We launched our public beta last week, and users have begun testing the Nasuni Filer. A few have called us with an interesting question: How do I activate the encryption? The answer is simple: You do not have to. The Filer is secure by default.
Encryption is automatic, and it happens at your site. Your data is always encrypted on the wire and in the cloud.
We review some of this material in our Technology White Paper, but we will soon be publishing a detailed security white paper as well. In the meantime, here are a few key points about the unique security features of the Nasuni Filer.
The Nasuni Filer uses the OpenPGP and AES-256 standards to encrypt each chunk of data sent to the cloud. Encryption and decryption happen at your site, which means that data is always encrypted in the cloud and on the wire—when it is moving to or from the cloud.
Why use OpenPGP instead of developing something new? With encryption, the best option is the one that is already in use on countless systems. The one that has been attacked repeatedly and has not fallen over. In fact, AES-256 is so strong that the N.S.A. has approved its use for Top Secret material.
Our cloud partners provide access to a given account based on credentials. There are a number of ways we could have facilitated authentication. We could have simply opened a single, Nasuni-managed account, then used shared credentials for everyone. This would have made our lives easier, but it might have created a potential security risk. Other options—which we will detail in the forthcoming White Paper—offered strong security, but would have come with a performance hit.
Instead, each Nasuni customer receives unique credentials. Encryption ensures that no one can read your files, but individual cloud credentials rule out the possibility of someone deleting them. Unique credentials deliver the best combination of security and performance.
The Nasuni Filer doesn’t simply encrypt data. The Filer encrypts file names, sizes, time stamps—both data and metadata. We want to ensure that your data is completely opaque before leaving your site. This way, if someone were to hack into your cloud volume, they might see thousands and thousands of files, but all of those chunks of data would have equally long, random names. Furthermore, the size of each stored object will not match the size of the original.
This is just an overview; we will go into more detail in our next white paper. But it should give you an idea of how seriously we take security. With end-to-end encryption, unique credentials, and complete opacity, Nasuni keeps your data safe and secure.