fbpx

Is your storage solution security compliant?

When people think of securing data, their thought process usually begins and ends with encryption.  Encryption is a great start but it is certainly not the end of an organization’s journey to properly secure their data. Along the long road to achieving security greatness should come a stop for talks about compliance. In this blog, I will take you on a quick journey about what is commonly needed for compliance with a cloud storage solution.

There are many different regulatory rules out there that organizations are using. For example, HIPAA is a set of security rules and safeguards that must be implemented when working with public health information and FIPS-140-2 is used by Government organizations to list requirements and standards for encryption used.

Compliance Regulations

The good news is that there is some common ground between compliance regulations. Here are a few common requirements that organizations should consider on their compliance journey:

  • Role-based Access
  • Data Encryption
  • Data Integrity
  • Auditing

Role-based access helps separate permissions that users have to a system. For example, if user Jane is a doctor working in a medical facility,  Jane should have complete access to her patients information. Jeff who works as the cloud storage administrator in the medical facility should only have access pertaining to maintaining the storage and not patient records.

Data should never be transmitted in plain text and that means encryption must be used to help secure confidential information. Most or all of the public cloud storage providers support encryption using SSL but what about the private cloud? A truly enterprise-ready private cloud storage solution will have this available.

Data integrity is important for compliance reasons because the receiver of the data or auditor must know that the data has not been tampered with. Common ways to achieve this is through  Write once read many (WORM) support in a storage solution or with versioning capabilities featured in the Amazon S3 API.

Auditing is crucial for compliance and general system administration. Storage administrators should have a log of every change made to the system that can be referenced when needed in the future with details such as the user making the change, date and time of the change, name of the action performed, component changed, and any error messages.

Scality RING is an ideal solution for organizations wanting a secure private cloud storage solution that takes security and compliance needs seriously.

Photo by Markus Spiske on Unsplash

News & events

1 Terabit per Second

Scality Delivers up to 10x savings

In the News

The redesigned and improved MetalK8s 2.X

Current Openings

Find the latest career opportunities

 

Get a Live Demo

Request a demonstration

 

SAN FRANCISCO, USA

149 New Montgomery Street, Suite 607
San Francisco, CA, 94105
Email: sales.us@scality.com
Telephone: +1 (650) 356-8500
Fax: +1 (650) 356-8501
Toll Free: +1 (855) 722-5489


PARIS, FRANCE

11 rue Tronchet
75008 Paris, France
Email: sales.eu@scality.com
Telephone: +33 1 78 09 82 70


WASHINGTON, D.C., USA

43777 Central Station Drive, Suite 410
Ashburn, VA 20147, USA
Email: sales.us@scality.com
Toll Free: +1 (855) 722-5489

TOKYO, JAPAN

Otemachi Bldg. 4F, 1-6-1, Otemachi
Chiyoda-ku Tokyo, 100-0004 Japan
Email: sales.japan@scality.com
Telephone: +81-3-4405-5400


LONDON, UNITED KINGDOM

Quadrant House, Floor 6
4 Thomas More Square
London, United Kingdom, E1W 1YW
Email: sales.eu@scality.com

Products

The most powerful data storage platform.

Protect, search and manage your data on any cloud.

RING

ON PREMISES, PRIVATE CLOUD STORAGE SOLUTION

ZENKO

DATA MANAGEMENT ACROSS
MULTIPLE CLOUDS

NAS ARCHIVER

TIER INACTIVE DATA FROM NAS TO SCALITY RING

Hardware Alliances

Delivering fully integrated solutions.

Learn More

Read about Scality data storage and management solutions.