Data-At-Rest encryption offers a critical layer of protection to prevent unauthorized exposure of private or sensitive data. Commonly encryption protection is applied to data in motion, and increasingly, the industry is promoting the use of encryption to protect data at rest. Data-at-rest encryption keeps data safe even when the physical media that stores that data falls into the wrong hands from loss or theft. Proper security design relies heavily on the Defense in Depth strategy in which various security countermeasures are put in place to protect the integrity of information assets. Your virtual machines (VMs) and the data they are processing is no exception. Nutanix has taken a holistic approach to ensure that your application data is available and protected with Security Built-in to the Enterprise Cloud.
Nutanix was first to introduce data-at-rest encryption to Hyperconverged Infrastructure in 2015. Since then, we have continued to evolve the offering with more choices for our customers. Nutanix HCI now has multiple options for data-at-rest encryption that comply with FIPS 140-2 standards. FIPS (Federal Information Processing Standard) 140-2 is a United States Federal Government certification benchmark for validating the effectiveness in maintaining confidentiality and integrity in the protection of information.
Nutanix’s native software-based encryption utilizes FIPS 140-2 Level 1 validated modules. Software-based encryption delivers security without compromise to data efficiency or performance and supports any Hypervisor. You can enable encryption at the onset or at any time during your deployment, as the data service is flexible enough to perform encryption in the background without impact to the application. Nutanix also supports Self-Encrypting Drives (SEDs) that are FIPS 140-2 Level 2 validated. The primary difference between Level 1 and Level 2 is that to meet the Level 2 criteria the solution must include physical tamper resistance. Whether you require Level 2 or not would depend on your specific regulatory obligations.
The common adage goes that Encryption is easy but Key Management is hard. Nutanix already supported a robust ecosystem of Enterprise Key Management (EKM) solutions that are certified to be Nutanix Ready. But many of our customers asked us to simplify security even further and as a result of Nutanix also offers a built-in Key Manager for customers that want this simplicity.
Together, software-based encryption with native key manager offers the simplest approach to FIPS 140-2 validated data security. The encryption modules utilized by the Nutanix software data encryption and our native local key manager are validated against FIPS 140-2 Level 1 to meet specific security requirements as defined by NIST. The utilization of encryption that adheres to the FIPS 140 standard is a mandatory requirement for many governments, healthcare, and financial entities. You can check the details of our validation certificate #3460 on the NIST Computer Security Resource Center website.
We recently published a white paper that outlines the details of our data encryption offering and provides best practices and tips on deploying encryption in your Nutanix environment.
Download the ebook and learn:
- When and why to use encryption for data at rest
- Deployment options and best practices
- The differences between software and hardware-based encryption
- How to use the Nutanix Native Key Manager
- Technical details on the solution architecture and how it all works
© 2019 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and the other Nutanix products and features mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. All other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s).