found installation swift, as the Manager and KeySecure virtual appliances are deployed directly from the MarketPlace. ProtectV v2.0 moves to a 64-bit architecture, and the newly designed and intuitive Manager web console provides a direct link to the AWS account.

SafeNet KeySecure works seamlessly with Manager where all key generation and delivery is fully automated. By default, keys are created using AES-256, but you can create your own and KeyManager can also act as a local CA.

Each VM requires the SafeNet ProtectV client installed and the relevant executable can be downloaded directly from the Manager console. Commendably, VM protection is a one-click process.

After creating new AWS VMs and adding them to a security group, we selected their partitions from the Manager console and simply clicked on the Encryption button. Each partition receives a unique key and the process is transparent, as the VM is fully accessible during this phase.

We could view managed VMs or all of them and only authorised users are allowed to launch them. Access controls are excellent, as users and groups can be assigned a wide variety of roles and the next version for Microsoft Azure will integrate with Active Directory.

You can't circumvent SafeNet ProtectV by simply moving a partition or snapshot to another VM - we tried this with a Windows Server VM and were denied access to it. Authorised users must reassign partitions and snapshots from the Manager console where it releases the keys to the new VM.

Cloned VMs are displayed in the Manager console, along with the name of the parent VM. If you clone a VM that is already encrypted, there's no need to load the client on it and its partitions can be re-encrypted with a new key, if you wish.

When a VM is no longer required, simply deleting its encryption keys will cause SafeNet ProtectV to digitally shred all VMs, their associated volumes and snapshots.

Its combination of system-wide encryption, strong key management and strict user authentication makes SafeNet ProtectV an ideal candidate for securing virtualised data centres. We found it works seamlessly with Amazon Web Services, allowing organisations to easily migrate sensitive data to the cloud, safe in the knowledge that it's fully protected. CS

Product: SafeNet ProtectV 2.0
Supplier: Gemalto
Web site:
Telephone: 01276 608 000

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top

PREVIOUS ARTICLE