This is part four of a five-part blog series that will take a closer look at our new suite of data services that will help our customers to radically simplify file data management at scale. We’ve talked about NVMe Cached Performance, Qumulo Dynamic Scale, and Qumulo Instant Upgrade in previous posts. Here, we provide an overview of Qumulo Secure automated data encryption. Future blogs in this series will go more deeply into the other new data services included in this announcement.
Today’s enterprises require transparent, hardware-agnostic, on-by-default data security. They need to be protected from data theft that could leave them open to liability. Qumulo believes that the era of unencrypted data has come to an end and that our customers should expect their data to be cryptographically protected.
As data volumes grow, security and compliance teams face increasingly complex challenges.
Data security and compliance becomes especially important given increasing regulations across various industries and geographies, particularly when it comes to securing data at multi-petabyte-to-exabyte scales. At these massive data scales, organizations have historically struggled to protect their data-at-rest from threats. Attackers stealing drives directly from a node, or getting hold of decommissioned disks in the supply chain can be devastating events, and create a very real need for radically simple security and compliance for all data.
In the absence of a solid encryption solution, enterprises resort to methods such as physically destroying disks, but even those solutions are not fully secure, and don’t always meet necessary requirements of their security and compliance teams.
Automatically protect data from external threats
Qumulo’s introduction of software-based encryption to Qumulo Secure mitigates these challenges, giving customers confidence in their data security and offering flexibility in hardware choice with a fully transparent experience.
- The highest standards of encryption – for free.
Qumulo software-based encryption leverages the most rigorous AES-256 bit encryption standards for enterprise organizations. It is included in Qumulo Core free of charge.
- Protection from physical theft of disks.
Whether a disk is stolen from the cluster itself, or obtained through the supply chain after being decommissioned, Qumulo software-based encryption provides physical protection against malicious actors regardless of access vector.
- No hardware restrictions. Ever.
Software-defined, hardware agnostic encryption that is completely transparent to the end-user. There is no hardware controller, disk, or chip dependency. You choose the hardware, we do the rest.
- Integrated, fully transparent key-management.
Nothing to set up. Nothing to manage. Easy.
Our Qumulo Secure cryptographic module within Qumulo Core defines a clear security boundary around all the places within the software that uses cryptography to secure data at-rest, data in-flight, and data access.
With the Qumulo file data platform, data-in-flight is encrypted with our file access protocol support (SMBv3) and replication features. With the addition of Qumulo software-based encryption to Qumulo Secure, customers can further strengthen their security profile with complete data encryption — both in transit and at-rest. There is no longer a need to worry about potential bad actors reading data from stolen disks.
Figure 1: Under the Cluster → Overview page, you can confirm your cluster is indeed encrypted as seen in this screenshot
“With Qumulo making industry-standard AES-256 encryption a standard in their solution, I never need to worry about if my data is at risk.”
– Hanoz Elavia, Storage Administrator at Atomic Cartoons.
Compliance validations for security-sensitive industries
Qumulo is committed to supporting the most security-sensitive customers in industries such as public sector and federal agencies, financial services, healthcare and universities. Qumulo software-based encryption is an important step in completing required FIPS-2 and Common Criteria certifications required by organizations that demand standardized, hardened, and tested storage solutions that meet government security compliance regulations.
Software-based encryption is made possible by our bounded Qumulo Secure cryptographic module which is currently listed as ‘Implementation Under Test’ with NIST for FIPS 140-2. Stay tuned for more updates as validations continue!
The simplicity of Qumulo’s file data platform makes it easy and affordable for organizations to leverage the value of massive data sets distributed across on-prem and multi-clouds and ensures visibility into the data with uncompromising security and data protection.
Download this whitepaper, which provides a complete overview of the Qumulo software-based encryption solution.
You can find out what’s new in our latest software release, including new data services including Qumulo Secure.