The most basic security feature of Orchesto is the identity and access management (IAM) solution. This feature provides a granular level of control over system resources providing the control to allow access and permit usage of data. The Orchesto IAM feature mirrors the implementation done by AWS. In addition to internal resource control, TLS 1.2+ protocol is used to secure data when in transport. These two basic data security features of Orchesto provide a high level of protection against intrusion when transporting data as well as when storing data.
To further enhance the security of data in cloud designs, Orchesto provides gateway side encryption support. This ensures that data is protected by encryption all the way from customer premises to and including any cloud deployment. By use of gateway side encryption, the security perimeter of the company is extended to include all cloud service suppliers connected to Orchesto.
In this setup, data is encrypted at the immediate proximity to where customer data is generated. Data is encrypted in transport and at rest in the cloud. The Orchesto gateway side encryption is pre-integrated with a Key Management System (KMS) where customers own and manage their own sets of keys. Orchesto is in this way empowering customers to be in complete and sovereign control over how their data is secured.
When using the Orchesto Fort there is also support for the definition and configuration of immutable buckets as well as versioning to provide data protection for external as well as internal threats and errors. Making the bucket immutable secures that no object version will be deleted without data owner’s permission.
On top of protecting data from unauthorised access, interception and/or faulty handling of any sort, Orchesto is capable of further protecting data by dispersing it across multiple clouds. Data is dispersed using the unique Zebware Information Dispersal Algorithm (zIDA). When activated, zIDA transforms a data object into fragments which are then dispersed to different clouds. This procedure makes it practically impossible to retrieve the original data from any other place than the original source.
Adding zIDA on top of the other Orchesto security features, such as gateway side encryption, TLS, IAM and configuration of immutable buckets, completes the comprehensive set of security functionality offered by Orchesto. This set effectively reduces the risk for and mitigates the impact of data loss and data breach.
Securing data all the way and always by separating data owner and application owner rightsRead more
Manage access to your resources securely with IAM.Read more
Encrypt objects before it even leaves your network.Read more
Disperse your data for maximum security with the zIDA patented algorithm.Read more