Gazzang is going gangbusters with key
management for MySQL and the cloud
Analyst: Rachel Chalmers Wendy Nather7 Feb, 2011
Gazzang's first product is 'set and forget' encryption for MySQL databases, but its long-term ambitions are far grander: to make cloud computing enterprise-ready. The company plans to build out from a beachhead as a value-add on top of the free eCryptfs tool to become the default option for transparent data encryption in LAMP and, ultimately, cloud-computing development. To that end, it has designed an innovative new key management system.
The 451 Take
Gazzang provides database encryption and key management for customers who are adopting MySQL in order to comply with (for example) PCI-DSS. That's an enormous market, but it's also a gateway to larger markets: the whole LAMP stack, for example, and even cloud
computing. Gazzang's challenge will be to demonstrate that it adds significant value on top of free tools like eCryptfs. Its Key Storage System is likely to emerge as an important
differentiator.
Context
The Gazzang management team includes president and CEO Larry Warnock, who sold Phurnace Software to BMC; VP of business development and marketing Chris Gillan, formerly of BindView and BMC; and director of development Eddie Garcia, a veteran of AMD, PentaSafe, NetIQ and Perficient. In December 2010, the company raised $3.5m in series A funding from Austin Ventures,
Strategy
Gazzang identifies the rapid adoption of the LAMP stack as a key opportunity. With the adoption of the LAMP technologies, executives believe, come the private, public and hybrid clouds. The
challenge of cloud adoption is the lack of sophisticated tools to exert control over any
mission-critical code and data entrusted to it. Gazzang's founders believe the biggest technology hole is around data security.
The company's strategy, therefore, is to offer cloud data security through encryption. In the short term, Gazzang will sell what it calls 'practitioner' products. It aims at repeat sales into the same buyers within its installed base. Eventually, the company plans to build these point products out into a high-performance encryption platform that can encompass all elastic and cloud-computing deployments.
Technology
Gazzang's first product is a data-encryption tool for MySQL. The company likes to claim that the world's largest open source database is not secure. It's a bit more complicated than that. Gazzang's ezNcrypt acts as a file system layer between Linux's virtual file system (vfs) and the concrete file systems underneath it (such as ext2/3/4, FS, NFS, XFS and ReiserFS). It uses the eCryptfs module that is native to Linux kernel 2.6.18 and above.
Data is encrypted transparently. That's very important, given that Gazzang will compete primarily with the do-it-yourself approach. Developers say eCryptfs is not very hard to use, but ezNcrypt should make it even simpler. With Gazzang's software, organizations shouldn't need to change their own applications, code or MySQL deployments. Once ezNcrypt is in place, the database should be protected even from its own users. No user – including root – should be able to unlock the data without the key. The MySQL process is the only one authorized to retrieve the key that can unlock the data.
Gazzang's core value proposition lies in its proprietary Key Storage System. As the company explains it, two layers of encryption protect each message that passes between the customer machine and the server. One layer uses asymmetric encryption (https); the other uses symmetric encryption via an industry-standard algorithm such as AES, Blowfish or Twofish. The clever part, the company says, is that messages between the customer machine and the Gazzang server are never encrypted the same way twice.
Customers
MySQL is a big market. The open source database is downloaded 65,000 times per day, and regulatory regimes like GLBA, HIPAA and PCI-DSS are driving its adoption. Gazzang already boasts over 50 customers spread across education, finance, healthcare and the Web. The 451 Group spoke to Hartford Hospital, which uses ezNcrypt to provide transparent encryption for the MySQL
database that underlies its Health Information Exchange. Hartford is pleased with the results. Look for a forthcoming User Deployment Report on this customer.
However, Gazzang sees a bigger opportunity beyond MySQL in encrypting the whole LAMP stack, and beyond that, the cloud. The ezNcrypt for MySQL product is shipping now. In Q1 or Q2 of 2011, Gazzang plans to ship ezNcrypt for the entire LAMP stack. By mid 2011, the company hopes to ship ezNcrypt for Cloud, including modules for access control, audit logging, key management, the eCryptfs layer, usage metering, configuration security, core encryption, licensing, MySQL user-defined functions and a kernel keyring interface.
Competition
In the symmetric key management world, Gazzang goes up against independent Venafi, EMC security division RSA, Thales e-Security (which acquired enterprise key management pioneer nCipher) and IBM. Thales has, in recent months, looked to cultivate partnerships with encryption vendors to address the need for PCI-DSS compliance and upstream protection of cryptographic keys. Meanwhile, encryption vendors SafeNet and PGP (now part of Symantec) have articulated another take on data security for the cloud, with a strong emphasis on enterprise key management and encryption.
Trend Micro's SecureCloud offering, announced in August 2010, provides very similar functionality; its main difference is that SecureCloud uses block-level encryption, so it's data-agnostic and will handle database files as well as flat files, video and any other kind. Once SecureCloud
authenticates the requesting client and delivers the data, it is decrypted for any and all use on the client side. Gazzang's database-centric encryption restricts decrypting to any but authenticated database users and processes, so the data remains protected even on the client side.
SWOT Analysis
Gazzang's founders have a thoroughbred pedigree. The company has identified a fast-growing market and has pitched its first product at the practitioners who can become evangelists within an enterprise.
Gazzang must demonstrate exactly how ezNcrypt simplifies the use of eCryptfs. It also needs to educate its market both in how its Key Storage System works and why key management is important.
Opportunities Threats
MySQL is exploding in popularity. The LAMP stack is growing with it, and both are the default choice of agile programmers targeting private, public and hybrid cloud deployment.
The importance of key management for the cloud has not escaped the attention of security giants EMC RSS, Symantec and IBM.
Reproduced by permission of The 451 Group; © 2014. This report was originally published within 451 Research's Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com