The Nasuni Security Model



Similar documents
Understanding Security in Cloud Storage

BANKING SECURITY and COMPLIANCE

Complying with PCI Data Security

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

How To Get To A Cloud Storage And Byod System

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

UniFS A True Global File System

Healthcare Compliance Solutions

TOP SECRETS OF CLOUD SECURITY

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Security Policy Revision Date: 23 April 2009

Blaze Vault Online Backup. Whitepaper Data Security

Healthcare Compliance Solutions

Datacenter Hosting - The Best Form of Protection

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Brainloop Cloud Security

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Data Protection: From PKI to Virtualization & Cloud

PROTECTING DATA IN MULTI-TENANT CLOUDS

HIPAA Privacy & Security White Paper

Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Sync Security and Privacy Brief

Passing PCI Compliance How to Address the Application Security Mandates

DFW Backup Software. Whitepaper Data Security

BMC s Security Strategy for ITSM in the SaaS Environment

PRIVACY, SECURITY AND THE VOLLY SERVICE

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

Cloud Contact Center. Security White Paper

THE KEY TO DATA SECURITY

Accellion Security FAQ

SafeNet DataSecure vs. Native Oracle Encryption

We look beyond IT. Cloud Offerings

Cloud Contact Center. Security White Paper

Projectplace: A Secure Project Collaboration Solution

HIPAA COMPLIANCE AND

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Overview Servers and Infrastructure Communication channels Peer-to-Peer connections Data Compression and Encryption...

Famly ApS: Overview of Security Processes

Storage Infrastructure as a Service

How To Protect A Web Application From Attack From A Trusted Environment

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

Chapter 10. Cloud Security Mechanisms

DataTrust Backup Software. Whitepaper Data Security. Version 6.8

Online Backup by Mozy. Common Questions

WHITE PAPER

SureDrop Secure collaboration. Without compromise.

Voltage SecureData Web with Page-Integrated Encryption (PIE) Technology Security Review

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

1. Secure 128-Bit SSL Communication 2. Backups Are Securely Encrypted 3. We Don t Keep Your Encryption Key VERY IMPORTANT:

EMC CLOUDARRAY BEST PRACTICES: CLOUD STORAGE SECURITY AND DATA INTEGRITY

Accellion Security FAQ

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

What Data Thieves Don t Want You to Know: The Facts About Encryption and Tokenization

E-Book Security Assessment: NuvoMedia Rocket ebook TM

PCI DSS COMPLIANCE DATA

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

How Reflection Software Facilitates PCI DSS Compliance

WHY CLOUD BACKUP: TOP 10 REASONS

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

In-House Vs. Hosted Security. 10 Reasons Why Your is More Secure in a Hosted Environment

CONTENT SECURITY KRAMER S APPROACH TO SECURING DATA WITHIN WIRELESS TRANSMISSION KRAMER WHITE PAPER

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Data Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin.

HIPAA Security Matrix

Security Architecture Whitepaper

Effective End-to-End Cloud Security

CERTIFICATIONS / DATAFARMAR&B

Compliance and Security Challenges with Remote Administration

Privacy + Security + Integrity

Guide to Data Field Encryption

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Security. Microsoft Dynamics CRM Online: Security Features. White Paper

Alliance Key Manager Solution Brief

Apptix Online Backup by Mozy

GE Measurement & Control. Cyber Security for NEI 08-09

Cloud-Era File Sharing and Collaboration

Things You Need to Know About Cloud Backup

Five PCI Security Deficiencies of Restaurants

Privacy and Encryption in egovernment. Dewey Landrum Technical Architect CSO SLED West Sector CISSP August 11, 2008

9 REASONS WHY ENTERPRISES CHOOSE VAULTIZE FOR ENDPOINT DATA PROTECTION

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Microsoft Azure. White Paper Security, Privacy, and Compliance in

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

What you need to know about cloud backup: your guide to cost, security and flexibility.

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

FileCloud Security FAQ

Security and Data Protection for Online Document Management Software

Self-Encrypting Hard Disk Drives in the Data Center

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Our Key Security Features Are:

Delivering peace of mind in digital optimization: Clicktale's security standards and practices

How To Achieve Pca Compliance With Redhat Enterprise Linux

HIPAA Compliance for Mobile Healthcare. Peter J. Haigh, FHIMSS Verizon

Transcription:

Nasuni Security Model Nasuni s security architecture protects off-premises data, allowing enterprises to safely leverage cloud storage Executive Summary Storing data off-premises in cloud or as-a-service settings offers new and exciting capabilities for organizations, but unfortunately introduces new and different risks. Nasuni securely leverages cloud storage resources as the scalable and redundant backend storage in our solution. In order to use this storage effectively, Nasuni has developed robust security that combines superior encryption and datadisguising technology with top-tier cloud storage providers, to ensure the security of your data and give you peace of mind. With Nasuni, organizations can securely protect and manage their data for multiple global locations from a single centralized location. Managing the Security of Off-Premises Data Managing and protecting the security of shared critical data is a time-consuming headache. A recent ESG Research Brief indicates that user authentication and access, combined with data security in transit and at rest, are some of the biggest information security challenges for ROBO locations. 1 This already-diffi cult security problem is exacerbated by the necessity of supporting multiple satellite and branch offi ces around the world. Today, even small organizations often maintain a presence in multiple countries on several continents. Companies must securely provide critical data for such sites and do so from afar while still ensuring rapid access to the most up-to-date data at every location. This challenge compounds the near-exponential growth of the data itself with the additional complexity of secure offi ce-to-offi ce communication. Cloud storage offers attractive benefi ts, such as global access to shared data with unlimited storage capacity. Nasuni leverages cloud storage as part of our consolidated storage solution that delivers primary storage, backup, and offsite data protection, all in a single offering. Nasuni s deep security expertise and experience with off-premises storage enables us to implement security technologies and practices that guarantee your data remains safe even when stored in the cloud.

Your organization s off-premises data is vulnerable to a number of potential risks, especially: Exposure to unauthorized parties, the press, and even your competitors. One of the major risks posed by off-premises or cloud storage is the risk that, in a multi-tenant environment, your data might be exposed to unauthorized personnel, including employees of the cloud storage provider itself. Whether this occurs deliberately and maliciously or through sheer accident doesn t matter critical data cannot leave an organization s security perimeter. Cloud storage, by its very nature, is a multi-tenant environment, with shared storage and processing resources controlled by an outside party with the potential to access customer s data. Placing your data in the hands of an outside party on shared hardware is risky, as any resulting data leakage would be a major violation of both security and business trust. After all, no one should be able to read your data except you. Consequences of data leakage range from public embarrassment, to the loss of intellectual property, to the failure of an entire business. Deletion, corruption, or loss of critical business intellectual property. Cloud storage is managed by a third party, with its own security, redundancy, and backup practices practices that you do not control. These practices might render your data vulnerable to deletion, corruption, or loss. Off-premises storage infrastructure should be highly redundant and offer true assurances for both data availability and accessibility. While such data threats might not result in public embarrassment or business loss, as exposure might, the impact could still be severe. Such data issues can impede or halt both special projects and routine collaboration. Furthermore, the IT problems resulting from loss of data all too often lead to loss of jobs.

Nasuni s Security Technology Nasuni addresses the risks associated with both on-premises storage as well as off-premises cloud storage. For example, we protect your on-premises data with features such as role-based access control, proxy support, and firewalls to limit access. This technology brief specifically addresses Nasuni s superior security for off-premises data, which incorporates: Military-grade encryption Complete data camouflage Best-of-breed cloud storage datacenters Military-grade encryption From the onset of the Internet, security experts understood that a public network would require serious rethinking of previous security models in order to thrive as a commercial entity. For decades, the security community has been working on the solid and trustworthy encryption technology that is used today. As a result, for example, billions of bank transactions occur daily with rock-solid security, and the commercial Internet can function in the trustworthy way that we have come to expect. This same technology forms the basis for Nasuni s bulletproof data security beginning with a solid foundation of unbreakable encryption. This starts with our customers utilizing their own encryption keys within the Nasuni Filer. Encryption with your keys ensures that your data can never be viewed or used, except by your organization not even by Nasuni. Each Nasuni Filer storage controller performs encryption on your premises before sending any information off-premises, so information is always encrypted both in transit and at rest.

Nasuni employs the non-proprietary OpenPGP protocol for public-key-based encryption and decryption. OpenPGP establishes a framework for how to combine widely available security algorithms into a secure system. OpenPGP s open standard and source code support an extensive and thorough review process. In addition, OpenPGP s open standard also means that data encrypted with one implementation of the standard can be decrypted with another implementation, thereby guaranteeing access to data in the future. OpenPGP combines symmetric and asymmetric encryption technologies that not only protect the data, but do so without compromising performance. Using fast symmetric encryption to encrypt data and slower asymmetric encryption to encrypt the keys allows data to be encrypted efficiently and at a high level of granularity. OpenPGP also specifies several important details, including proper salting (inputting random bits to a one-way cryptographic hash function) and cipher modes. OpenPGP s cipher feedback (CFB) mode also avoids the drawbacks of less secure techniques, such as Electronic Codebook (ECB). Along with OpenPGP, Nasuni employs the AES-256 standard for encryption. AES is the first publicly accessible and open encryption standard approved by the US National Security Agency (NSA) for topsecret information. AES-256 is a 256-bit symmetric cipher, far faster and more powerful than other common types of encryption. In addition to encrypting the data itself, the Nasuni Filer also encrypts metadata, both in transit and at rest. This means that no identifiable information not even file names or timestamps is decipherable once it leaves your premises. Encrypted file metadata includes the file name, file size, timestamps, access control information and location within the directory tree. Nasuni s advanced encryption technology also incorporates: Random session keys that eliminate the possibility of hackers detecting patterns and then reverseengineering the encryption keys. Secure Sockets Layer (SSL) that provides end-to-end confirmation of data transmission, revealing any attempt at deletion, corruption, or exposure. Built-in tamper alarms based on OpenPGP s Modification Detection Code (MDC), to detect any attempted tampering with data. Complete data camouflage The risk of data exposure is not just limited to the files themselves. A significant amount of information about a business can be determined simply by knowing a file name. Imagine if your competitors knew you had a file named: Acquisition_of_ACME_-_overlapping_overhead_-_potential_reduction_in_force.ppt Simply knowing the name of that file exposes your organization and a potential opportunity to inordinate risk. Metadata such as file names, file sizes and timestamps contain clues to your business and how you use your data. Rendering your data completely opaque to anyone outside your organization is essential to protect your data from exploits and exposure.

Nasuni s security further safeguards your data by disguising details about file names, file sizes and other metadata. This type of data camouflage is referred to as data obfuscation. Nasuni s data obfuscation strategies include: Sub-file chunking and compression disguises the size of each file, and foils attempts by malicious hackers to target large files. Chunking breaks large files into smaller optimally-sized pieces before sending each piece off-premises. This not only disguises the actual sizes of files, but also improves performance. Compression further changes the sizes of even small files, obscuring their true size even more. Fictitious quasi-random file names hide the actual, often revealing, file names. As discussed above, even a file name can reveal valuable information. For this reason, Nasuni generates fictitious, quasi-random file names that are unrelated to the actual file names. This further disguises the identity of the files while they are at rest off-premises. The result is that, even if someone were able to hack into the cloud storage, all they would see would be a huge number of indistinguishable files with long, incomprehensible file names, and no other revealing metadata. Best-of-breed cloud storage datacenters Encryption and data disguise eliminate the risk of exposure of your critical information, but cannot prevent data loss or deletion in off-premises cloud storage. For this, Nasuni relies on best-of-breed cloud storage providers that guarantee service levels and redundancy. Because Nasuni deals with all the major cloud storage providers, we continually monitor them for reliability, performance, available, and accessibility. Furthermore, we have developed proprietary cloud-testing methodologies that we use to determine the viability of any given cloud provider to survive a catastrophic failure or loss, so that your data remains safe in any contingency. The result of Nasuni s testing and work is contained in our State of Cloud Storage Providers report, which details how the major cloud storage companies compare to each other, and how we choose the best to work with. Our cloud storage partners deliver redundant storage that survives even under the most extreme failures. For this reason, Nasuni backs its storage solution with a Service Level Agreement (SLA) that guarantees that your data is 100-percent available, accessible, secure, and immutable. In addition to high levels of availability and redundancy, the best-of-breed cloud storage providers that Nasuni uses for off-premises storage have earned the highest level of industry-wide security certifications and accreditations, such as: PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliance, required for handling credit cardholder personal information. HIPAA compliant applications involving health-related and other personally identifiable information (PII). ISO 27001 certification for standardized management of information security. FIPS (Federal Information Processing Standard) Publication 140-2 standard for non-military government agencies and government contractors.

Conclusion Nasuni safeguards your data with industry-leading security technology and practices that include: Military-grade encryption: Nasuni encrypts off-premises data and metadata with unbreakable industry-standard OpenPGP and AES-256 encryption. Only you hold your encryption keys, so only you can read and utilize your data. Complete data camouflage: Concealing off-premises data and metadata from third parties. Best-of-breed cloud storage datacenters: Demonstrating exemplary security technology and procedures with industry-leading certifications and accreditations. Using the Nasuni solution, global organizations can securely leverage the convenient access and unlimited capacity of cloud storage to provide a storage system with centralized control and shared access to data at multiple locations. 1 Lundell, Bill and Kao, Kristine, Research Brief: Remote/Branch Office Trends, Enterprise Strategy Group, September 2011

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information