Posts Tagged 'Encryption'

May 27, 2016

Data Security and Encryption in the Cloud

In Wikipedia’s words, encryption is the process of encoding messages or information in such a way that only authorized parties can read it. On a daily basis, I meet customers from various verticals. Whether it is health care, finance, government, technology, or any other public or privately held entity, they all have specific data security requirements. More importantly, the thought of moving to a public cloud brings its own set of challenges around data security. In fact, data security is the biggest hurdle when making the move from a traditional on-premises data center to a public cloud.

One of the ways to protect your data is by encryption. There are a few ways to encrypt data, and they all have their pros and cons. By the end of this post, you will hopefully have a better understanding of the options available to you and how to choose one that meets your data security requirements.

Data “At Rest” Encryption

At rest encryption refers to the encryption of data that is not moving. This data is usually stored on hardware such as local disk, SAN, NAS, or other portable storage devices. Regardless of how the data gets there, as long as it remains on that device and is not transferred or transmitted over a network, it is considered at rest data.

There are different methodologies to encrypt at rest data. Let’s look at the few most common ones:

Disk Encryption: This is a method where all data on a particular physical disk is encrypted. This can be done by using SED (self-encrypting disk) or using a third party solutions from vendors like Vormetric, SafeNet, PrimeFactors, and more. In a public cloud environment, your data will most likely be hosted on a multitenant SAN infrastructure, so key management and the public cloud vendor’s ability to offer dedicated, local, or SAN spindles becomes critical. Moreover, keep in mind that using this encryption methodology does not protect data when it leaves the disk. This method may also be more expensive and may add management overhead. On the other hand, disk encryption solutions are mostly operating system agnostic, allowing for more flexibility.

File Level Encryption: File level encryption is usually implemented by running a third-party application within the operating system to encrypt files and folders. In many cases, these solutions create a virtual or a logical disk where all files and folders residing in it are encrypted. Tools like VeraCrypt (TrueCrypt’s successor), BitLocker, and 7-Zip are a few examples of file encryption software. These are very easy to implement and support all major operating systems.  

Data “In Flight” Encryption

Encrypting data in flight involves encrypting the data stream at one point and decrypting it at another point. For example, if you replicate data across two data centers and want to ensure confidentiality of this exchange, you would use data in flight encryption to encrypt the data stream as it leaves the primary data center, then decrypt it at the other end of the cable at the secondary data center. Since the data exchange is very brief, the keys used to encrypt the frames or packets are no longer needed after the data is decrypted at the other end so they are discarded—no need to manage these keys. Most common protocols used for in flight data encryption are IPsec VPN and TLS/SSL.

And there you have it. Hopefully by now you have a good understanding of the most commonly encryption options available to you. Just keep in mind that more often than not, at rest and in flight encryption are implemented in conjunction and complement each other. When choosing the right methodology, it is critical to understand the use case, application, and compliance requirements. You would also want to make sure that the software or the technology you chose adheres to the highest level of encryption standards, such as 3DES, RSA, AES, Blowfish, etc.

-Zeb Ahmed

April 4, 2012

Sharing a Heavy Load - New Load Balancer Options

I always think of Ford, Chevy and Toyota pick-up truck commercials when I think of load balancers. The selling points for trucks invariably boil down to performance, towing capacity and torque, and I've noticed that users evaluating IT network load balancers have a similar simplified focus.

The focus is always about high performance, scalability, failover protection and network optimization. When it comes to "performance," users are looking for reliable load balancing techniques — whether it be round robin, least connections, shortest response or persistent IP. Take one of the truck commericals and replace "towing capacity" with "connections per second" and "torque" with "application acceleration" or "SSL offloading," and you've got yourself one heck of a load balancer sales pitch.

SoftLayer's goal has always been to offer a variety of local and global load balancing options, and today, I get to announce that we're broadening that portfolio.

So what's new?

We've added the capability of SSL offloading to our shared load balancers and launched a dedicated load balancer option as well. These new additions to the product portfolio continue our efforts to make life easier on our customers as they build their own fully operational virtual data center.

What's so great about SSL offloading? It accelerates the processing of SSL encrypted websites and makes it easier to manage SSL certificates. Think of this as adding more torque to your environment, speeding up how quickly certs can be decrypted (coming in) and encrypted (heading out).

Up until now, SoftLayer has offered SSL at the server level. This requires multiple SSL certifications for each server or special certs that can be used on multiple servers. With SSL offloading, incoming traffic is decrypted at the load balancer, rather than at the server level, and the load balancer also encrypts outbound traffic. This means traffic is processed in one place — at the load balancer — rather than at multiple server locations sitting behind the load balancer.

With SoftLayer SSL offloading on shared load balancers, customers can start small with few connections and grow on the fly by adding more connections or moving to a dedicated load balancer. This makes it a breeze to deploy, manage, upgrade and scale.

What do the new load balance offerings look like in the product catalog? Here's a breakdown:

Shared Load Balancing
250 Connections with SSL $99.99
500 Connections with SSL $199.99
1000 Connections with SSL $399.99
Dedicated Load Balancer
Standard with SSL $999.00

I'm not sure if load balancing conjures up the same images for you of hauling freight or working on a construction site, but however you think about them, load balancers play an integral part in optimizing IT workloads and network performance ... They're doing the heavy lifting to help get the job done. If you're looking for a dedicated or shared load balancer solution, you know who to call.


Subscribe to encryption