HyperStore Data Security Features
When It Comes to Data Storage Security, You Can Afford the Best.
Ransomware attacks were the cause of 41% of the cyber-insurance claims filed over the first six months of 2020.* In this age of rampant malware and more remote work than ever, security may be the most important factor in your data storage decision.
Not all storage is the same.
Cloudian offers the most complete array of cyber-security certifications found in object storage. Get the best…and save money with the industry’s lowest total costs (up to 2/3 less), whether you’re looking for flash or disk.
Cloudian HyperStore Data Security Features
Data Immutability / Ransomware Protection
Protect your data from deletion or encryption with S3 Object Lock / WORM (write once, read many) functionality. Once Object Lock is enabled, your data is made immutable and cannot be altered or deleted until the policy-defined retention period is met. Ransomware cannot encrypt the data. This is a hardened solution, verified in government testing, and is certified compliant with the non-rewritable, non-erasable storage requirements of SEC Rule 17a-4(f).
Cloudian offers the most complete array of security certifications found in object storage.
Common Criteria Certification with EAL2 designation: Validates that HyperStore meets the stringent testing and technical requirements for security mandated by the U.S. National Security Agency (NSA) along with 25 other governments worldwide. HyperStore is one of only two object storage platforms to achieve this.
FIPS 140-2 Data Encryption Validation: NIST awarded Cloudian’s FIPS 140-2 Level 1 validation, signifying that HyperStore data encryption methods have been independently reviewed and tested.
HyperStore is also certified to meet the requirements of SEC Rule 17a-4(f), CFTC 17 C.F.R. § 1.31, FINRA 4511c, IDW PS 880 (German) and OR §§ 957ff (Swiss) regulations, and meets the data sanitization standards specified by NIST 800-88.
Securely share a single storage environment among multiple users with multi-tenancy. HyperStore’s advanced identity and access-management features allow system administrators to provision and manage groups and users, define service classes, and configure billing and charge-back policies. Multiple credentials per user are also supported. Ensure that service levels are met with group and user-level quality of service (QoS) controls.
Data Encryption: Data-at-Rest
To protect stored data, HyperStore employs AES-256 encryption, the specification established by the U.S. National Institute of Standards and Technology. HyperStore can perform granular encryption at a bucket or object level using a system-generated encryption key (regular SSE) or a customer-provided and managed encryption key (SSE-C). The object upload and download requests are securely submitted using HTTPS, and the system does not store a copy of the encryption key. You may also employ a third-party Key Management System to generate and manage keys (KMS).
Data Encryption: Data-in-Fligh
The HyperStore system supports the TLS 1.2 and 1.3 protocols, standards established by the Internet Engineering Task Force. These allow for encrypted communications between HyperStore and S3 clients. HyperStore employs HTTPS connections with either a 3rd party CA certificate or a self-signed certificate.
Active Directory /LDAP Authentication
HyperStore supports integration with one or more external Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) systems to remotely authenticate and allow access to the Cloudian Management Console. Support can be enabled on a per-group basis, with the ability to use different groups and multiple AD or LDAP servers for authentication, or all LDAP-enabled groups leveraging the same LDAP server.
Identity Access Management (IAM)
HyperStore provides selective support for the Amazon Identity and Access Management (IAM) API. This support enables each HyperStore user to create IAM groups and IAM users within their own account. The user can then grant IAM user permissions for specific actions (i.e. reading or writing objects in a bucket or buckets). All S3 object data created by IAM users belong to the parent HyperStore (root) user account. The HyperStore parent user can delete IAM users without deleting any S3 object data.
Data Spill Protection
Cloudian HyperStore Secure Delete handles data spills while exceeding the NIST Special Publication 800-88-r1. Secure Delete can be set for “always-on” or “always off.” When a delete occurs, Secure Delete overwrites all blocks on all nodes that contain the object — with a method that exceeds the NIST 800-88 mandate of 0’s written three times — and then the file is deleted from disk. The Secure Delete process can be audited and verified by examining delete transactions in cloudian-hyperstore-request-info.log.