Enterprise-class Data Security & Storage in the Cloud

 

When talking to enterprise IT professionals (our customers), the second-most frequently-referenced concern/consideration, second only to “don't lose or corrupt my data,” is “don't let anyone else see or steal my data.”

 

There are certain baseline security/privacy criteria that must be met prior to trusting a cloud storage solution with enterprise data.

 

Wireline Encryption

Using a storage service (as opposed to an inside-the-firewall solution) clearly implies a need to secure the data in transit from the enterprise to the service. Fortunately, this is increasingly facilitated by the protocols themselves. Most file transfer protocols and Web-optimized data storage protocols have encrypted versions readily available today, including sFTP, FTPS, and Secure WebDAV, run over HTTPS.

While we encourage customers to use these encrypted protocols, there are clearly use cases that require the use of unencrypted protocols. The solutions here are also tried and true — either encrypt prior to sending the data, contract for a dedicated network link, or work with the service provider to put in place a secure tunnel, such as a VPN.

 

Logical Partitioning Within Multi-tenancy

In order for enterprise IT professionals to have confidence using a cloud storage service for enterprise data, they must know that their data cannot be accessed while resident in service infrastructure. The first step to this is to ensure logical separation between customers at the “front door” of the service infrastructure — the initial customer access point to the service. Virtualization makes this easy. Simply house every customer's mount point as a unique URI within a distinct virtual machine instance. This way, you know that your access point is completely unique to you and is not a shared resource comingled with other users.

 

At-rest Encryption

Zetta provides a comprehensive, highly secure, enterprise-class data storage solution without the complexity, additional expense and associated management overhead needed to deploy secure storage within traditional storage products. In many cases Zetta's storage already meets or exceeds the compliance requirements customers face for their data storage.

 

All information stored on the Zetta system is encrypted “at rest” at all times using a full public Key infrastructure (PKI).

 

For more information, read Chris Schin's blog entries including “Data Security/Privacy.”