1. Amazon Web Services (AWS) delivers reliable and scalable compute and storage ser-
vices in the cloud and is one of the largest public cloud infrastructure operating in
global scale with exceptional availability, agility and elasticity for mission-critical
enterprise business applications and data services.
As business critical applications and sensitive data transition into the cloud, there is
a greater need for the cloud to become more secure and robust by reducing the risk of
security breaches while maintaining system scalability and availability.
One of the key challenges for cloud adoption in enterprise computing is the need for
data privacy and to meet regulatory compliance. Information stored at off-premise
cloud data infrastructure tends to be much more vulnerable to security attacks com-
pared to on-premise data centers and may easily result in data breaches if without
proper protection.
Targeted and unknown attacks are on the rise, sensitive data residing on cloud com-
puting infrastructure risks huge potential of vulnerabilities. Data encryption is techni-
cally recognized as the last line of defense to combat data leakage. Nevertheless,
legacy silo-based encryption tools are disparate and difficult to fit in the new genera-
tion of cloud computing architecture.
Bloombase Next Generation Data Security solution delivers a unique and transforma-
tive software approach on storage data security from Physical/Virtual Data Center,
through Big Data, and to the Cloud. Bloombase StoreSafe data security software ap-
pliance fills the missing piece of at-rest data protection at cloud by bump-in-the-wire,
application-transparent and non-disruptive cryptography that fits seamlessly in the
Bloombase at-rest data security software
appliance provides turnkey, agentless,
non-disruptive, application-transparent
encryption of cloud storage data services
powered by Amazon Web Services (AWS).
The solution can help to:
Secure your AWS Elastic Compute Cloud
(EC2) instances and storages
Provide multi-tenancy encryption protec-
tion on AWS
Protect your business critical and sensi-
tive data in AWS cloud storages includ-
ing Simple Storage Service (S3) and
Elastic Block Store (EBS)
Mitigate outbound threats and data
leakage
Quickly and securely retrieve your secret
cipher-data for various trusted and au-
thorized AWS applications as-if they are
in plain-text
Immediately meet various stringent data
confidentiality and secrecy regulatory
compliance requirements
Maximize your return on investment
(ROI) with easy-to-implement and scala-
ble AWS cloud platform for multi-
tenancy, mixed operating system, and
heterogeneous cloud applications
Easily manage security rules and poli-
cies of your business data encryption
requirements
Enable AWS applications and instances
to run without the expense of data confi-
dentiality
S o l u t i o n B r i e f
Bloombase Next Generation Data Security for
Amazon Web Services (AWS)
EC2 Instance
EBS Volume
S3 Object
Applications on
Amazon Elastic
Compute Cloud
S3 Bucket
Amazon Elastic
Block Storage
^$8Yn
+=@~Clear-text data from AWS EC2
instances is encrypted as it moves
through Bloombase StoreSafe to
AWS storage interfaces and
un-encrypted vice-versa
Read and Unencrypt
Encrypt and Write
Clear
text
Header
Trailer
Cleartext
Header
Trailer
^$8Yn+=Q~
^$8Yn
+=@~
Bloombase
StoreSafe on
EC2
2. Bloombase - Next Generation Data Security email info@bloombase.com web http://www.bloombase.com
Copyright 2013 Bloombase, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Bloombase, Spitfire, Keyparc, StoreSafe, and other Bloombase
products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Bloombase in United States and/or other jurisdictions. All other product and service names
mentioned are the trademarks of their respective companies. The information contained herein is subject to change without notice. The only warranties for Bloombase products and services are set forth in the
express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Bloombase shall not be liable for technical or editorial
errors or omissions contained herein. Item No. BLBS-SB-Bloombase-Next-Generation-Data-Security-for-Amazon-Web-Services-USLET-EN-R8
cloud, enabling customers to meet stringent information privacy
requirements cost-effectively. Bloombase cryptographic module
is NIST FIPS 140-2 certified, supports numerous standard based
cipher algorithms, open storage security protocols such as IEEE
1619 and industry key management standards including
PKCS#11 and OASIS KMIP.
Bloombase StoreSafe empowers turnkey encryption of AWS stor-
age services namely Simple Storage Service (S3) and Elastic
Block Store (EBS) as-a-service enabling Elastic Compute Cloud
(EC2) applications to encrypt AWS data immediately without any
application change.
Bloombase agentless encryption software appliance can flexibly
be deployed as EC2 instances on AWS or on third party cloud
platforms. It works as a storage proxy providing wire-speed en-
cryption and un-encryption of S3 objects and EBS volumes by
preserving the proprietary AWS RESTful protocols.
Authorized AWS hosts and applications leverage virtual storage
resources provided by Bloombase for encryption and un-
encryption of at-rest data stored at backend AWS storage ser-
vices. When host applications or end users write plain-text data
to backend storage via Bloombase, the encryption engine ex-
tracts clear-text payloads and converts them as cipher-text in
real-time before getting persisted as S3 objects or EBS volumes.
As applications read from AWS storage services through Bloom-
base, the un-encryption engine is triggered to retrieve cipher-
text from AWS storage and converts them to virtual plain-text on-
the-fly before presented to applications and users. Business
data in AWS storage services stays naturally encrypted in their
proprietary format S3 object or EBS volume and permanently
locked down—private and safe. Data owners access encrypted
AWS storage as-if they are in the clear whereas platform admin-
istrators and operators see these as-if they are garbage.
Bloombase transparent data security solution is designed with
open technologies that is able to stretch with enhanced sustain-
ability over agile environments along with benefits of robustness
and security. Not only Bloombase StoreSafe protects AWS stor-
age services, it also secures various other cloud computing facil-
ities, virtual data centers, and traditional enterprise storage
systems maximizing cost efficiency and manageability. Bloom-
base brings a rich selection of security features that helps to
meet heterogeneous security requirements from a wide range of
industry verticals and geographies. It scales flexibly with compu-
ting resources allocated, ensuring growing data protection
needs are fulfilled dynamically and efficiently. It is designed to
be fault-tolerant and highly-available allowing for mission criti-
cal secure data services. The end result is that customers can
leverage Bloombase next generation data security technology to
run their business-critical applications and data services on AWS
securely and privately as-if in their own premises.
What is Amazon Web Services (AWS)
Amazon Web Services (AWS) delivers a set of services that to-
gether form a reliable, scalable, and inexpensive computing
platform “in the cloud”. The most central and well-known of
these services are Amazon EC2 and Amazon S3. One of the key
benefits of cloud computing is the opportunity to replace up-
front capital infrastructure expenses with low variable costs that
scale with your business. With the Cloud, businesses no longer
need to plan for and procure servers and other IT infrastructure
weeks or months in advance. Instead, they can instantly spin up
hundreds or thousands of servers in minutes and deliver results
faster. Amazon Web Services provides a highly reliable, scala-
ble, low-cost infrastructure platform in the cloud that powers
hundreds of thousands of businesses in 190 countries around
the world. With data center locations in the U.S., Europe, Brazil,
Singapore, Japan, and Australia, customers across all industries
are taking advantage of the following benefits: low cost, agility
and instant elasticity, open and flexible, last but not least, se-
cure.
What is AWS Partner Network (OVA)
The AWS Partner Network is made up of a strong and growing
community of companies that offer a wide range of products and
services on the AWS platform. AWS Technology Partners include
independent software vendors (ISVs), SaaS, PaaS, developer
tools, management and security vendors. For more information
about AWS Partner Network, visit http://aws.amazon.com/
partners.
Bloombase is an AWS Technology Partner.
Learn More
To learn more about Bloombase Next-Generation Data Security
solutions, contact your Bloombase sales representative, or visit
http://www.bloombase.com
Encrypted
AWS
Object/
Volume
^$8Yn
+=@~
Bloombase
StoreSafe on
EC2
Users
Admin or
Operator
Virtual-plain
AWS Object/
Volume
Clear
text
AWS
REST
AWS
REST
Admins and operators manage
AWS objects and volumes in
their natural forms with
contents locked down by
Bloombase encryption
Users and data
owners access
Bloombase secured
AWS objects and
volumes as if in the
clear