Data Privacy and Secure Access Control

Control Where You Need It

Permabit Enterprise Archive™ combines a secure operating system with advanced data privacy features together with industry–standard identity and access controls to provide the highest levels of data security.

Data Privacy

Permabit provides advanced data privacy capabilities both on replicated data over the wire and for data at rest.  Strong cryptographic algorithms are used including the federally approved Advanced Encryption Standard (AES).  Encryption can be enabled at the individual volume level.  When the encryption feature is enabled, a unique encryption key is generated for each chunk of data in the storage grid and is securely stored in the grid.  The result is that the entire set of storage nodes work in concert to decrypt information.  No single disk or node can provide access to information without access to the rest of the nodes in the storage grid.

Secure Access Controls

Permabit supports industry–standard authentication and access controls via the web-based Permabit Manager™ management console.  Authentication is handled through corporate directory services that already store user identities and passwords.  Security service supports authentication via Microsoft Active Directory (which utilizes the Kerberos authentication protocol) as well as through corporate LDAP or NIS mechanisms.  Security is further enhanced through the support of host and identity–based access controls.  In addition to host–based access control, file and directory controls are supported in both the CIFS and NFS environments. With these controls enabled, administrators, applications, and authorized end–users have the ability to restrict access to their files and directories.

Permabit Features:

• Built–in — Encryption is a standard feature in the Enterprise Archive. There are no additional licenses, software, or hardware to purchase.

• AES Encryption — Federally approved cryptographic algorithms.

• Flexible Deployment — Encryption can be enabled at the individual volume level allowing for greater flexibility in deployments.

• Over–the–Wire and at Rest — Data can be encrypted for over–the–wire transmission as well as data at rest within the archive providing the highest levels of security.

• Secure Authentication — Support for Microsoft Active Directory (which utilizes the Kerberos authentication protocol).

• Volume–level Access Controls — Restrict access to shares by IP addresses, netgroups, and/or Active Directory users or groups.

• File and Directory Level Controls — Grant access to files and or directories by specific lists of users and/or groups through CIFS or NFS.