Cloud Security You Can Trust
Atalla Cloud Encryption combines powerful data encryption with patented homomorphic split-key encryption technology to increase security and protect keys even when they are used in the cloud. It easily encrypts any disk or data storage unit with proven encryption algorithms such as AES-256 and makes it safe from hackers, unauthorized access, competitors, and other threats. Cloud Encryption—offered as Infrastructure-as-a-Service (SaaS) and Platform-as-a-Service (PaaS)—is suitable for public, private and hybrid clouds. You can create as many appliances or agents as you need and get the most secure, convenient and cost-effective solution for disk encryption, database encryption, and application level encryption requirements.
- Trusted, Cloud-Based Key Management − only system available that offers the convenience of cloud-based hosted key management.
- Install and setup in Minutes − includes a virtual appliance that you can install in minutes.
- Complete data layer encryption in the Cloud − encrypts the entire data layer including virtual disks, databases, files, distributed storage and more.
- Scalable, Elastic, Automated and Integrated − virtually no impact on application performance or latency. In addition to a convenient management user interface, we also offer a secure cloud-based API.
HP Atalla Cloud Encryption Agent
With the HP Atalla Cloud Encryption Agent, customers can encrypt data disks directly on their application (host) server, as well as generate virtual encrypted disks inside regular files in an existing file system. All encryption and decryption takes place locally on the host server for maximum performance.
The HP Atalla Cloud Encryption Agent is in addition to the existing capabilities of creating encrypted disks inline from the HP Atalla Cloud Encryption Virtual Appliance, using highly secure cloud key management technology.
The HP Atalla Cloud Encryption Agent connects to a HP Atalla Cloud Encryption Virtual Appliance deployed in a cloud account. The HP Atalla Cloud Encryption Virtual Appliance safeguards your encryption project’s master key and safely generates encryption keys as needed by the HP Atalla Cloud Encryption Agent. As an additional security measure, the HP Atalla Cloud Encryption Agent is provisioned using a secure API key, which allows it to access its own managed crypto keys, but not the master key itself. Disk encryption procedures takes place locally on the host server that runs the HP Atalla Cloud Encryption Agent, and the disk-encryption keys are split between the HP Atalla Cloud Encryption Virtual Appliance and the HP Atalla Cloud Encryption Virtual Key Management (VKM) service.
Key Management Technology
- Automated Key Management: As part of the split-key encryption technology, HP Atalla generates its keys automatically, for ease of management along with maximum security.
- Secure, cloud-based key management: HP Atalla Virtual Key Management Service is fully cloud-based with no data center deployment required. Split-key encryption enables HP Atalla to offer the convenience and low cost of cloud-based key management, without compromising security.
- Patented homomorphic key management: Designed for the highest degree of security against key theft by enabling the keys to be used in their encrypted state. With HP Atalla’s Virtual Key Management Service, your master key is never exposed in the cloud.
Homomorphic Key Encryption: Protecting Keys in Use
HP Atalla Cloud Encryption implements homomorphic key encryption which enables your application to access the data store without ever exposing the master keys in an unencrypted state.
Each data object is encrypted with a key that has two parts: the master key and the second (“banker”) key. When the application needs to access the data store, the secure virtual appliance combines both parts of the key in a mathematical operation. Ordinarily, this would require both parts of the key to be exposed (unencrypted). With HP Atalla Cloud Encryption, both parts of the key are encrypted before and during their use in the virtual appliance. As a result, the keys are fully encrypted when they are resident in customer cloud account.
The solution encrypts the master key differently for each instance of the secure virtual appliance. So even if the cloud account is breached or attacked, and the encrypted master key is stolen, it can never be used to access customer data.