Amazon Web Services (AWS) delivers reliable and scalable compute and storage ser-vices in the cloud and is one of the largest public cloud infrastructure operating in global scale with exceptional availability, agility and elasticity for mission-critical enterprise business applications and data services. As business critical applications and sensitive data transition into the cloud, there is a greater need for the cloud to become more secure and robust by reducing the risk of security breaches while maintaining system scalability and availability. One of the key challenges for cloud adoption in enterprise computing is the need for data privacy and to meet regulatory compliance. Information stored at off-premise cloud data infrastructure tends to be much more vulnerable to security attacks com-pared to on-premise data centers and may easily result in data breaches if without proper protection. Targeted and unknown attacks are on the rise, sensitive data residing on cloud com-puting infrastructure risks huge potential of vulnerabilities. Data encryption is techni-cally recognized as the last line of defense to combat data leakage. Nevertheless, legacy silo-based encryption tools are disparate and difficult to fit in the new genera-tion of cloud computing architecture. Bloombase Next Generation Data Security solution delivers a unique and transforma-tive software approach on storage data security from Physical/Virtual Data Center, through Big Data, and to the Cloud. Bloombase StoreSafe data security software ap-pliance fills the missing piece of at-rest data protection at cloud by bump-in-the-wire, application-transparent and non-disruptive cryptography that fits seamlessly in the

Bloombase at-rest data security software appliance provides turnkey, agentless, non-disruptive, application-transparent encryption of cloud storage data services powered by Amazon Web Services (AWS). The solution can help to:

Secure your AWS Elastic Compute Cloud (EC2) instances and storages

Provide multi-tenancy encryption protec-tion on AWS

Protect your business critical and sensi-tive data in AWS cloud storages includ-ing Simple Storage Service (S3) and Elastic Block Store (EBS)

Mitigate outbound threats and data leakage

Quickly and securely retrieve your secret cipher-data for various trusted and au-thorized AWS applications as-if they are in plain-text

Immediately meet various stringent data confidentiality and secrecy regulatory compliance requirements

Maximize your return on investment (ROI) with easy-to-implement and scala-ble AWS cloud platform for multi-tenancy, mixed operating system, and heterogeneous cloud applications

Easily manage security rules and poli-cies of your business data encryption requirements

Enable AWS applications and instances to run without the expense of data confi-dentiality

S o l u t i o n B r i e f

Bloombase Next Generation Data Security for Amazon Web Services (AWS)

EC2 Instance

EBS Volume

S3 Object

Applications on Amazon Elastic Compute Cloud

S3 Bucket

Amazon Elastic Block Storage

^$8Yn+=@~Clear-text data from AWS EC2

instances is encrypted as it moves through Bloombase StoreSafe to

AWS storage interfaces andun-encrypted vice-versa

Read an

d Unen

crypt

Encrypt a

nd Writ

e

Cleartext

Header

Traile

r

Clearte

xt

Header

Traile

r

^$8Yn+=Q~

^$8Yn+=@~

BloombaseStoreSafe on

EC2

Bloombase - Next Generation Data Security email info@bloombase.com web http://www.bloombase.com Copyright 2013 Bloombase, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Bloombase, Spitfire, Keyparc, StoreSafe, and other Bloombase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Bloombase in United States and/or other jurisdictions. All other product and service names mentioned are the trademarks of their respective companies. The information contained herein is subject to change without notice. The only warranties for Bloombase products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Bloombase shall not be liable for technical or editorial errors or omissions contained herein. Item No. BLBS-SB-Bloombase-Next-Generation-Data-Security-for-Amazon-Web-Services-USLET-EN-R8

cloud, enabling customers to meet stringent information privacy requirements cost-effectively. Bloombase cryptographic module is NIST FIPS 140-2 certified, supports numerous standard based cipher algorithms, open storage security protocols such as IEEE 1619 and industry key management standards including PKCS#11 and OASIS KMIP. Bloombase StoreSafe empowers turnkey encryption of AWS stor-age services namely Simple Storage Service (S3) and Elastic Block Store (EBS) as-a-service enabling Elastic Compute Cloud (EC2) applications to encrypt AWS data immediately without any application change. Bloombase agentless encryption software appliance can flexibly be deployed as EC2 instances on AWS or on third party cloud platforms. It works as a storage proxy providing wire-speed en-cryption and un-encryption of S3 objects and EBS volumes by preserving the proprietary AWS RESTful protocols. Authorized AWS hosts and applications leverage virtual storage resources provided by Bloombase for encryption and un-encryption of at-rest data stored at backend AWS storage ser-vices. When host applications or end users write plain-text data to backend storage via Bloombase, the encryption engine ex-tracts clear-text payloads and converts them as cipher-text in real-time before getting persisted as S3 objects or EBS volumes. As applications read from AWS storage services through Bloom-base, the un-encryption engine is triggered to retrieve cipher-text from AWS storage and converts them to virtual plain-text on-the-fly before presented to applications and users. Business data in AWS storage services stays naturally encrypted in their proprietary format S3 object or EBS volume and permanently locked down—private and safe. Data owners access encrypted AWS storage as-if they are in the clear whereas platform admin-istrators and operators see these as-if they are garbage. Bloombase transparent data security solution is designed with open technologies that is able to stretch with enhanced sustain-ability over agile environments along with benefits of robustness and security. Not only Bloombase StoreSafe protects AWS stor-age services, it also secures various other cloud computing facil-ities, virtual data centers, and traditional enterprise storage systems maximizing cost efficiency and manageability. Bloom-base brings a rich selection of security features that helps to meet heterogeneous security requirements from a wide range of industry verticals and geographies. It scales flexibly with compu-ting resources allocated, ensuring growing data protection needs are fulfilled dynamically and efficiently. It is designed to be fault-tolerant and highly-available allowing for mission criti-cal secure data services. The end result is that customers can leverage Bloombase next generation data security technology to run their business-critical applications and data services on AWS securely and privately as-if in their own premises.

What is Amazon Web Services (AWS) Amazon Web Services (AWS) delivers a set of services that to-gether form a reliable, scalable, and inexpensive computing platform “in the cloud”. The most central and well-known of these services are Amazon EC2 and Amazon S3. One of the key benefits of cloud computing is the opportunity to replace up-front capital infrastructure expenses with low variable costs that scale with your business. With the Cloud, businesses no longer need to plan for and procure servers and other IT infrastructure weeks or months in advance. Instead, they can instantly spin up hundreds or thousands of servers in minutes and deliver results faster. Amazon Web Services provides a highly reliable, scala-ble, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries around the world. With data center locations in the U.S., Europe, Brazil, Singapore, Japan, and Australia, customers across all industries are taking advantage of the following benefits: low cost, agility and instant elasticity, open and flexible, last but not least, se-cure.

What is AWS Partner Network (OVA) The AWS Partner Network is made up of a strong and growing community of companies that offer a wide range of products and services on the AWS platform. AWS Technology Partners include independent software vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors. For more information about AWS Partner Network, visit http://aws.amazon.com/partners. Bloombase is an AWS Technology Partner.

Learn More To learn more about Bloombase Next-Generation Data Security solutions, contact your Bloombase sales representative, or visit http://www.bloombase.com

Encrypted AWS

Object/Volume

^$8Yn+=@~

BloombaseStoreSafe on

EC2

Users

Admin or Operator

Virtual-plain AWS Object/

Volume

Cleartext

AWS REST

AWS REST

Admins and operators manageAWS objects and volumes in

their natural forms with contents locked down byBloombase encryption

Users and data owners access

Bloombase secured AWS objects and

volumes as if in the clear