Secure File Migration

In VMs with the Policy Agent installed, we support the ability to share KeyIDs (encryption keys referenced by a symbolic name) between VMs within the same Cloud VM Set in which the KeyIDs were created. This allows you to encrypt files and move them securely between these VMs. Only the VMs within the same Cloud VM Set as the KeyIDs are able to decrypt the files. Encryption is on a file-by-file basis, so movement of larger amounts of data can be achieved by zipping/tarring groups of files and then encrypting them.

These mechanisms can also be used to encrypt files and move them to cloud storage knowing that only you will be able to decrypt the files on return.

As an extension to the KeyID notion, we also provide interfaces for migrating encrypted files between VMs and through Amazon Web Services (AWS) S3 storage.