Data security is complicated. Compliance with security regulations has never been more important than it is today. It takes a lot of work to ensure your organization has a solid security program in place. How can you ensure you’re doing everything you can to protect your organization’s data?
Here are the 5 things to keep in mind when picking a bulletproof enterprise data storage solution that not only satisfies the compliance requirements but also allows self-governance.
1. Ability to preserve the records in a non-rewritable, non-erasable format aka WORM (Write Once Read Many) — Most compliance regulations mandate that the records should be maintained in an unalterable medium for the required retention period so that they can be accurately reproduced for later reference. Cloudian® HyperStore® provides WORM protection for stored records by supporting the standards-based S3 “Object Lock” functionality. HyperStore uniquely identifies each record object using a combination of bucket name, object name, and version identifier. You can lock the objects for the desired time by specifying the retention period and selecting the mode as Compliance or Governance on a per-object basis. Additionally, a legal hold may also be placed on a record object to protect against modification, overwrite, and deletion until the legal hold is released.
2. Ability to prevent deletions or modifications at the filesystem level by the root user — Merely providing a software-based WORM functionality is not enough. Most of the available solutions restrict data modification operations to only account root users at the storage level. It is equally important to restrict access at the filesystem level by the root user. Cloudian HyperStore goes much further, disabling the root user at the filesystem level and enabling HyperStore Shell for systemwide protection. HyperStore has earned the Common Criteria for Information Technology Security Evaluation certification, with an Evaluation Assurance Level 2 (EAL2) designation and meets rigorous international security standards for use in government deployments.
3. Duplicate copy of record stored separately — Many compliance regulations mandate storing a second copy of the data, separately from the original. In case one copy is compromised, lost, or damaged, administrators and/or auditors should be able to recover from the other copy. By allowing storage policies on a bucket level, HyperStore allows customers to fulfill this requirement at bucket level granularity. In a distributed multiple data centers deployment, you can configure a data center assignment scheme. This determines which of your data centers to use for storing data, for each bucket.
4. Ability to readily download the records — Many compliance requirements necessitate an adequate capacity to readily download records and the associated metadata. HyperStore allows searching and downloading of the records using Cloudian Management Console, HyperStore Command Line Interface, and HyperStore S3-compatible APIs.
5. Audit logging — Monitoring user activity is essential to observe and prevent any unusual activity on the systems. All S3 client activity pertaining to setting Object Lock attributes on a bucket or on individual objects, and all S3 client attempts to delete locked objects, are logged in an audit log. For deeper analysis and forensics you can use Cloudian HyperIQ™ Enterprise, which provides user behavioral analytics to monitor the user and bucket level activity on the Cloudian HyperStore cluster.
Much of your organization’s success will be determined by how well you secure and use data and information technology. Ensuring that your organization is deploying the right security features and protections is more essential than ever before. Choosing a bulletproof enterprise data storage solution is required not only to meet compliance requirements but also to ensure business continuity and success.
Original blog post from Cloudian