Azure Virtual Machine Encryption – making data security easy to buy, deploy and manage
Earlier this year, CloudLink launched SecureVM for Microsoft Azure, a virtual machine security solution designed to encrypt boot and data volumes in the cloud. SecureVM was designed to address two key customer needs.
First and foremost, SecureVM addresses the top concern associated with running workloads on a cloud-based infrastructure. In the traditional physical world, organizations have adopted full disk encryption technology to protect against data loss. However, in a virtual and cloud computing world, organizations must now resolve how to protect VM images from malicious or accidental mounting of virtual disks, leading to sensitive data loss. SecureVM allows organizations to segregate their data and protect access to VM images, keeping data private from other tenants and even their cloud provider.
Second, SecureVM addresses solution deployment and management. The cloud is all about IT agility and this can be negatively affected by solutions that introduce new technology that involves learning how to use tools and make sure they inter-operate with existing applications and platforms. SecureVM is an innovative and pragmatic security solution that makes data encryption in the cloud easy to deploy and manage by enabling proven and familiar encryption tools already built into the operating system.
Rather than introducing new, proprietary technologies, CloudLink SecureVM leverages accepted and proven encryption features native in the operating system. SecureVM unlocks Windows Bitlocker and Linux operating encryption capabilities by emulating the TPM (Trusted Platform Module). This approach provides the necessary pre-boot authorization for boot volume and data volume encryption in virtual and cloud environments. For more details about our SecureVM solution, check out our SecureVM Azure deployment video or the blog by Microsoft Sr. Program Manager Bryan Surace.
The SecureVM approach has been very well received by customers looking to protect their Azure hosted virtual machines, but we knew there were ways to make acquiring and provisioning the solution even easier.
Recently, CloudLink introduced two new capabilities that integrate SecureVM tightly with the Azure cloud. First, we are proud to announce that SecureVM is now Microsoft Azure Certified. This means the solution has been tested and vetted by Microsoft and given the “seal of approval”. Also, Azure Certified applications are available for purchase directly from the Azure Marketplace, so you now have “one-stop shopping” for all your Azure solutions.
As part of the same announcement, SecureVM Agent, a small piece of code that runs on each virtual machine to be protected, can now be deployed as an Azure Virtual Machine Extension. Azure VM extensions facilitate adding third party software to your virtual machine images. These extensions customize images with capabilities such as security and back up, either during initial VM creation or when adding software to existing VMs. VM Extensions can be added through the Azure portal “Create VM” process or through scripting. Our colleague, Microsoft Azure Program Manager Sung Hsueh, describes deploying CloudLink SecureVM as an Azure extension in his blog.
If you’re looking for more information on CloudLink SecureVM, check our Azure web page which includes a number of resources giving you the opportunity to deploy SecureVM and experience this all for yourself.