A Data Encryption Service For Cloud Servers
The core components of SG- TDE are a data encryption engine, a key management engine, an access control engine, and a reporting engine. Each component performs a critical function in securing sensitive information and collectively they provide active countermeasures against various types of attack vectors.
Data Encryption Engine
Server General TDE includes a high-performance Data Encryption Engine, which provides strong encryption for all writes, and decryption for all reads. The Data Encryption Engine protects against theft of media, data images – even if intruders are able to obtain physical or electronic copies of data. The stolen data would be unusable without the decryption keys. Any probing of files would only yield blocks of ciphertext.
Key Management Engine
The most important component of the Server General TDE is its Key Management Engine, which allows the customer to control their own encryption keys at all times. The encryption keys are stored in one or more key lockers deployed within the Server General global key management infrastructure or within customer’s own network. In both instances, the encryption keys are themselves wrapped in another layer of encryption using a master key (a passphrase) that is only known to the data owner. This way only cipher blobs are stored in key lockers preventing other parties from deciphering them. The key management system allows customers to generate strong keys of length of 256, rotate them on-demand, revoke any key at any time and store them in a secure location.
Access Control Engine
The Access Control Engine provides industrial strength identification and authentication mechanism that results in reduction of the ‘trust domain’. Only authorized Server General TDE administrators are able to access administrative functions: this one measure reduces the risk posed by rogue systems administrators (or any other entity that has progressed beyond perimeter security). The access control engine allows only authorized users to access the protected data sets.
The Logging Engine logs every administrative operation related to Server General TDE. The logs are stored at four different locations - on the server and remotely within our cloud infrastructure. Data from these logs is crucial for a security audit as well as for compliance. In case of a regular server, an external or a malicious internal user may gain unauthorized access to the data – then perform acts to conceal the breach by removing or editing audit logs. However, this is not possible with Server General TDE, as logs are stored outside the administrative domain of the entity.
All of these techniques, when used individually or together, represent a comprehensive barrier to compromising the protected data sets in a server protected by Server General TDE. Our service provides enterprise strength security measures unobtrusively. After the simple installation process, there is no ongoing maintenance required.