WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Transcription

1 WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. We have been doing this successfully for over a decade for customers that range from Fortune 100 companies in the financial services sector to small businesses with fewer than 25 employees. Despite this diversity, all of our customers are bound by a common interest: achieving the highest levels of security while their data is in motion. Cloud FastPath s unique architecture creates the most secure solution for moving data to and from cloud-based storage services, and Tervela continuously invests in robust security measures to protect customer data as it moves. This whitepaper describes our approach to making Cloud FastPath security the best in the business. The Cloud FastPath Architecture Cloud FastPath provides a simple, fast, and fully automated means of moving your files to and from cloud-based storage services. This advanced data migration solution eliminates the need to ship disks or set up manual FTP jobs, overcoming the frustration associated with moving large amounts of data to the cloud. Most importantly, Cloud FastPath has been built on a highly secure architecture that is designed to protect your critical data in a number of ways. The Cloud FastPath architecture is depicted in Figure 1. Figure 1: The Tervela Cloud FastPath Architecture

2 Security Begins at the Point of Presence The Tervela Cloud FastPath architecture achieves exceptional data security and performance through the use of software near the source and destination for each data transfer called Points of Presence, or POPs for short. Customers control the POPs via Tervela s easy-to-use web application, which can be found at Using Cloud FastPath, when data is transferred from a local file system or mapped network drive to a customer POP, it remains behind the firewall. Since it does not leave the customer premises, this data is sent in its native unencrypted form. When customer data needs to travel from one cloud-based file service to another, it flows only through the customer s POPs, as described in the following steps: 1. The data is first encrypted 2. It then moves from the source to a customer POP near that source 3. The encrypted data travels directly to a POP near the destination 4. It then moves from the POP to its end destination, and is unencrypted This data flow is key to ensuring that customer data remains safe. With the Cloud FastPath architecture, customer data never touches the cloudfastpath.com service. It is transmitted directly between customer POPs. Moreover, except for the few bytes flowing through the POP at a given moment, data is never stored in the POPs. Those few bytes are kept in a temporary buffer that is used for protocol transformation, and discarded at the completion of that operation. It is never cached, staged or persisted in any way. In fact, it never even touches a disk as it is being transferred. And all the data is kept encrypted at every possible stage as it moves from the source to the destination. Using the System: Why it's Secure Cloud FastPath offers an extremely secure system for data movement. This security spans every step of the process - from account setup through data transfer. Step 1: Getting Started with Cloud FastPath - Account Credential Security The first step in using Cloud FastPath is to sign up at Registration requires an address and password. For security we do not retain this password we only retain enough information to check that the customer knows the password. If a password is lost, the customer will need to establish a new one. Customer IT personnel may be interested to know the Cloud FastPath application includes a programmable interface, or API. This facility allows customers to write scripts that use Cloud FastPath for customized data movement tasks such as regular backups or keeping two sites in sync. When using the API, ensure that the information

3 it requires to authenticate with the service is not exposed to untrusted parties. Two schemes are available for providing these credentials to the API: a securely permissioned configuration file and industry standard OAuth2. Step 2: Installing POPs - Understanding their Security Once you have an account you will typically install two POPs: one for your data's source and one for its destination. Ideally each POP is geographically close to the data storage system with which it is working. In the common case of moving data from your office computers or datacenter servers into the cloud, this means installing one POP on-premises and a second POP at, or close to, the cloud storage provider you are using. While you may choose to run your own POPs, Tervela provides the option to run the second POP op your behalf close to your preferred storage vendor. That is both convenient and ensures the highest consistent performance for your data transfers. The customer has many choices for how to run the on-premises POP, but the most common scenario is to download our Windows agent, which automatically installs the source POP for you. Once you have installed the POP, it is managed from the Cloud FastPath web application. POPs need access to the data they are going to be transporting. There are numerous kinds of storage systems. Popular on-premises examples include local Windows file systems, Windows network shares and mapped drives, and Unix's Network File System (NFS). In the cloud, each major vendor has its own storage system offering. Therefore, once you have installed a POP, you need to instruct it on which storage system it will be accessing. Step 3: Transferring Data: How Data in Motion is Kept Secure Once the customer has set up the POPs and informed them of the storage systems they will be accessing, the last step is to create and run a data transfer job. When this job runs, the Cloud FastPath web application orchestrates the entire transfer by instructing the source and destination POP how to contact each other. This enables the POPs to establish a high bandwidth connection in service of the transfer. To ensure that the transfer is secure, this connection is encrypted using industry standard Transport Layer Security (TLS), or more casually known as SSL. This is the encryption used for online commerce and banking that most of us know as HTTPS. Each POP authenticates with the other POP using TLS certificates issued by the Cloud FastPath in-house certificate authority. This enables Cloud FastPath to revoke the certificates, should a security issue arise. This can be done when the user deletes a POP, closes his account, or suspects that his POP may have been compromised. This design also ensures that access to an arbitrary POP, such as one belonging to another customer, is never allowed.

4 How Cloud FastPath Uses File System Properties The Tervela Cloud FastPath service queries a limited set of file system properties to orchestrate secure, cloud-based data migration. This information is used to facilitate file synchronization, to map user names and file permissions from the source to the destination and for reporting and accounting purposes. File system properties that may be retrieved by Cloud FastPath include basic file information such as file name, file size, creation date, last modification time, and the access control list for each file. To do this, Cloud FastPath queries the file system of the machine or service on which it is running. This information is encrypted and streamed to the Cloud FastPath secure servers, where it is used for reporting and analytics on transfer results, and to generate an account mapping spreadsheet. The operator then makes modifications to produce an accurate mapping of current user names to their corresponding account names at the destination. This spreadsheet is sent over an encrypted network connection both to and from the operator, and the resulting records are stored in a secure database within the Cloud FastPath service. NOTE: access control lists are only queried when using the account and permission mapping features of the Tervela Cloud FastPath service. The Security of Cloud FastPath Hosted Data Centers The Cloud FastPath service is hosted and managed in data centers that are compliant with SSAE 16 Type II reporting requirements, and use advanced measures for redundancy, availability, physical security and continuity. This means, among other things that: the data centers are highly available and offer n+1 or greater redundancy to ensure disaster recovery and business continuity the equipment is physically secure with on-site monitoring, guards and access controls and logging Tervela Operational Security To deliver the highest levels of security for our customers, Tervela goes beyond simply protecting the architecture of our data movement solutions, and has built security into the culture of our company. Building Security into our Policies and Procedures In addition to safe software and infrastructure, security depends on people, policies and practices. Our employees are trained on our policies and procedures which we maintain, review and update regularly. The following represent some of the many internal policies we enforce as part of our ongoing commitment to the highest levels of security.

5 Employee background checks Corporate facility access Password management Access privileges Software upgrade and patch management Incident response procedures Disaster recovery We also work to maintain the security of our corporate networks and files, with: Network and host intrusion detection systems Log reporting, analysis, archiving and retention Internal monitoring and reporting Vulnerability scanning Remote network access through VPNs with multi-factor authentication In addition, we engage third-party network security testing to find potential vulnerabilities. Our Incident Response Team handles any significant security or service events according to our defined policy. If, despite all other protections in place, your data is accessed without authorization, we will notify you. Responding to Security Events Cloud FastPath is designed to ensure that we can respond quickly when new security issues arise. For example, TLS is a very critical piece of software and so it is the focus of a lot of attention. As a consequence, the community that works on TLS regularly fixes flaws in its implementation. When these flaws are discovered a race unfolds to fix and deploy those fixes before bad actors take advantage of those flaws to compromise systems. One benefit of the architecture of Cloud FastPath is that it helps us win this race. Both the cloud application and the POPs can be quickly upgraded with new components that address flaws in the software. Managing Insider Risk Technology is only one part of the challenge of a good security design. People are also part of the challenge. How can we trust the people who work on Cloud FastPath? This risk is sometimes referred to as insider risk, i.e. the risk that a disgruntled member of the staff or a vendor may choose to do something inappropriate. Managing insider risk is again dramatically simplified by the design of Cloud FastPath since we have no direct access to the customer's data. Any access must be done indirectly via the POPs, which are are under the user s direct control. To further access the related storage systems requires access to the credentials for that storage system, which are inaccessible without access to both the POP and the web service.

6 Furthermore, we limit who in the organization has access to the running services. Their credentials for access to those services are protected by two-factor authentication. When necessary we can quickly and entirely revoke their access by revoking their credentials. That is key not only in the scenario where they lose our trust, but also in the unlikely event that they lose control over their credentials via theft or other compromise. Summary Cloud FastPath is not just designed to be fast and easy to use. It was designed from the ground up to provide the customer with a trusted way to move their data. The cornerstone of this design is that we never move customer data through our web application's servers. Access to the customer data is limited to the minimum number of points, i.e. one POP near the source and one near the destination. Then we build on that foundation by taking unique care of the credentials that enable access to the systems on which our customers data is stored. And we encrypt all data on a carefully authenticated channel, allowing the POPs to be disabled should the need arise. We maintain policies and procedures to ensure visibility, accountability, and control over our operating environment. And we take great care to ensure that the entire system is designed and operated so we can respond quickly to new security problems as they emerge, including issues that might occur with our own staff.