Security

Security

HyperStore Data Security Features

When It Comes to Data Storage Security, You Can Afford the Best.

ransomware bug symbol

Ransomware attacks were the cause of 41% of the cyber-insurance claims filed over the first six months of 2020.* In this age of rampant malware and more remote work than ever, security may be the most important factor in your data storage decision.

Not all storage is the same.

Cloudian offers the most complete array of cyber-security certifications found in object storage. Get the best…and save money with the industry’s lowest total costs (up to 2/3 less), whether you’re looking for flash or disk.

Read on to find out the long list of government and third-party agencies who have tested our security and why you and your cyber-security insurer can trust it.

*Cyberscoop, September 2020

Cloudian HyperStore Data Security Features

Data Immutability / Ransomware Protection

Protect your data from deletion or encryption with S3 Object Lock / WORM (write once, read many) functionality. Once Object Lock is enabled, your data is made immutable and cannot be altered or deleted until the policy-defined retention period is met. Ransomware cannot encrypt the data. HyperStore is hardened by the use of HyperStore Shell (HSH) and RootDisable, securing the solution at the system level, even disabling root access to make the solution impregnable. Similar solutions typically have porous root access leaving system-level breaches possible. This is a hardened solution, verified in government testing, and is certified compliant with the non-rewritable, non-erasable storage requirements of  SEC Rule 17a-4(f).

object lock
security certifications

Security Certifications

Cloudian offers the most complete array of security certifications found in object storage.

Common Criteria Certification with EAL2 designation: Validates that HyperStore meets the stringent testing and technical requirements for security mandated by the U.S. National Security Agency (NSA) along with 25 other governments worldwide. HyperStore is one of only two object storage platforms to achieve this.

FIPS 140-2 Data Encryption Validation: NIST awarded Cloudian’s FIPS 140-2 Level 1 validation, signifying that HyperStore data encryption methods have been independently reviewed and tested.

HyperStore is also certified to meet the requirements of SEC Rule 17a-4(f)CFTC 17 C.F.R. § 1.31, FINRA 4511c, IDW PS 880 (German) and OR §§ 957ff (Swiss) regulations, and meets the data sanitization standards specified by NIST 800-88.

Secure Multi-Tenancy

Securely share a single storage environment among multiple users with multi-tenancy. HyperStore’s advanced identity and access-management features allow system administrators to provision and manage groups and users, define service classes, and configure billing and charge-back policies. Multiple credentials per user are also supported. Ensure that service levels are met with group and user-level quality of service (QoS) controls.

security-multi-tenancy
NIST US Dept of Commerce

Data Encryption: Data-at-Rest

To protect stored data, HyperStore employs AES-256 encryption, the specification established by the U.S. National Institute of Standards and Technology. HyperStore can perform granular encryption at a bucket or object level using a system-generated encryption key (regular SSE) or a customer-provided and managed encryption key (SSE-C). The object upload and download requests are securely submitted using HTTPS, and the system does not store a copy of the encryption key. You may also employ a third-party Key Management System to generate and manage keys (KMS).

Data Encryption: Data-in-Flight

The HyperStore system supports the TLS 1.2 and 1.3 protocols, standards established by the Internet Engineering Task Force. These allow for encrypted communications between HyperStore and S3 clients. HyperStore employs HTTPS connections with either a 3rd party CA certificate or a self-signed certificate.

IETF
active directory

Active Directory /LDAP Authentication

HyperStore supports integration with one or more external Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) systems to remotely authenticate and allow access to the Cloudian Management Console. Support can be enabled on a per-group basis, with the ability to use different groups and multiple AD or LDAP servers for authentication, or all LDAP-enabled groups leveraging the same LDAP server.

Identity Access Management (IAM)

HyperStore provides selective support for the Amazon Identity and Access Management (IAM) API. This support enables each HyperStore user to create IAM groups and IAM users within their own account. The user can then grant IAM user permissions for specific actions (i.e. reading or writing objects in a bucket or buckets). All S3 object data created by IAM users belong to the parent HyperStore (root) user account. The HyperStore parent user can delete IAM users without deleting any S3 object data.

ID card
security garbage can

Data Spill Protection

Cloudian HyperStore Secure Delete handles data spills while exceeding the NIST Special Publication 800-88-r1. Secure Delete can be set for “always-on” or “always off.” When a delete occurs, Secure Delete overwrites all blocks on all nodes that contain the object — with a method that exceeds the NIST 800-88 mandate of 0’s written three times — and then the file is deleted from disk. The Secure Delete process can be audited and verified by examining delete transactions in cloudian-hyperstore-request-info.log.

Hardened Solution

Cloudian HyperStore SEC17a-4 Cohasset Assessment Report

compliance certification

Data immutability verified in US Government certification testing
Get the Cohasset Associates Compliance Assessment to learn how Cloudian HyperStore, when properly configured, retains records requiring time-based retention in compliance with the recording and non-rewritable, non-erasable storage of electronic records of SEC Rule 17a-4(f). Additionally, the assessed capabilities of HyperStore meet the principles-based requirements of CFTC Rule 1.31(c)-(d).

Get the Assessment Report

SEC17a-4 report

Tackling Data Security and Compliance Challenges

Three questions every CIO should ask about their data storage security

Data security is complicated. Compliance with security regulations has never been more important than it is today. It takes a lot of work to ensure your organization has a solid security program in place. How can you ensure you’re doing everything you can to protect your organization’s data? It begins by asking good questions and pressing for clear answers—from your staff, your partners, and your service providers.

In this white paper, we exam three important security questions every CIO should ask about your data storage platform and why getting clear answers to each one matters.

1. How are we protecting data in-flight and data-at-rest?
2. Can our data be made immutable or tamperproof?
3. Does our data storage architecture meet our compliance requirements?

hyperiq dashboard

Try Cloudian free in your data center for 45 days, and see how easy it is to build your own private cloud.

Download the full-featured free trial of Cloudian® software and install it on any commodity hardware to build and test a public, private, or hybrid cloud solution.

Free Trial includes:

  • HyperStore – Enterprise Object Storage
  • HyperIQ – Observability and Analytics

Put the power of S3-compatible storage technology to work in your data center. And experience the simplicity of next-generation observability and analytics.

Get Started Free!

Compatible with hundreds of S3-enabled applications.

System Requirements
• Physical hardware or virtual machine
• 16GB RAM
• 1 Gigabit network interface

Try HyperStore for Free

Get Started With Cloudian Today