The Nasuni Security Model

Similar documents
Nasuni UniFS a True Global File System

Nasuni for Oil & Gas. The Challenge: Managing the Global Flow of File Data to Improve Time to Market and Profitability

Business and IT Challenges

PCI DSS Compliance. White Paper Parallels Remote Application Server

Cloud FastPath: Highly Secure Data Transfer

Layer Security White Paper

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

This paper introduces the security policies, practices, and procedures of Lucidchart.

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

Watson Developer Cloud Security Overview

Security & Compliance in the AWS Cloud. Amazon Web Services

Projectplace: A Secure Project Collaboration Solution

Security Guide Zoom Video Communications Inc.

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Intermedia s Private Cloud Exchange

VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment

Accelerating the HCLS Industry Through Cloud Computing

Twilio cloud communications SECURITY

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

For USA & Europe January 2018

Rio-2 Hybrid Backup Server

For Australia January 2018

SECURE CLOUD BACKUP AND RECOVERY

Security and Compliance at Mavenlink

Security Information & Policies

Best Practices in Securing a Multicloud World

SECURITY PRACTICES OVERVIEW

Title: Planning AWS Platform Security Assessment?

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

SoftNAS Cloud Data Management Products for AWS Add Breakthrough NAS Performance, Protection, Flexibility

SIEMLESS THREAT DETECTION FOR AWS

WHITE PAPER Cloud FastPath: A Highly Secure Data Transfer Solution

Business and IT Challenges

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

Acronis Hybrid Cloud Architecture Unified Centralized Data Protection Web-based User Interface Deployed On-premises or in the Cloud.

Hybrid Cloud for Business Communications

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Safeguarding Cardholder Account Data

Google Cloud Platform: Customer Responsibility Matrix. December 2018

Eight Tips for Better Archives. Eight Ways Cloudian Object Storage Benefits Archiving with Veritas Enterprise Vault

TECHNICAL OVERVIEW OF NEW AND IMPROVED FEATURES OF EMC ISILON ONEFS 7.1.1

Commvault Backup to Cloudian Hyperstore CONFIGURATION GUIDE TO USE HYPERSTORE AS A STORAGE LIBRARY

powered by Cloudian and Veritas

Dyadic Security Enterprise Key Management

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

Hybrid Cloud NAS for On-Premise and In-Cloud File Services with Panzura and Google Cloud Storage

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

HIPAA / HITECH Overview of Capabilities and Protected Health Information

Glossary. Access Control List (ACL) ACL (Access Control List) Active Directory (AD) AD (Active Directory) Advanced Encryption Standard (AES)

APPLICATION & INFRASTRUCTURE SECURITY CONTROLS

The professional IT management platform

Getting Started with AWS Security

Custom hosting solutions orchastrated for your needs.

Microsoft Azure Security, Privacy, & Compliance

REFERENCE ARCHITECTURE Quantum StorNext and Cloudian HyperStore

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Microsoft Azure for AWS Experts

Evaluating Encryption Products

Information Security at Veritext Protecting Your Data

MigrationWiz Security Overview

CipherCloud CASB+ Connector for ServiceNow

Virtualization For Security Including Sandboxing Disaster Recovery High Availability Forensic Analysis And Honeypotting

Document Title: IT Security Assessment Questionnaire

Why is Office 365 the right choice?

Optimizing and Managing File Storage in Windows Environments

ArcGIS Online A Security, Privacy, and Compliance Overview. Andrea Rosso Michael Young

SignalFx Platform: Security and Compliance MARZENA FULLER. Chief Security Officer

Phoenix: Enterprise-Class Security. Advanced, multi-layered security that delivers the highest level of protection for today s enterprise.

DATA PROTECTION FOR THE CLOUD

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

ADDRESSING PCI DSS 3.0 REQUIREMENTS WITH THE VORMETRIC DATA SECURITY PLATFORM

TRACKVIA SECURITY OVERVIEW

World s Most Secure Government IT Solution

NAVIFY. Cloud Security with the NAVIFY Tumor Board. Compliant. Secure. Dependable.

Virtual Machine Encryption Security & Compliance in the Cloud

Transform your network and your customer experience. Introducing SD-WAN Concierge

HIPAA Regulatory Compliance

Security

Cloud Customer Architecture for Securing Workloads on Cloud Services

Storage Made Easy. SoftLayer

Executive Brief CHOOSING THE RIGHT MODEL FOR ENTERPRISE BACKUP & RECOVERY. The Executive Guide Q417-CON-10681

Solution Brief. Bridging the Infrastructure Gap for Unstructured Data with Object Storage. 89 Fifth Avenue, 7th Floor. New York, NY 10003

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Agenda. What is Cloud/Azure Azure Services & Scenarios Security Pricing

Countering ransomware with HPE data protection solutions

Understanding As-a-service: Teradata IntelliCloud

QuickBooks Online Security White Paper July 2017

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Data Encryption with ServiceNow

The Road to a Secure, Compliant Cloud

GDPR Update and ENISA guidelines

Transcription:

White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance requirements.

Executive Summary Storing data in a public cloud or as-a-service offering presents new and exciting capabilities for enterprises. This modern approach also changes the risk profile for data storage. Done right, cloud storage can actually improve data security. Nasuni is a cloud-native enterprise file services solution designed to leverage cloud object storage as an infinitely scalable, geo-redundant repository for unstructured data. To ensure the security of the data stored in the Nasuni platform, Nasuni has developed a robust security model that combines strong encryption and local authentication with the native capabilities of top-tier cloud storage providers. As a result, enterprises can store, protect, collaborate on, and manage their file data across multiple global locations through a single, scalable storage solution at unprecedented scale, without compromising on security. Managing the Security of Data in the Cloud Managing and protecting the security of shared critical data is a time-consuming, costly, and complex challenge. User authentication and access, together with data security in transit and at rest, are some of the biggest information security obstacles to any storage project, never mind one that is cloud-based. Today, even small enterprises maintain a presence in multiple countries, often on multiple continents. IT organizations must securely provide file sharing services to users in all locations and do so from afar while ensuring rapid access to the most up-to-date versions of files. This challenge is compounded by the nearexponential growth of the data itself and the complexity of secure office-to-office communication. Nasuni addresses the challenges of global access to shared data with a platform designed to leverage the unlimited capacity of cloud object storage. Powered by Nasuni UniFS, the first global file system that resides in the cloud, Nasuni offers primary storage (NAS), archive storage, backup, disaster recovery, and global file access in a single hybrid cloud solution. Nasuni has also designed in security technologies and practices to ensure data remains safe in transit and at rest in the cloud, in many ways improving upon the security models used in most traditional on-premises NAS deployments. Nasuni s Security Technology As a hybrid cloud solution, Nasuni must address the risks associated with both onpremises storage and cloud storage. Nasuni secures on-premises data with standard features such as role-based access control, proxy support, and firewalls to limit unauthorized access. This white paper delves into the unique security requirements of Nasuni s hybrid cloud platform, which incorporates:

Strong data encryption Top tier cloud storage datacenters Active Directory and LDAP integration Hardened appliances Rapid software releases Strong Data Encryption Nasuni s data security model begins with a solid foundation of strong encryption. The Nasuni Edge Appliances that send file data to the cloud while caching the active data locally for NAS-like access use encryption keys generated by our customers. Encryption with customer-controlled keys ensures that data can never be viewed or used by anyone outside the organization. Neither Nasuni nor the cloud provider (e.g. AWS, Azure, IBM, Dell EMC, etc.) can see the data. Each Nasuni Edge Appliance performs the encryption on-premises before sending the data off-premises, so the data is always encrypted both in transit and at rest. Figure 1: Nasuni s encryption model secures data at rest within on-premises Nasuni Edge Appliances, as well as in transit as data is being sent to the cloud Nasuni employs the non-proprietary OpenPGP protocol for public-key-based encryption and decryption. OpenPGP establishes a framework for how to combine widely available security algorithms into a secure system. OpenPGP s open standard and source code are continually enhanced through an extensive and thorough review process. OpenPGP combines symmetric and asymmetric encryption technologies that not only protect the data, but do so without compromising performance. Using fast symmetric encryption to encrypt the data and slower asymmetric encryption to encrypt the keys enables data to be encrypted efficiently and at a high level of granularity. OpenPGP also specifies several important details, including proper salting (inputting random bits to a one-way cryptographic hash function) and cipher modes. OpenPGP s cipher feedback (CFB) mode also avoids the drawbacks of less secure techniques, such as Electronic Codebook (ECB).

Along with OpenPGP, Nasuni employs the AES-256 standard for symmetric encryption. AES is the first publicly accessible and open encryption standard approved by the US National Security Agency (NSA) for top-secret information. In addition to encrypting the data itself, Nasuni Edge Appliances also encrypt metadata, both in transit and at rest. This means no identifiable information not even file names or timestamps is decipherable once it leaves customer premises. Encrypted file metadata includes the file name, file size, timestamps, access control information and location within the directory tree. Nasuni s encryption technology also includes: Random session keys that eliminate the possibility of detecting patterns and reverse-engineering the encryption keys. Transport Layer Security (TLS) that provides end-to-end confirmation of data security and integrity. Built-in tamper alarms based on OpenPGP s Modification Detection Code (MDC), to detect any attempted tampering with data. Top Tier Cloud Storage Datacenters Nasuni integrates with the premier providers of public and private cloud storage, including Microsoft Azure, Amazon Web Services (AWS), IBM Cloud Object Storage, and Dell EMC ECS. These cloud leaders have invested billions in their datacenters to ensure data reliability, performance, availability, and accessibility. Microsoft has invested $15 billion (USD) in its Azure global datacenter infrastructure. AWS Cloud operates 44 Availability Zones within 16 geographic Regions around the world. IBM has more than 55 global cloud data centers in 19 countries spanning 6 continents. Because of these investments, Nasuni s cloud storage partners offer georedundant storage with the highest levels of data durability and the highest industry security and compliance certifications. As a cloud-native solution, Nasuni inherits the capabilities of its cloud partners. In addition, Nasuni cloud services constantly monitor the object stores to ensure the availability and performance of Nasuni enterprise file services. Active Directory and LDAP integration As a hybrid cloud solution with on-premises components, Nasuni augments the security features of its cloud partners with strong on-premises security. Nasuni Edge Appliances join Active Directory and LDAP domains to leverage each customer s existing authentication and access control procedures. Data is accessed just as it would through a Windows File Server or any traditional NAS device using existing credentials and identities. All identity and user controls

already in place still apply. Existing ACLs can be migrated in with the data, or the migration to Nasuni can be used as an opportunity to clean up polluted ACL structures. Hardened Appliances Each Nasuni Edge Appliance is hardened using a default-deny approach. No ports are opened except the management port required to configure it. Once configured, no ports are opened beyond the ones needed to serve the configuration. For example, if no NFS mounts are defined, no NFS traffic will be accepted. In addition, the appliances include configurable on-board traffic partitioning, firewall and antivirus features. Rapid Software Releases A critical component of any strong security model is a commitment to rapid software updates and improvements. All Nasuni customers with an active subscription receive Nasuni updates. Nasuni proactively scans every release of its software and proactively monitors all licensed and open source components for security vulnerabilities. Vulnerabilities are rated using a four-tier scale of Critical, Important, Moderate, and Low impact. Critical vulnerabilities are prioritized for immediate attention, with fixes targeted for release within 3 business days or less through normal signed software update channels. The other classes of vulnerabilities are triaged and evaluated for remediation based on other roadmap priorities and customer impact. A Deeper Look at Compliance Nasuni has a two-pronged approach to compliance and certification. First, Nasuni adheres to its own security model: Customers generate and hold their own encryption keys. Nasuni and its employees never have access to customer data because it is transmitted and stored in encrypted form. Customers use their own cloud credentials, preventing Nasuni from being able to even access the encrypted cloud store. Communication between the Nasuni Management Console (NMC) and Nasuni Edge Appliances uses cloud message queuing, which is also encrypted using customer-controlled keys. Nasuni Edge Appliances only communicate with cloud storage and Nasuni services running in secure, compliant cloud datacenters. Second, the datacenters of Nasuni s cloud partners meet the highest industry compliance certifications and audit requirements, including: ISO 27001 certification for standardized management of information security

AIPCA SOC 1 and SOC 2 CSA STAR Certification including an available CAIQ PCI DSS (Payment Card Industry Data Security Standard) Level 1 compliance, required for handling credit cardholder personal information HIPAA-compliant applications involving health-related and other personally identifiable information (PII) as well as HITRUST FDA CFR Title 21 Part 11 Nasuni cloud storage partners provide detailed documentation of compliance as required by each compliance regime. If required, Nasuni can help obtain this documentation. Conclusion The rampant growth of unstructured file data and the need to share and collaborate on files globally have outpaced the capabilities of traditional onpremises NAS and file server infrastructures. Enterprises are running out of space, failing to meet business requirements, spending too much of their IT budgets, and, in some cases, compromising on security as they attempt to keep up. Cloud object storage is the new disk that, when combined with a cloud-native global file system like Nasuni UniFS, offers infinite capacity, advanced recovery points and recovery times, built-in disaster recovery, and global file access from any location. Nasuni enterprise file services builds on Nasuni UniFS and cloud storage to offer a modern, hybrid cloud solution for enterprises that need to store, protect, access, and manage fast-growing file data. As a hybrid cloud solution, Nasuni offers a unique combination of on-premises, intransit, and in-cloud security capabilities that enable IT organizations to safely leverage cloud storage while meeting stringent governance and compliance requirements. About Nasuni Nasuni ( NAS Unified ) is the leading provider of cloud-scale enterprise file services. Powered by Nasuni UniFS, the first global file system that resides in private and public cloud object storage, the Nasuni hybrid cloud platform transforms the way enterprises store, protect, share, and manage unstructured file data. By using Nasuni and their preferred cloud provider for Network Attached Storage (NAS) replacement, multi-site file collaboration, archiving, and data analytics, Nasuni customers are meeting global growth, workforce productivity, and cloud-first objectives, while also realizing massive IT cost savings. Nasuni is a privately held company based in Boston, Mass. For more information, visit.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback