Skip Links

Automating data encryption for new cloud architectures

IT Best Practices Alert By Linda Musthaler, Network World
April 06, 2012 01:52 PM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Cloud computing is the ideal environment for processing big data. For databases that scale horizontally, sometimes with a million or more fields and reaching multiple petabytes in size, it's possible to chunk up the data and spread it across hundreds or thousands of servers for parallel processing and analytics. It's an efficient and effective use of cloud technology.

Of course, if you put data in the cloud, you will want to protect it with encryption, especially if the data includes any sensitive customer or financial information. However, the very thought of generating and managing all the encryption keys for hundreds of separate data files can be a problem. And, if your data is in a public cloud, you wouldn't want to give access to the keys to the root user, who is often an administrator for the cloud provider.

CLOUD TRENDS: How to go hybrid

IN DEPTH: Can you handle big data?

Austin-based Gazzang Inc. has an encryption solution that has been purpose-built for new cloud architectures, and specifically to take advantage of open source infrastructure. The company's first product, ezNcrypt, is a platform as a service (PaaS) to do transparent data encryption to a range of databases and applications in the open source world. According to Gazzang executives, these types of databases -- such as those enabled by Hadoop, Cassandra and MongoDB -- are growing, but they don't have the same robustness of security tools that commercial enterprise-class databases have developed over the years. Gazzang is building a series of products to address this market.

ezNcrypt has two fundamental components. The most important is the key manager, which resides in the cloud -- hence the reason for calling the product a PaaS solution. The key manager has infrastructure to generate and manage encryption keys. For companies that don't want to place the key manager in the cloud for their own security or regulatory reasons, this software component can be installed locally behind the company's firewall.

The second component is a small kernel modification module for Linux that is loaded in the same space as the operating system. This is where the encryption actually takes place. Gazzang leverages the cryptography that is distributed automatically with Linux, which is AES-256. However, you don't have to make any modifications to the database or applications or your Linux environment.

What Gazzang has created is a virtual encrypted file system. When any Linux application, process or database goes to commit data on the disk, ezNcrypt intercepts it and does the encryption so that all data at rest -- on premises or in the cloud -- gets encrypted. The data is only decrypted as it comes off the disk and is loaded into memory for computation.

The initial installation of ezNcrypt takes about 20 minutes. The product makes a slight modification to the Linux kernel. Then you set up the configuration rules to define which servers and processes are allowed to encrypt/decrypt data. This is when you enable the passphrase, and from here on out it's "set it and forget it." You don't need to interface with the system again unless the server gets rebooted and you need to reauthorize the release of the master key.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News