One of the core features of the Nasuni Filer is its end-to-end encryption. We strongly believe that the cloud is the future of storage, but unfortunately, most cloud providers out there today simply don’t have built-in encryption. Yet this is a critical feature for the long-term adoption of cloud storage. With that in mind, we’ve been working to design and implement a data security system that provides strong security while remaining easy to use and manage.
It’s not enough to simply “support” security and encryption—they should be designed into the system from the start. And they should be integral to the functionality of that system. The Nasuni Filer’s encryption features are always on and completely transparent.
To achieve strong data security, the user of the storage system must be in control of not only the data, but also the keys used to secure that data. Furthermore, any encryption scheme must not rely on secrecy (other than the actual key), obscurity, or trust (see Kerckhoff’s Principle).
At Nasuni, we take these ideas to heart. We're happy to tell you how our encryption works, because telling you in no way makes the system less secure.
OpenPGP
Within the Nasuni Filer, we use open standards for encryption (see “Why We Use OpenPGP”), and all encryption keys are stored locally on your Nasuni Filer. At no point are keys stored remotely in the cloud. Similarly, all encryption of your data happens before your data is sent over the wire to the cloud storage host of your choice.
Metadata is treated the same way, and we use SSL on the wire, even though all the data we are transferring is already encrypted. This helps avoid leaking even our commands to the cloud storage provider.
The point of all this is to go beyond a simple policy of not reading customer data. At Nasuni, we don't want anyone reading your data but you. This applies to cloud storage providers, network providers, and our team here at Nasuni. We don't need access to your keys for the system to work—and we don’t want it.
Key Management
We're happy to create keys automatically, if you like, and can even escrow a copy for disaster recovery, or you can provide an OpenPGP key of your own (generated with PGP or GnuPG) and handle your own escrow. The choice is yours, and your key never leaves your control without your permission.
We know that occasionally a key may be compromised, so you can add, enable, or disable keys at any time. You can upload a new key and retire the old one. New data to the cloud is encrypted using only the new key.
You can see Cloud Volume key management here:
One of the things that causes people and companies to sometimes forgo using strong data encryption is the fear that encryption can be confusing or difficult to manage. This is why we’ve focused on making a user interface that may be deceptively simple on its face, but is very powerful on the back end.
An Intuitive UI
If you go to the administration UI for your Filer, click on configuration and then “Security/Encryption” and you will see this:
This page is an inventory of the encryption keys on your Filer, and which Cloud Volumes use them. When you first boot a new Filer, it makes a new Cloud Volume named "files", and automatically generates a 2048 bit RSA key that uses the AES-256 cipher to encrypt. You are free to use this key or provide your own. At any point, you can click on “Upload Key”—the next form will prompt you for two pieces of information:
- An OpenPGP secret key file.
- The passphrase for that key, if any.
You can upload one or any number of keys in a single step. Once you upload, the keys pass through several levels of verification to ensure they are well-formed. The system checks to see that the keys are not expired or revoked, that they include an encryption component (necessary as OpenPGP supports signature-only keys), etc.
Fast Disaster Recovery
In the case of a disaster recovery (meaning that you are recovering a Filer that has been completely destroyed), the new Filer detects that your account has already been activated, and prompts you to upload any keys that have been in use previously:
Once the keys have been restored, your new Filer is good to go, and able to read all data that was written by the earlier, lost Filer.
Security is part of the DNA of our company. We believe that for the cloud to really be usable as primary storage, it must be encrypted using open and vetted standards, and you, the user, must have full control over the encryption keys used by the Filer.