CloudLink® Technologies has released CloudLink® SecureVM with Microsoft® BitLocker® encryption for Amazon AWS. Organizations can now secure their virtual desktop and server virtual machines (VMs) with native Windows encryption tools.

While BitLocker encryption is widely used in the enterprise, it relies on hardware Trusted Platform Modules (TPM) or USB drives to store encryption keys. In virtual and cloud environments, BitLocker cannot access hardware TPM and USB devices, which prevents BitLocker encryption of boot volumes. SecureVM extends BitLocker to virtual and cloud environments by emulating TPM functionality in software, giving organizations centralized management over encryption keys and the ability to encrypt their virtual machines independently of AWS.

SecureVM provides organizations with the confidence that their virtual machines can be started only in the intended environment and only if the security policy conditions have been met. The solution provides organizations with full control of the encryption keys for both Windows and Linux virtual machines deployed throughout their hybrid clouds and validates the integrity of Windows virtual machines before they are allowed to boot. In addition, SecureVM provides a centralized audit trail of when virtual machines were started, including details such as the IP address, hostname, operating system, and so on.

"Cloud security is a top priority for many enterprises, and CloudLink's unique and innovative approach allows customers to Bring-Their-Own-Security to AWS while leveraging the company's existing data security technology and operational expertise," says Alex Berlin, CEO of CloudLink. "SecureVM also provides Managed Service Providers, VAR's and System Integrators reselling AWS cloud services with a compelling data security solution that will help fuel cloud adoption and produce incremental revenue opportunities."

The benefits of SecureVM to AWS customers include:

  • Boot volume encryption secures data stored on Windows instances' C: drives and Linux instances' root partitions
  • Data volumes assigned to an instance can be encrypted and additional volumes can be encrypted as they are added
  • Comprehensive security controls, including volume encryption and VM integrity verification against unauthorized modifications
  • Encryption key management remains under the control of the enterprise, including the ability for the encryption key store to reside within the enterprise data center
  • Decreased security deployment complexity and operational costs by leveraging embedded operating system encryption tools and avoiding changes to how data is stored
  • Hybrid cloud encryption management platform that supports all major cloud including Amazon AWS, Microsoft Azure, and VMware vCloud Air, as well as other private and public cloud environments


This article was originally posted “CloudLink® Unlocks BitLocker To Secure AWS Workloads” from Cloud Strategy Magazine.