1 Nasuni Security Model Nasuni s security architecture protects off-premises data, allowing enterprises to safely leverage cloud storage Executive Summary Storing data off-premises in cloud or as-a-service settings offers new and exciting capabilities for organizations, but unfortunately introduces new and different risks. Nasuni securely leverages cloud storage resources as the scalable and redundant backend storage in our solution. In order to use this storage effectively, Nasuni has developed robust security that combines superior encryption and datadisguising technology with top-tier cloud storage providers, to ensure the security of your data and give you peace of mind. With Nasuni, organizations can securely protect and manage their data for multiple global locations from a single centralized location. Managing the Security of Off-Premises Data Managing and protecting the security of shared critical data is a time-consuming headache. A recent ESG Research Brief indicates that user authentication and access, combined with data security in transit and at rest, are some of the biggest information security challenges for ROBO locations. 1 This already-diffi cult security problem is exacerbated by the necessity of supporting multiple satellite and branch offi ces around the world. Today, even small organizations often maintain a presence in multiple countries on several continents. Companies must securely provide critical data for such sites and do so from afar while still ensuring rapid access to the most up-to-date data at every location. This challenge compounds the near-exponential growth of the data itself with the additional complexity of secure offi ce-to-offi ce communication. Cloud storage offers attractive benefi ts, such as global access to shared data with unlimited storage capacity. Nasuni leverages cloud storage as part of our consolidated storage solution that delivers primary storage, backup, and offsite data protection, all in a single offering. Nasuni s deep security expertise and experience with off-premises storage enables us to implement security technologies and practices that guarantee your data remains safe even when stored in the cloud.
2 Your organization s off-premises data is vulnerable to a number of potential risks, especially: Exposure to unauthorized parties, the press, and even your competitors. One of the major risks posed by off-premises or cloud storage is the risk that, in a multi-tenant environment, your data might be exposed to unauthorized personnel, including employees of the cloud storage provider itself. Whether this occurs deliberately and maliciously or through sheer accident doesn t matter critical data cannot leave an organization s security perimeter. Cloud storage, by its very nature, is a multi-tenant environment, with shared storage and processing resources controlled by an outside party with the potential to access customer s data. Placing your data in the hands of an outside party on shared hardware is risky, as any resulting data leakage would be a major violation of both security and business trust. After all, no one should be able to read your data except you. Consequences of data leakage range from public embarrassment, to the loss of intellectual property, to the failure of an entire business. Deletion, corruption, or loss of critical business intellectual property. Cloud storage is managed by a third party, with its own security, redundancy, and backup practices practices that you do not control. These practices might render your data vulnerable to deletion, corruption, or loss. Off-premises storage infrastructure should be highly redundant and offer true assurances for both data availability and accessibility. While such data threats might not result in public embarrassment or business loss, as exposure might, the impact could still be severe. Such data issues can impede or halt both special projects and routine collaboration. Furthermore, the IT problems resulting from loss of data all too often lead to loss of jobs.
3 Nasuni s Security Technology Nasuni addresses the risks associated with both on-premises storage as well as off-premises cloud storage. For example, we protect your on-premises data with features such as role-based access control, proxy support, and firewalls to limit access. This technology brief specifically addresses Nasuni s superior security for off-premises data, which incorporates: Military-grade encryption Complete data camouflage Best-of-breed cloud storage datacenters Military-grade encryption From the onset of the Internet, security experts understood that a public network would require serious rethinking of previous security models in order to thrive as a commercial entity. For decades, the security community has been working on the solid and trustworthy encryption technology that is used today. As a result, for example, billions of bank transactions occur daily with rock-solid security, and the commercial Internet can function in the trustworthy way that we have come to expect. This same technology forms the basis for Nasuni s bulletproof data security beginning with a solid foundation of unbreakable encryption. This starts with our customers utilizing their own encryption keys within the Nasuni Filer. Encryption with your keys ensures that your data can never be viewed or used, except by your organization not even by Nasuni. Each Nasuni Filer storage controller performs encryption on your premises before sending any information off-premises, so information is always encrypted both in transit and at rest.
4 Nasuni employs the non-proprietary OpenPGP protocol for public-key-based encryption and decryption. OpenPGP establishes a framework for how to combine widely available security algorithms into a secure system. OpenPGP s open standard and source code support an extensive and thorough review process. In addition, OpenPGP s open standard also means that data encrypted with one implementation of the standard can be decrypted with another implementation, thereby guaranteeing access to data in the future. OpenPGP combines symmetric and asymmetric encryption technologies that not only protect the data, but do so without compromising performance. Using fast symmetric encryption to encrypt data and slower asymmetric encryption to encrypt the keys allows data to be encrypted efficiently and at a high level of granularity. OpenPGP also specifies several important details, including proper salting (inputting random bits to a one-way cryptographic hash function) and cipher modes. OpenPGP s cipher feedback (CFB) mode also avoids the drawbacks of less secure techniques, such as Electronic Codebook (ECB). Along with OpenPGP, Nasuni employs the AES-256 standard for encryption. AES is the first publicly accessible and open encryption standard approved by the US National Security Agency (NSA) for topsecret information. AES-256 is a 256-bit symmetric cipher, far faster and more powerful than other common types of encryption. In addition to encrypting the data itself, the Nasuni Filer also encrypts metadata, both in transit and at rest. This means that no identifiable information not even file names or timestamps is decipherable once it leaves your premises. Encrypted file metadata includes the file name, file size, timestamps, access control information and location within the directory tree. Nasuni s advanced encryption technology also incorporates: Random session keys that eliminate the possibility of hackers detecting patterns and then reverseengineering the encryption keys. Secure Sockets Layer (SSL) that provides end-to-end confirmation of data transmission, revealing any attempt at deletion, corruption, or exposure. Built-in tamper alarms based on OpenPGP s Modification Detection Code (MDC), to detect any attempted tampering with data. Complete data camouflage The risk of data exposure is not just limited to the files themselves. A significant amount of information about a business can be determined simply by knowing a file name. Imagine if your competitors knew you had a file named: Acquisition_of_ACME_-_overlapping_overhead_-_potential_reduction_in_force.ppt Simply knowing the name of that file exposes your organization and a potential opportunity to inordinate risk. Metadata such as file names, file sizes and timestamps contain clues to your business and how you use your data. Rendering your data completely opaque to anyone outside your organization is essential to protect your data from exploits and exposure.
5 Nasuni s security further safeguards your data by disguising details about file names, file sizes and other metadata. This type of data camouflage is referred to as data obfuscation. Nasuni s data obfuscation strategies include: Sub-file chunking and compression disguises the size of each file, and foils attempts by malicious hackers to target large files. Chunking breaks large files into smaller optimally-sized pieces before sending each piece off-premises. This not only disguises the actual sizes of files, but also improves performance. Compression further changes the sizes of even small files, obscuring their true size even more. Fictitious quasi-random file names hide the actual, often revealing, file names. As discussed above, even a file name can reveal valuable information. For this reason, Nasuni generates fictitious, quasi-random file names that are unrelated to the actual file names. This further disguises the identity of the files while they are at rest off-premises. The result is that, even if someone were able to hack into the cloud storage, all they would see would be a huge number of indistinguishable files with long, incomprehensible file names, and no other revealing metadata. Best-of-breed cloud storage datacenters Encryption and data disguise eliminate the risk of exposure of your critical information, but cannot prevent data loss or deletion in off-premises cloud storage. For this, Nasuni relies on best-of-breed cloud storage providers that guarantee service levels and redundancy. Because Nasuni deals with all the major cloud storage providers, we continually monitor them for reliability, performance, available, and accessibility. Furthermore, we have developed proprietary cloud-testing methodologies that we use to determine the viability of any given cloud provider to survive a catastrophic failure or loss, so that your data remains safe in any contingency. The result of Nasuni s testing and work is contained in our State of Cloud Storage Providers report, which details how the major cloud storage companies compare to each other, and how we choose the best to work with. Our cloud storage partners deliver redundant storage that survives even under the most extreme failures. For this reason, Nasuni backs its storage solution with a Service Level Agreement (SLA) that guarantees that your data is 100-percent available, accessible, secure, and immutable. In addition to high levels of availability and redundancy, the best-of-breed cloud storage providers that Nasuni uses for off-premises storage have earned the highest level of industry-wide security certifications and accreditations, such as: PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliance, required for handling credit cardholder personal information. HIPAA compliant applications involving health-related and other personally identifiable information (PII). ISO certification for standardized management of information security. FIPS (Federal Information Processing Standard) Publication standard for non-military government agencies and government contractors.
6 Conclusion Nasuni safeguards your data with industry-leading security technology and practices that include: Military-grade encryption: Nasuni encrypts off-premises data and metadata with unbreakable industry-standard OpenPGP and AES-256 encryption. Only you hold your encryption keys, so only you can read and utilize your data. Complete data camouflage: Concealing off-premises data and metadata from third parties. Best-of-breed cloud storage datacenters: Demonstrating exemplary security technology and procedures with industry-leading certifications and accreditations. Using the Nasuni solution, global organizations can securely leverage the convenient access and unlimited capacity of cloud storage to provide a storage system with centralized control and shared access to data at multiple locations. 1 Lundell, Bill and Kao, Kristine, Research Brief: Remote/Branch Office Trends, Enterprise Strategy Group, September 2011
Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for
Your Guide to Cost, Security, and Flexibility What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility 10 common questions answered Over the last decade, cloud backup, recovery
A GUIDE TO Security and privacy in a Hosted Exchange environment What s inside this white paper: A two-page checklist for comparing the security of hosted Exchange providers Definitions for each element
Understanding and Selecting a Tokenization Solution Understanding and Selecting a Tokenization Solution 1 Author s Note The content in this report was developed independently of any sponsors. It is based
Protect what you value. Virtualization and Risk: Key Security Considerations for Your Enterprise Architecture Taking a structured and systematic view of the impact of hardware virtualization on IT risk
ericsson White paper Uen 307 23-3230 February 2014 Guiding principles for security in a networked society The technological evolution that makes the Networked Society possible brings positive change in
Institute of Parallel and Distributed Systems University of Stuttgart Universitätsstraße 38 D 70569 Stuttgart Diplomarbeit Nr. 3242 Data security in multi-tenant environments in the cloud Tim Waizenegger
SOME CLOUDS ARE MEANT TO BE KEPT PRIVATE Addressing the Application Needs of Business for Sensitive Data & Customized Applications WHITE PAPER Contents 1. EXECUTIVE SUMMARY 2. INTRODUCTION 3. THE RIGHT
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
JANUARY 2013 REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON Cyber Security and Reliability in a Digital Cloud JANUARY 2013 Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
www.ijcsi.org 487 A Framework for Secure Cloud Computing Ahmed E. Youssef 1 and Manal Alageel 2 1 Dept. of Information Systems, King Saud University Riyadh, 11543, KSA 2 Dept. of Information Systems, King
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
WHITE PAPER Security Solutions The Identity and Access Management Imperative: Securing the Extended Enterprise Introduction For nearly three years, a junior trader allegedly used stolen passwords and insider
Xerox Litigation Services In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Your Highest Priority is also Your Greatest Challenge Data breaches are not just
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
AWS Security Best Practices Dob Todorov Yinal Ozkan November 2013 (Please consult http://aws.amazon.com/security for the latest version of this paper) Page 1 of 56 Table of Contents Abstract... 4 Overview...