Thales-logo

Periodically, we turn over control of the CenturyLink Cloud blog to members of our certified technology Ecosystem to share how their technology on the CenturyLink Marketplace provides customers with low-friction solutions to solve complex business challenges. This editions guest author from the Cloud Marketplace Provider Program is Eric Wolff, Senior Product Marketing Manager, at Thales e-Security. Thales e-Security acquired our long-term partner Vormetric earlier this year.

Downtime – nobody likes it. Unplanned downtime is almost always expensive. A 2015 report from IDC even revealed that for the Fortune 1000, the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year.

Planned downtime is also a pain. Before I was in the security business, I marketed network solutions that were “bumps on the wire” which required planned downtime for deployment. There were ways to minimize or even reduce the downtime, but they were complicated.

These same downtime obstacles present themselves with encryption. There's a great return on investment (ROI) – you can sleep better knowing that data thieves get nothing they can use (and how happy you’re making the compliance team). But, for enterprise-class encryption, there’s almost always a planned downtime period while tens of thousands of files or a large database gets encrypted. There are ways to prevent the downtime, but they can be complicated and require administrative time or extra disk space – at least until now. Enterprise encryption without downtime is now available with Live Data Transformation, a feature of Vormetric Transparent Encryption from Thales e-Security. With Live Data Transformation, a database of any size or any number of files can be used while undergoing encryption.

Reducing Friction in Getting Your Job Done

Consider the concerns of a CFO of a large organization. One day, the CFO decides it’s time to encrypt the hard drive on their PC or Mac laptop. The CFO turns on encryption and knows that soon the entire hard drive will be encrypted. The process might take a few days, but eventually all the data will be protected.

That same CFO's IT organization is considering implementing enterprise-class encryption for a database or large group of sensitive files in the CenturyLink Cloud. In the deployment planning document, they note that the target data will be offline for several days during a long February weekend. The CFO doesn’t approve the purchase requisition, saying “Why does data have to be offline? Why doesn’t this work like my laptop?”

The CFO finds the downtime plan does not jibe with what they experienced with their laptop. The IT organization may argue that since he or she is the only person using their laptop, it's not the same as enterprise databases or other storage, where thousands of users across hundreds of servers require concurrent access. It's a much more complicated process. But downtime for encryption should not be, and no longer needs to be, tolerated. And there’s no downtime with Live Data Transformation. Start encrypting, and walk away. Use all the data while it’s being encrypted. Just like the CFO’s laptop.

Encryption Can Peg the CPU, But You Won’t Get Pegged

The CFO’s laptop never slows down while its data is being encrypted. Its operating system carefully balances between encrypting the data and allowing work to be done. Live Data Transformation offers the same process, but on a much larger scale. It does this by allowing an organization to specify that encryption can take no more than a chosen CPU percentage on each server, leaving the rest of the capacity to run applications normally.

Stop Tearing Your Hair Out

Perhaps your organization has a large data set with encryption already in place. At some point, that data set goes to an archive, possibly offsite. Meanwhile, Live Data Transformation has enabled you to do a scheduled key rotation for all your live data sets. Months go by and a file recovery is needed. When the archive is mounted, you discover that your current encryption keys differ from those in the archive. Where’s that key? How am I going to recover that file? You might now be tearing your hair out. But with Vormetric Live Data Transformation key versioning, everything works automatically.

Live Data Transformation is part of Vormetric Transparent Encryption, where keys and policies are provided by the Vormetric Data Security Manager (DSM). Live Data Transformation adds key version management to the picture. A Transparent Encryption Agent with Live Data Transformation discovers an older key version in an archive, requests the key for that version from the Data Security Manager, and data recovery from the archive happens immediately. The restored data is encrypted with the current cryptographic key. You calmly tell the user, “your recovered data is now available”.

The ability to deploy encryption without planned downtime is a game-changer for organizations that need to keep their data safe. With Live Data Transformation, another one of the trade-offs between security and availability is eliminated. So live long and prosper, my friends, and happy encrypting.

Begin Your Live Data Transformation

For more information on Vormetric Live Data Transformation, please visit our site.

To begin your Live Data Transformation with Vormetric's robust security offerings, visit the CenturyLink Marketplace.

If you are a current CenturyLink Cloud customer, and you're ready to secure your enterprise, visit the Getting Started with Vormetric Guide. If you are ready to get started but are not yet a CenturyLink Cloud customer, no problem. Get started with a free trial today. Designed for your business needs today and tomorrow, the CenturyLink Cloud is reliable, secure, robust, and global.

We’re a different kind of cloud provider – let us show you why.