When people think of securing data, their thought process usually begins and ends with encryption. Encryption is a great start but it is certainly not the end of an organization’s journey to properly secure their data. Along the long road to achieving security greatness should come a stop for talks about compliance. In this blog, I will take you on a quick journey about what is commonly needed for compliance with a cloud storage solution.
There are many different regulatory rules out there that organizations are using. For example, HIPAA is a set of security rules and safeguards that must be implemented when working with public health information and FIPS-140-2 is used by Government organizations to list requirements and standards for encryption used.
The good news is that there is some common ground between compliance regulations. Here are a few common requirements that organizations should consider on their compliance journey:
- Role-based Access
- Data Encryption
- Data Integrity
Role-based access helps separate permissions that users have to a system. For example, if user Jane is a doctor working in a medical facility, Jane should have complete access to her patients information. Jeff who works as the cloud storage administrator in the medical facility should only have access pertaining to maintaining the storage and not patient records.
Data should never be transmitted in plain text and that means encryption must be used to help secure confidential information. Most or all of the public cloud storage providers support encryption using SSL but what about the private cloud? A truly enterprise-ready private cloud storage solution will have this available.
Data integrity is important for compliance reasons because the receiver of the data or auditor must know that the data has not been tampered with. Common ways to achieve this is through Write once read many (WORM) support in a storage solution or with versioning capabilities featured in the Amazon S3 API.
Auditing is crucial for compliance and general system administration. Storage administrators should have a log of every change made to the system that can be referenced when needed in the future with details such as the user making the change, date and time of the change, name of the action performed, component changed, and any error messages.
Scality RING is an ideal solution for organizations wanting a secure private cloud storage solution that takes security and compliance needs seriously. Please check out the Data Security in the Scality RING White Paper to learn how Scality RING meets organizations’ compliance requirements.