In April 2015 I wrote about “Intelligent Key Management for the Cloud”. In that blog I described the various models for encryption and key management for virtual workloads running in IaaS including:
In the past I have tried to make the case for encrypting physical servers on premise. The argument for not needing to encrypt them is usually that these servers run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center. The protection that FDE (Full Drive Encryption) brings only really applies to data at rest and it seldom is at rest on these servers. I would counter that all drives eventually leave the data center for repair or disposal and having them encrypted protects you from having your old drives with your customer data on them show up on eBay. An encrypted drive can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key.
Today with virtualization and especially with hyperconvergence infrastructure (HCI) the attack surface has greatly expanded and therefore the need for FDE has greatly increased. But before I make my case, here is some background on HCI:
A hyper-converged system is a pre-configured virtualized server platform that combines compute, storage, networking, and management software in a single appliance. Hyper-convergence enables customers to simply and rapidly deploy mixed-workload and virtual desktop integrated infrastructure solutions across local or remote locations. i.e. it is a mini Cloud in a box that can be connected to other HCI boxes.
HCI boxes are still physical things kept on premise, and the argument above for protecting them with FDE still applies. However, the argument for not encrypting them doesn’t. HCI workloads run in Virtual Machines (VM) on top of the hypervisor, not directly on the physical hardware. It is the VM and its data that needs protecting. In today’s fast moving environment the VMs come up and go down much more often than physical machines. In some cases VMs come and go several times a day. When an admin takes a snapshot of running machine or turns it off, the VM is at rest and a VM at rest is just a big file. It can be copied onto a USB memory stick or over the network. In fact one of the advantages of HCI is that workloads (or VMs) can be moved around easily from HCI node (box) to HCI node. Looking forward, HCI vendors are working with the public cloud providers, such as Google, to move workloads seamlessly back and forth between on premise and the public cloud. So unlike physical servers VMs can move around a lot and often are in a data at rest state. This is the perfect application of FDE, but not at the physical (hardware) level. If we encrypt only at the physical level, the only protection we get is for the disposal or loss of the physical drive. However, the VM, is easy to move around, and is still in plain text if copied even when using physical level FDE. The answer then is to encrypt the VM itself, preferably with in-guest encryption that is independent of the hypervisor with the key under the control of the enterprise. This way even if the VM is moved to another HCI box – perhaps in another country or even into a public cloud – the customer keeps control of the data, because it can decide to provide the key or not to decrypt and unlock the VM.
Advantages of VM encryption for HCI include:
- Scalability: VM-level Encryption is highly scalable. It is protection that actually resides with your data and scales with each new VM brought up.
- Security: Physical level Encryption protects against lost or stolen physical drives. VM-level Encryption protects against lost or stolen physical drives, unauthorized data movement, access, replication, etc.
- Continuity: With physical level Encryption, workloads are decrypted (unprotected) in-transit – no continuity in security model. VM-level Encryption protects workloads continuously, persistently as they move, clone, snapshot across your infrastructure
- Portability: Physical level Encryption is reliant on exactly that, your hardware – but what about hybrid IT and workloads in-transit. VM-level Encryption eliminates lock-in to hardware, hypervisors or cloud providers – it’s completely portable protection
- Flexibility: VM-level encryption allows you to encrypt sensitive workloads and run them securely alongside your non-sensitive workloads. Different keys and policies can apply to different VMs
- Governance: VM-level Encryption enables boot-based policies so you can control, who can access your data, where your data resides and how it is protected
- Termination: VM-level Encryption allows you to securely terminate individual workloads as you’re finished with them – it’s simple
To summarize, in the old world some can rationalize not encrypting their physical servers, because there are compensating physical controls such as locked doors and sturdy walls. In today’s world with HCI and virtualization, workloads are virtual, dynamic, mobile, scalable and vulnerable. The solution is to protect them with in-guest encryption with keys under the control of the VM owner.
We often talk about flexibility in IT in instances of user-friendly experiences like knowing your Microsoft Word doc will open in Apple’s Pages, or the ability to accept or decline a meeting request from your iPhone with an Outlook account. But, what is being developed behind the curtains for IT flexibility is going to change how the world uses technology.
As we evolve more and more to complete self-contained services like the mainstream Cloud services of Microsoft, Amazon, IBM and Google, I often express concerns about the Cyber aspects being coupled. Enterprises and users are, if they haven’t already, getting more and more comfortable with giving up their physical/virtual servers, applications and storage but are not, and should not, be comfortable giving up control of their sensitive data. The shared responsibility models of Cloud Services Providers (CSPs) delineates between the physical aspects (network, disks, memory, etc.) and the responsibility of what resides in the storage and computer.
Have you heard of the great migration of Modern IT to the Cloud? It’s not new, revolutionary or innovative, and many enterprises are doing it. But what we are seeing is, regardless of industry, migrating to a cloud solution is occurring for a myriad of different reasons – from strategic reasons, to the flexibility, productivity and cost-savings gained by moving workloads and storage from on-site to the Cloud.
Last week, I once again had the pleasure and privilege of attending the RSA Conference in San Francisco. I heard estimates of a record breaking 40,000 attendees. It didn’t seem much busier than previous years but as another participant pointed out to me, that might be because it was better organized, with pre-registration for the sessions, this year. This year I focused my sessions on the Cloud.
The RSA Conference began in 1991 as a forum for cryptographers to gather and share the latest industry knowledge. In 1997 – just 6 years later – WinMagic launched into the data security market – offering software full disk encryption. Since then, similar to the RSA Conference agenda, WinMagic has continued to push the art of security forward, bringing encryption and intelligent key management to new markets and new heights. As we celebrate our 20th year anniversary, we have the same mindset we had when we started out – to protect data no matter where it resides. However now, more so than ever, data has become the lifeblood of the modern world – from banking to education – it’s everywhere. And the surface area of data has expanded across a wide variety of devices, platforms and operating systems, making it more and more difficult to secure.
If you’re like most people, you use tools like DropBox or Box to send and share your files via the Cloud. But how do you know that the files you share via these tools are safe? Do you trust the Cloud service provider and the security measures they’ve put in place? How sure are you that these security measures are foolproof?
When you move into a new place, one of the first things you do is change all the locks. It’s important to your sense of security that you control who has access to your home. Changing the locks just makes logical and practical sense. This same logic should also be applied to your business thinking when you are looking to secure your sensitive information in a new environment or an environment you don’t fully control.