SG-TDE-AnyCloud​

SG-TDE-AnyCloud is a data security solution for sensitive information stored in a database or a file server deployed on any cloud platform – AWSAzureCentury-LinkGoogle, or within your own data center.

SG-TDE-AnyCloud

BENEFITS
  • Transparent Data Encryption
  • Works Across Multi/Hybrid Clouds
  • Protect Any Type Of Data Sets
  • Protect Data Against Malicious “root” User
  • Generate Tamper-Resistant Logs

Imagine being able to move your encrypted data across different computing platforms without having to worry about the data encryptions keys or decrypting the data sets first. That’s what SG-TDE-AnyCloud can do for you!

> Software agent

SG-TDE-AnyCloud is a data security solution for securing regulated information stored in a database or a file server deployed on any cloud platform – AWS, Azure, Google, or within your own data center. It usually takes less than 30 minutes to install and configure our solution. The SG-TDE-AnyCloud can be used to encrypt data stored in a MySQL, PostgreSQL, CouchDB or SFTP server.

It usually takes less than 30 minutes to install and configure our solution. The SG-TDE-AnyCloud can be used to secure data stored in a MySQL, PostgreSQL, MongoDB, CouchDB, SFTP, SAMBA or a Linux file server. The solution is designed to enable regulatory compliance with HIPAA/HITECH, GDPR, PCI DSS, FISMA, GLBA, SOX and FERPA.

Today’s computing requires enterprises to combine public clouds, private clouds, and on-premises resources to gain a competitive advantage.

However, solutions that are available within one cloud platform generally are not available within other cloud environments. This necessitates the use of different solutions to achieve the same results.

The SG-TDE-AnyCloud eliminates this problem by providing you with a data security solution that works on your servers deployed anywhere – any cloud or within your own data center. This in-turn lowers your operating costs and allows you to have a uniform solution across all platforms.

Enterprise-grade Data Security and Compliance

SG-TDE-AnyCloud has been certified to work with for the following application server

Any Linux Server, Any Cloud Platform

SG-TDE-AnyCloud can be used to secure data stored in a Linux server located on any public, private or hybrid cloud. Our security solution does not alter the end-user’s experience.

Life-time Key Management

There is no need to decrypt data and then re-encrypt when you decide to move your data from one compute platform to another. You can just move your encrypted bits without worrying about your data encryption keys since they will remain the same. This approach will allow to stay compliant even when data is in transition.

Store Keys On-Premises

SG-TDE-AnyCloud provides robust key management functionality. Different data owners can encrypt their data sets with their own master encryption key on the same machine. Data owners are able to rotate their encryption key to fulfill regulatory compliance requirements. Our solution provides key generation, key storage, key rotation and key revocation capabilities. The customer remains in full and absolute control of their own encryption keys at all times.

Based On Open-Source

SG-TDE-AnyCloud uses standard encryption functionality embedded within the mainstream Linux kernel. This functionality is based on a stackable file system that was developed by Erez Zadok, CTO, Server General Inc.

Transparent Data Encryption

Data privacy and regulatory compliance have become critical issues for private enterprises, public organizations, as well as the government. Managing and securing customer and patient information is a growing concern for IT departments, especially when operating in the cloud. SG-TDE-AnyCloud can help you to selectively encrypt data based on the sensitivity with different types of encryption algorithms. You are in control of your data encryption key while we provide secure storage so that your keys are available to you when you need them.

Low Overhead

SG-TDE-AnyCloud has low encryption overhead (typically less than 2%) which results in no material degradation in performance of a database server or a file server.

Role-Based Management

Many solutions cling to old security concepts that result in misplaced trust in the network/system administrator. This completely defies application’s access control logic as intended by the application vendor thereby exposing the application data to a whole host of attacks. SG-TDE-AnyCloud segregates management responsibilities based on roles in order to safeguard data.

Military Grade Security

SG-TDE-AnyCloud uses the AES encryption algorithm to encrypt data. This is the same algorithm that is used by the U.S. Military to secure their own secrets. Our solution is designed to transparently encrypt each and every sensitive data file with a unique and completely random key.

Protection Against A Malicious Root User

SG-TDE-AnyCloud controls access to the protected data sets via advanced access control mechanisms that make it challenging even for the “root” user to access the protected data sets in clear-text.

Tamper-Resistant Logs

All privileged operations conducted by the SG-TDE-AnyCloud administrators are logged within and outside of the administrative domain of our customers. This feature provides non-repudiation and is heavily relied upon by auditors. In fact each Server General command is stored at four different locations.

How Does it Work?

  • Install Server Genral Agent
    Install the SG-Agent on your server.The Agent installation takes less than 5 minutes.
  • Configure Server Agent
    -Configure SG Administrators
    -Generate/Store Encryption Keys
    -Create a Security Policy
    -Enforce It
  • Encrypt Data at Request
    Enforce the security policy which in turn will transparently encrypt data stored in the protected data sets using AES-256. No Application level change required.
  • Manage Encrption Keys
    You will be able to generate, store, rotate and revoke keys. We will encrypt your encryption keys and store the encrypted values in a locker deployed on-premises or within our global key management infrastructure.
  • Control Access
    All access to the protected data sets is denied unless explicitly granted by you. Even the "root" user is unable to access the sensitive information stored in the protected data sets in the clear text format.
  • Log at Multiple Locations
    Logs are stored locally on your server and at three outside locations.This prevents an attacker from rewriting history
  • That's It
    We make sure that your encryption keys are available to you when you need them and to no one else.

Technology

The core components of SG-TDE-AnyCloud are a data encryption engine, a key management engine, an access control engine, and a logging engine. Each component performs a critical function in securing sensitive information and collectively they provide active countermeasures against various types of attack vectors.
Data Encryption Engine

SG-TDE-AnyCloud includes a high-performance Data Encryption Engine, which provides strong encryption for all writes, and decryption for all reads. The Data Encryption Engine protects against theft of media, data images – even if intruders are able to obtain physical or electronic copies of data. The stolen data would be unusable without the decryption keys. Any probing of files would only yield blocks of ciphertext.

Key Management Engine

The Key Management Engine allows the customer to control their own encryption keys at all times. The encryption keys are stored in one or more key lockers deployed within the Server General global key management infrastructure. The encryption keys are themselves wrapped in another layer of encryption using a master key (a passphrase) that is only known to the data owner. This way only cipher blobs are stored in key lockers preventing other parties from deciphering them. The key management system allows customers to generate strong keys, rotate them on-demand, revoke any key at any time and store them in a secure location.

Access Control Engine

The Access Control Engine provides industrial strength access control that results in reduction of the ‘trust domain’. Only authorized SG-TDE-AnyCloud administrators, and not the system administrators, are able to access administrative functions: this one measure reduces the risk posed by rogue systems administrators (or any other entity that has progressed beyond perimeter security). The access control engine allows only authorized users to access the protected data sets. Even the “root” is denied access to protected data sets in the clear-text.

Logging Engine

The Logging Engine logs every administrative operation related to SG-TDE-AnyCloud in real-time at four different locations – on the host server and remotely within our cloud infrastructure. Data from these logs is crucial for a security audit as well as for compliance. In case of a regular server, an external or a malicious internal user may gain unauthorized access to the data – then perform acts to conceal the breach by removing or editing audit logs. However, this is not possible with SG-TDE-AnyCloud, as logs are stored outside the administrative domain of the entity.

SG-TDE-AnyCloud is certified to work on the following platforms​