Every organization looking to become compliant with the existing and emerging regulations will need to perform multi-dimensional analysis of how they are handling and storing personal data.
Ensuring data, particularly sensitive data, is secured when at-rest is critically important to data security.
The Enterprise File Fabric is a hybrid multi-cloud data management platform that provides a unified solution for data security, compliance, search and collaboration.
The Enterprise File Fabric’s FIPS certified encryption feature not only helps to ensure data is secured at-rest, but also adds an additional layer of encryption when data is stored remotely. This post explores the various encryption options that are available.
Organization Level Encryption
If you require to encrypt all data generated by the organization and its staff, then the File Fabric can be used to achieve this.
The Administrators of an Organisation can configure this from their File Fabric Policies screen, and once enabled, data that is written to the various storage silos mapped to the File Fabric, from that point onwards, will be encrypted using the encryption key that was previously set. The encryption happens transparently for end-users, with data being stream-encrypted before it reaches the storage.
In the event that storage is compromised, a common fear when storage is remote to the organization which with Cloud it often is, data residing there will still benefit from the File Fabric encryption and will be unreadable to any attacker.
- Single policy to enable encryption for all files.
- Consistent encryption across different storage systems
- Remote storage secure in the event of a direct breach
- Key management set by the organization and stored and administered by the File Fabric OR optionally stored within a Key Management Server (KMS) such as HashiCorp Vault.
Directory Level Encryption
As well as the entire storage system the File Fabric also supports FIPS-certificated encryption for nominated directories. This works in exactly the same way as the Organization Level Encryption, however, these policies can be applied at a more granular level on specified directories.
- Hybrid mode — un-encrypted data can still be read from the storage directly — encrypted data cannot be read from the storage. This is ideal, if for example you had a sensitive data directory that was stored on remote storage such as Amazon S3 or DropBox, and you wished to take extra security precautions to protect this data.
- Great for large sets of data that need to be kept secure, for example, employee records or customer information.
Individual File Encryption
The File Fabric also supports FIPS-certified encryption for individually nominated files.
When adding files through the File Fabric, if permitted to do so by File Fabric Administrators, end users can choose to encrypt specific files using a user-specified phrase. In a similar way to the other aforementioned types of encryption, the File Fabric will perform in-stream encryption of the users file. In contrast however, in this mode, the File Fabric does not retain the user’s Encryption Phrase, so this must be remembered by the user if they wish to retrieve the data at a later point.
- Individual File level / user level encryption
- Can be used in conjunction with Folder or Organization level encryption (if permitted)
- Encryption phrase known only to the person who encrypts the file
- Different encryption phrases can be used for different files