Automated, Integrated Data Service Protection for Cloud Native Environments

XCrypt Service Encryption for Cloud Foundry is a high-performance, software-only encryption solution for cloud native environments. It’s integrated with BOSH Director and BOSH agent to encrypt data service instances automatically as they are deployed, so your data is always protected. XCrypt Service Encryption encrypts the volume the data service is deployed on, so performance remains high. XCrypt Service Encryption works with any data service, including Greenplum, Redis, Crunchy Data, MariaDB, and more. Since XCrypt Service Encryption is integrated into Cloud Foundry, other platform versions, such as Pivotal Cloud Foundry, are supported as well.

Zettaset’s all-software approach to encryption simplifies deployment and eliminates the need for proprietary appliances which simply aren’t designed for today’s highly scalable cloud native environments. XCrypt Service Encryption for CF utilizes Advanced Encryption Standard (AES) 256-bit encryption, the largest key size available. Also included is a BOSH Release of Zettaset’s Virtual Enterprise Key Manager and Virtual Hardware Security Module to key and policy management and administration.

Zettaset provides proven defense in regulated industries such as healthcare, financial services, and retail from the accelerating frequency and scope of data breaches. XCrypt Service Encryption can help bring data stores into compliance with corporate and regulatory data protection initiatives including PCI DSS, HIPAA, FISMA and more.

XCrypt Service Encryption for Cloud Foundry diagram

XCrypt Service Encryption Components

BOSH Addon
Enables transparent high-performance data-at-rest encryption for any data service instance, including MySQL, Redis, Greenplum, and others.

BOSH Release of Zettaset Virtual Enterprise Key Manager and Virtual Hardware Security Module
Provides native key management and key and policy administration services to encrypted data service instances.

Benefits and Features

  • Requires no proprietary hardware (appliances); software-only encryption solution that deploys as a BOSH Release and BOSH Addon
  • Does not require specialized encryption experts – can be deployed and maintained by existing IT staff
  • Negligible performance impact on existing processes
  • KMIP compatible & PKCS #11 certified and interoperable with all major key managers and HSMs, including Thales and Gemalto
  • Helps bring cloud and on-premises data stores into compliance with corporate and regulatory data protection initiatives such as PCI DSS, SOX, HIPAA, FISMA, and more