Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            1288 - Cloud security

            Modified on Mon, 21 Jul at 12:50 PM

            Backup

            Each cloud account within a backup set gets its own encryption key when the account is created. Since the Cloud to Cloud backups are run by a single administrator of a tenant with many users, an encryption key is randomly generated for each of these cloud accounts. 

            The encryption key is then secured in Azure Key Vault to ensure it is neither available nor visible to anyone. The only entity that has access to this Key Vault is the Redstor Cloud to Cloud application itself, which is also hosted in the same cloud region in Azure.

            During the backup process, data blocks are compressed with LZ4 and then encrypted using the account's encryption key. This encryption occurs prior to data being transferred to the Storage Platform. TLS is used to authenticate the data transfer and to create a secure session between the account and the Storage Platform. 

            We use a symmetric-key cryptographic block cipher, 256-bit Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) or AES-GCM to ensure authenticated encryption, guaranteeing the integrity of your data. Through AES-GCM, the integrity of each block of data is verified using its inherent checksum before being stored on the Storage Platform. Files that have become corrupt or are missing on the Storage Platform (due to disk corruption, for example) are identified by integrity checks and are retransmitted to the Storage Platform at the start of each backup. If the connection to the Storage Platform is interrupted, the backup service resumes seamlessly, starting again at the beginning of the interrupted file.

             

            Recovery

            InstantData requires the account's encryption key to initiate a recovery. However, it is not secure to simply return the encryption key to the administrator. Instead, a short-lived session is created by the Redstor Cloud to Cloud application. A link generated from this session then allows a user for a limited time to recover the account's data without needing to enter its encryption key. For security purposes, the recovery link is only valid until the session expires.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0