451 Report: Gazzang offers 'easy button' for 'big-data' encryption with CloudEncrypt for AWS

Gazzang has set out to deliver its version of an 'easy button' for big-data encryption and key management with a new family of products, CloudEncrypt, designed specifically for Amazon Web Services that will allow non-technical users to spin up and tear down new EC2 and EBS instances with automated and pre-configured encryption, key management and access controls.

Date: Wednesday, Apr 09 2014


Gazzang's core products are zNcrypt and zTrustee, both launched in 2012. ZNcrypt provides highly scalable transparent encryption of data-at-rest (file, directory and block-level) that doesn't require modifications to existing applications and comes pre-configured for most big-data platforms such as Hadoop, Cassandra and MongoDB. ZNcrypt also includes process-based access controls for restricting access to encrypted data only to authorized system functions. For example, a file on Hadoop can be restricted to interacting only with the Hadoop Distributed File System (HDFS) to prevent admins from gaining unauthorized access. An encryption strategy is only as good as its key management capabilities. Gazzang's answer is zTrustee, a software-based key management server, or what the company refers to as a 'virtual hardware security module (HSM).' ZTrustee is essentially a vault that can securely store any digital asset – encryption keys, SSH keys, keys for third-party crypto modules, user names and passwords – that can be pulled down as needed at runtime (though the company is careful to point out that zTrustee is not a high-speed token vault). ZTrustee enables granular and configurable policies for controlling access to encryption keys, which can be based on time of day, geo-location, etc.

Next Steps