Cloud Storage Security – Who Should Hold the Keys?

Key management is an important consideration when it comes to deploying cloud storage in your enterprise environment. In this post, you’ll learn why.

March 14, 2018

Say “cloud storage” and some IT professionals cringe. The thought of using the cloud to store enterprise data evokes security, privacy, and compliance concerns. But advances in cloud technology – including the ability to deploy private cloud storage inside an enterprise data center – now bring security on-par with or ahead of traditional data center storage. Read on for reason 1 as to why cloud storage is now as secure as traditional data center storage.

Your Data is Encrypted – and You Hold the Keys

Do you lock your house? How about the valuables you keep in a safe or safe deposit box? Of course, the answer is yes.

If we translate this to files stored on a file server or Network Attached Storage (NAS) device in an enterprise data center, are they also protected? Traditional data centers typically use physical safeguards to protect against unauthorized access to facilities. But the bigger question is, how secure is the data within the facilities?

Increasingly connected networks, increasing attacks from within, and increasing sophistication of external malware and Ransomware attacks now make network breaches much more of a concern than physical breaches. Yet, files at rest in traditional data centers are typically not encrypted due to the age of the storage systems upon which they reside, as well as the cost and performance impact. This creates the same vulnerability as if you left your house or your safe deposit box unlocked.

By contrast, public cloud storage from vendors such as Amazon and Azure and private cloud storage from vendors such as Dell EMC and IBM, together with a global file system from a vendor such as Nasuni, ensure data is encrypted at rest and in flight. Nasuni uses AES 256-bit encryption keys to encrypt files as they are stored on Nasuni caching appliances in each location. They remain encrypted as they are transmitted over the network, and are still encrypted when they are written to cloud object storage.

Other cloud storage solutions also offer encryption. But going back to our original question, do you share copies of your house and safe deposit keys with everyone? Of course not. Nasuni takes this same approach with its encryption keys, giving you – and you alone – the ability to create and hold them. This way neither Nasuni nor the cloud storage provider can “see” the files that are stored.

Nasuni’s file services platform also provides data deduplication and compression for all objects written to cloud storage. If some nefarious third party was to gain access to the data objects in the cloud, they would need to somehow decrypt the objects (without having access to the AES keys), but also know how to un-compress and reassemble the objects into usable files. This extra layer of camouflage is another reason why cloud storage security concerns are a thing of the past when files are stored with Nasuni and public and private clouds.

Secure key management is one reason that cloud storage with Nasuni’s global file system is now as secure as traditional file infrastructure. To find out the 5 additional reasons, download the e-Guide “7 Reasons Cloud Storage is Now as Secure as Traditional Data Center Storage.”

[rev_slider alias=”eguide-6-reasons-cloud-security”]

Ready to dive deeper into a new approach to data infrastructure?