The ultimate layered security solution to protect your mission-critical data and applications requires people skilled and trained in security, secure technologies, and strategically reliable operational workflow.
One technical tool that supports a defense-in-depth solution is encryption - both encryption of data at rest and data in transit.
Encryption of data at rest: Data at rest can include database fileshares, workstations, laptops, tablets, iPads, phones, USB drives, flash drives, data backup tapes, CDs and DVDs, cameras and external hard drives.
Within our encrypted cloud solution, we encrypt data as it is written to drives within a storage area network (SAN), using the enterprise-class storage solution, EMC VMAX SAN. Data is decrypted as it is read from the drives. This type of built-in encryption ensures no impact on cloud performance while ensuring no risk of stored data exposure.
Encryption of data in transit: Data in transit crosses the Internet, wireless networks, from tier to tier within an application, or across wired or wireless connections without being stored. Data in transit remains in a non-persistent state - where it's not being written to disk or other media or being retained.
The combination of VPNs (Virtual Private Networks), two-factor authentication for VPN access and SSL certificates provides a completely encrypted path for data to travel. Paired with encrypted data at rest in our SANs, this creates a complete encryption solution to secure data no matter where it is.
Find out what components comprise a complete defense-in-depth hosting solution in our diagram, and read our Encryption of Cloud Data white paper for more details:
|Data Encryption Services|
Encrypted Cloud Hosting
Paired with VPNs (Virtual Private Networks), two-factor authentication and SSL certificates, we can create a completely encrypted solution with both encrypted data at rest and in transit.
Two-factor authentication requires the use of one form of authorization (username/password), and an additional form of authentication to gain access to a network remotely. Two-factor authentication provides an extra layer of protection to ensure the user is truly the one who is allowed access to the network, and to protect against unauthorized entry.
SSL is a cryptographic protocol that can provide security as information is transmitted over the Internet. When a browser tries to connect with a website secured with SSL, the browser first requests that the web server identify itself. After the server sends a copy of its SSL certificate, the browser checks its credentials and approves it. The server then sends a digital signature to start an encrypted SSL session, and then encrypted data is shared between the browser and server.