As if a CSO/CISO's job was not challenging enough, along comes the "Cloud".
Even as traditional IT environments are becoming regulated, the cloud adds a new dimension to the problem. Businesses are demanding to use the cloud because it gives them flexibility, scalability, speed and possibly lower costs. However, putting sensitive data in the cloud creates a headache because you are still responsible for ensuring its security despite the fact that you don't own the infrastructure, people or operational procedures. While there are many choices out there, you must also balance the need for flexibility and lower costs without giving up security. StrongAuth, Inc.has released a free and open-source software (FOSS) product - the StrongKey CryptoEngineTM (SKCE) - that does just that.
The SKCE is a Java-based application that can be setup as a web-service - or linked into your own applications for better performance - to encrypt/decrypt files and objects. These files/objects can be of any type and size. Symmetric encryption keys for encrypting these files are generated based on pre-defined policies and escrowed on another appliance - the StrongAuth KeyApplianceTM. Once encrypted, the ciphertext files can be automatically transferred by the SKCE to a range of target desinations:
Public clouds such as AWS or Azure;
Private clouds built with software such as Eucalyptus;
Storage Area Networks or Network Attached Storage; or
Local or remote file-systems
To decrypt a file, the web-service goes through the process in reverse and recovers the file (see How it works for details on the mechanics). The SKCE can also be a component of a web-application architecture called Regulatory Compliant Cloud Computing (RC3), which allows you to build transactional web-applications using public or private clouds.
The SKCE is a component of a comprehensive enterprise encryption and key-management solution to protect sensitive data - no matter what it is and no matter where it resides - in accordance with regulatory requirements.
StrongAuth, Inc. is the creator of the first open-source Symmetric Key Management System (StrongKey) and the first integrated appliance to include encryption, tokenization, key-management with a cryptographic hardware at the lowest price in the industry - the StrongAuth KeyApplianceTM. We've also established Public Key Infrastructures (PKI) for some of the largest and smallest customers in the world. Our decade of experience in enterprise key management, plus our commitment to open-source and intelligently designed solutions, makes us one of the "hidden treasures" of security.