My Latest Project – EMC Encryption as a Service (EaaS)
One of the more interesting projects I’ve been working on lately is an Encryption as a Service (EaaS) offering for our cloud service provider (CSP) partners. After the NSA domestic spying program was revealed and there was a global uproar about privacy and protection in the cloud, I decided to design a service offering that will allow our CSP partners the ability to offer a completely encrypted (at-rest or in-motion) private, public, or hybrid cloud experience. Well before the NSA story broke we started to see an uptick in the Healthcare and Financial verticals for movement of their workloads to cloud and its no longer just test/dev, they’re looking to move business and mission critical workloads to the cloud for a variety of reasons. With the strict regulatory compliance requirements from HIPAA and GLBA, many institutions are turning to encryption solutions to make cloud a reality. While community clouds are a great solution, we haven’t see that many true community clouds popping up in the CSP space, but when they do our offering will definitely be a great addition to their cloud security strategy.
When laying out the design for the EaaS offering, we had a few major requirements. First, it had to be easily scalable, otherwise it would be a management nightmare for the CSP partner. Second, it had to be granular, otherwise the CSP partner would either have to stand up a separate silo to meet the demand (Field of Dreams approach) or to encrypt their entire existing environment, thus monetarily penalizing those workloads that didn’t have an encryption requirement. Lastly, it had to give the customer choice to control the encryption keys in a non-propriertay way. I’ve see Business Associate Agreements (BAA) that cover provider or tenant in control of the keys, it appears to depend on the size of the company and the requirements from their auditors.
The AFORE CloudLink Platform met all of our requirements and the fact that it works with multiple clouds (AWS, Azure, vCHS) was a huge bonus. After determining the technology met our offering requirements, we got to work with the AFORE team to make it a reality. When delivering a service offering, its more than just standing up a technology and hanging a sign on the door. We needed to put together a complete go-to-market package for the provider that would enable both their technical and sales teams. I’ve seen too many providers stand up technically sound offerings, but their sales teams were inadequately trained on positioning and objection handling, so the offering really never takes off leaving the provider with stranded assets on the floor. Also, because the tenant has the choice to be in control of the encryption keys we required training materials to be created for this as well.
One challenge I see with quite a few ISVs is product licensing. Many companies are still only offering annual or perpetual licensing models for their “cloud” products, when I brought up this subject with the AFORE team they were more than happy to listen and take action. Going back to my Field of Dreams comment above, we can no longer expect our partners to spend their precious CapEX to acquire technology and wait for the workloads to come, they need to purchase like their customers purchase, by the drip.
All of the hard work in creating the EaaS offering has paid off and I’m pleased to officially announce the CloudLink Powered EMC EaaS Offering.
Please let me know if you’d like further details on this offering or any of our CSP partners that will be offering it. Thanks.
Chris