AFORE Solutions’ goal has been to provide not only data at rest encryption but also data in motion encryption at all levels of the cloud stack, such that not even the cloud providers can see or change your data. This level of confidentiality does not exist within existing public or private clouds without a little help. AFORE Solutions started with SecureVSA, which provided encryption at rest but had the limitation of requiring the cloud providers to be involved in the process. Now, they have two new products that provide data at rest (and in motion) encryption without the cloud providers being in the know. Actually, the cloud providers do not need to do anything. This is a big win, in my opinion, as if you encrypt data, no one but those with that ability should be able to decrypt the data. The new additions are targeted towards Desktop as a Service but will apply to other types of workloads.
SecureVM provides the ability to encrypt the boot volumes and other volumes of the virtual machine hosted within a public cloud. If the boot volume is encrypted, authentication is required to boot the virtual machine. If the other volumes are encrypted, authentication is required to unlock them. Not only that, but everything builds on each other; one of the requirements to unlock a volume could be that the virtual machine reside within SecureVSA, or even that the boot volume is encrypted with SecureVM.
SecureFILE provides encryption of data at the file level accessed either by a specific application or directly. If you do not have the proper credentials, user, and other attributes, which include the use of the proper application booted from a VM using SecureVM or accessed through SecureAPP, the data will not be available for use.
What AFORE Solutions has done is added security to the access of data by wrapping the data with a security context that can be simple or as complex as needed. The target for these new encryption tools is Desktop as a Service running Windows, as SecureAPP works predominately with Windows applications today. We have needed a more robust security context for data stored in clouds, and these tools add to our existing toolbox.
For more information, read the press release.