Encrypt objects before it even leaves your network.
The Zebware Orchesto gateway is built to protect data stored in the cloud no matter if a private, public or hybrid cloud is used. The gateway side encryption functionality is included in all Orchesto software versions of the gateway, including the start package, and is an essential component in order to succeed with the protection of data.
By using gateway side encryption, all object content can be encrypted before it leaves the network of a data owner. For a multi-cloud setup it thereby enables a centralized encryption configuration to be applied across all storage providers. Encryption of data can be performed in a number of different instances and layers. When using Orchesto, data is encrypted immediately at the customer source, thus ensuring that data is encrypted when in use as well as in transport and at rest in a cloud.
The Orchesto gateway-side encryption is using a Key Management System (KMS) where customers own and manage their own sets of encryption keys. Orchesto ships pre-integrated with Hashicorp’s Vault server. Alternative KMS solutions are in plan for integration. The use of own keys is further increasing independence from cloud service providers as the encryption and key management is then completely separated from cloud providers’ solution. Orchesto is hence empowering our customers to take full control over how their data is secured.
The 256-bit AES (Advanced Encryption Standard) was developed by the US National Institute of Standards and Technology, NIST, together with industry and the cryptographic community. The U.S. Government approves the AES as a Federal Information Processing Standard, FIPS, for use up to Top Secret. Internationally it is a verified encryption standard used all over the world.
- Gateway Side Encryption provides a tool to encrypt all object data before it leaves customer’s network
- The service uses customer owned encryption keys to ensure independence from cloud providers and to secure data all the way through transport, and storage
- The encryption used is the high-level security 256-bit key length AES algorithm