- 27 May 2021
- DarkLight
Cloud File Storage Encryption and Regulatory Compliance
- Updated on 27 May 2021
- DarkLight
Encryption
Encryption of data housed on the invidiaul vGateways will be determined by its hosting infrastructure. Within Expedient Enterprise Cloud, all SSD utilized for caching will leverage the underlying infrastructure to ensure data is encrypted at rest with AES256 algorithms. When deployed outside of EEC, responsibility of data at rest encryption lies with you or your infrastructure provider.
vGateways optionally offer software encryption of the caching drive if the underlying infrastrcuture does not provide sufficienct encryption mechanisms.
Utilizing software encryption on a vGateway may decrease its performance.
Data is also encrypted before it leaves a local vGateway device and is uploaded to the Global File System with a unique key for your Portal. The same AES256 alogrithms are utilized as data is packaged and encrypted before the upload begins over an HTTPS (TLS 1.2) connection to the Portal and the back end storage. Metadata is further encrypted at rest on the Portal infrastructure which is hosted within EEC. Data is also further encrypted at rest on the Cloud Object Storage back end.
Regulatory Compliance
The encryption libraries utilized by the Cloud File Storage platform have recieved FIPS 140-2 Certification, ensuring the methodoligies have been validated by a third party. FIPS certification is a 'gold standard' for encryption verification.