How to Protect Sensitive Data in Virtual Environments

Virtualization and Encryption

Software-defined transformation of the data center started with virtualization of compute and then hyper-convergence of compute/storage. The use of encryption to protect sensitive data in virtual environments presented some challenges:

  1. Virtualized environments have many copies of the same data and leverage deduplication technologies for efficiency. If encryption is performed in the virtual machine (VM), the data is no longer similar, and this reduces deduplication efficiency.
  2. Some solutions perform encryption in the storage layer such as Self-Encrypting Drives (SEDs). While this protects against physical theft, it does not protect against a rogue administrator from cloning a virtual machine.
  3. Key management is often the Achilles heel. The choice of KMIP-based key management solutions is largely limited to virtual appliances or software solutions that are vulnerable to exploits. Hardware appliances lack the scalability and usability needs of a dynamic virtualized environment.

SDKMS Benefits for VMware Encryption

Let’s review 3 unique benefits of SDKMS for encryption in VMware environments.

1.Software-Defined, Hardware-Secured

Historically, secure key management required a Hardware Security Module (HSM). Legacy HSMs with proprietary hardware however are a misfit in a virtualized data center. They also do not support KMIP. Organizations requiring secure key management would need both a key management solution that supports KMIP and an HSM. More often than not, organizations would trade-off security due to the cost / complexity of HSMs and settle for software only key management solutions.

2.Scalability and Availability

VMware continues to enhance the scale limits of compute and storage in a cluster as well as the number of clusters that can be managed by vCenter. Given that turning on encryption is now a checkbox, scalability of a secure key management solution is an important requirement. Fortanix SDKMS starts with supporting millions of keys and can scale-out horizontally or geographically as demand grows.

3.Cost Effective Consumption

While VMware has made it easy to enable encryption, its adoption is typically constrained due to challenges in enterprise wide key management. These challenges include not only security and complexity but also cost.

Accelerating Data Protection and Compliance

We are very excited about this joint solution that accelerates data protection and compliance for our customers’ VMware virtual environments. In the coming weeks and months, we will further extend SDKMS’ benefits to the enterprise with various KMIP-compliant solutions, including storage devices, hyper-converged infrastructure, databases, security gateways and more.

Other resources you may be interested in reading:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Fortanix™ has created the world’s first runtime encryption solution. Enterprises get provable, portable, and preventive security for their applications!