the bucket

A “Defense-in-Depth” Approach to Cloud Storage Compliance

A “Defense-in-Depth” Approach to Cloud Storage Compliance

Drew Schlussel
By Drew Schlussel
Senior Director, Technical Product Marketing

October 17, 2023

Every company that stores data wants to know that that data is protected, but some organizations, such as schools, hospitals, and criminal justice agencies, have policies that require proof of much more stringent security measures.  

At Wasabi, we take regulatory compliance extremely seriously for the simple fact that it’s extremely serious to our users. Compliance standards like FERPA, HIPAA, and CJIS are essential to doing business in education, healthcare, and criminal justice, respectively, and Wasabi is proud to hold certificates for all of these. Wasabi Hot Cloud Storage is a great choice for businesses who need primary storage, secondary storage for backup or disaster recovery, and cold storage for data archival (with one low-priced, ultra-fast tier of service). We want organizations that deal with sensitive information to know that they can use Wasabi to store their most critical data in accordance with compliance regulations—all with confidence and peace of mind in knowing that their data is fully protected. 

Layers of security for maximum protection 

On the whole, compliance regulations require businesses to ensure that digital information, electronic records, and personally identifiable information (PII) are not deleted improperly, corrupted, tampered with, or disclosed to unauthorized individuals. That data must be protected in transit and at rest, throughout its lifecycle, regardless of whether it’s kept on-premises, in a hosted facility, or in the cloud. And those security requirements apply to every individual with access to sensitive information including contractors, private entities, non-governmental representatives, and cloud service providers, such as Wasabi. 

The Wasabi cloud storage service is engineered to ensure the protection, privacy, and integrity of customer data. The service is built and managed according to security best practices and standards, with CJIS and other industry compliance security guidelines in mind. To meet and exceed those guidelines, Wasabi uses a “defense-in-depth” approach to security, with a wide range of best practices and technologies to ensure the physical security of its facilities and to maintain the privacy, security, and integrity of electronic data and digital records. 

Physical security 

The Wasabi service is hosted in premier Tier IV data center facilities that are highly secure, fully redundant, and certified for SOC-2 and ISO 27001 compliance. Each site is staffed 24/7/365 with on-site security personnel to protect against unauthorized entry. Security cameras continuously monitor the entire facility—both indoors and outdoors. Biometric readers and two-factor or greater authentication mechanisms secure access to the building. Each facility is unmarked so as not to draw attention from the outside. 

WEBINAR

How to Easily Implement Defense-in-Depth for Cloud Storage

Register now

Secure network architecture 

Wasabi employs advanced network security elements, including firewalls and other boundary protection devices to monitor and control communications at internal and external network borders. These border security devices segregate customers and regulate the flow of communications between networks to prevent unauthorized access to Wasabi infrastructure and services. 

Data privacy and security 

Wasabi supports a comprehensive set of data privacy and security capabilities to prevent unauthorized disclosure of private information. Strong user authentication features tightly control access to stored data. Access control lists (ACLs) and administratively defined policies selectively grant read/write and administrative permissions to users, groups of users, and roles. 

Data durability and protection 

Wasabi provides eleven 9s of object durability, protecting data against hardware failures and media errors. In addition, Wasabi supports an optional data immutability capability that prevents data from being deleted or modified by anyone—including Wasabi—and protects data against the most common causes of data loss and tampering, including accidental file deletions, viruses and ransomware. 

Account security 

Wasabi offers several ways for users to safeguard their account from unauthorized access. First, using Multi-Factor Authentication (MFA) adds a secondary layer of security to logins, ensuring that even if a password is compromised your account is still secure. Second is Multi-User Authentication (MUA) which divides the power to delete a storage account among an authorized group of users. This feature is unique to Wasabi and prevents any single administrator from accidentally or maliciously deleting any account and its associated data.  

True security is a joint effort 

Of course, our customers have a responsibility to maintain security protocols, too. The Wasabi storage service is typically employed as part of a larger public or hybrid cloud IT implementation that includes multiple compute, storage and networking components. To ensure full compliance, IT personnel at those agencies must ensure the storage management tools and applications they use are configured to take advantage of Wasabi security features. 

Working together, Wasabi and our customer agencies can ensure the protection, privacy, and integrity to data storage. For even more about Wasabi’s Defense-in-Depth strategy, register for our webinar How to Easily Implement Defense-in-Depth for Cloud Storage.  

the bucket
Drew Schlussel
By Drew Schlussel
Senior Director, Technical Product Marketing