Encryption in Everpure Cloud

Everpure Cloud Azure Native

Audience
Public
Source Type
Documentation

Everpure Cloud Azure Native uses Server-Side Encryption (SSE) to automatically encrypt data stored in a Storage Pool. SSE protects your data and helps you meet your organizational security and compliance requirements.

Note: Regarding compliance requirements, e.g. HIPAA, all PSC data in Azure is encrypted at rest using service-managed encryption keys as described in this article. Furthermore, access to the PSC environment is controlled by a strict access management policy aligned with industry standards and principles such as least privilege. Access is limited to a small number of personnel and is aligned with their job responsibilities. Additionally, a privileged access management control is in place to further limit and monitor privileged access to the environment.

Data in Everpure Cloud is encrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. For more information about the cryptographic modules underlying Azure managed disks, see Cryptography API: Next Generation

SSE is always-on and can't be disabled. SSE doesn't impact the performance of your Storage Pool, and has no extra cost associated with it.

Encryption key management

Currently there is only one kind of encryption key available: platform-managed keys . Data written to a volume is encrypted with platform-managed (Microsoft-managed) keys by default.

Customer-managed keys will be supported in future versions.