Versions Compared

Version Old Version 1 New Version 2
Changes made by

Tran Khanh Ngoc

Tran Khanh Ngoc

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

  • With the increasing security threats and stricter legal requirements, it is essential to always consistently implement strong measures to secure data transit. This includes data not only data in transit but also data at rest.

  • Protecting data stored on physical devices or in the cloud is a crucial part of to any organization's IT security strategy. In this context, there are two main approaches to encrypting this data: client-side encryption (CSE) and server-side encryption (SSE).

    • Client-side encryption (CSE) allows customers to encrypt their data on their own devices before sending it to the Fstorage server for storage. This ensures that the data remains encrypted throughout its entire lifecycle, providing a high level of security because the customer manages the encryption keys are managed by the customer and , which are never shared with Fstorage or any third parties. This approach requires customers to carefully manage their keys, but it is an ideal solution for those who require full control over their needing complete data security control.

    • Server-side encryption (SSE) provides an alternative solution where data is encrypted when it reaches the Fstorage server. This is the Fstorage’s responsibility of Fstorage, significantly reducing the security management burden on customers. There are two methods of server-side encryption:

      • SSE-C - Server-Side Encryption with Customer Keys: Customers can provide and manage their own encryption keys, giving them full control over data security. This option is particularly suitable for organizations with specific compliance and data security needs, as it allows exclusive management of encryption keys.

      HIGIO
Note

HI GIO S3 Storage does not store your keys. If the key is lost, all data will be lost, and there is no way to recover it.

  • SSE-S3 - Server-Side Encryption with HI GIO S3 Cloud-Managed Keys (in development): This simplifies the encryption process by using keys managed by Fstorage. This method is ideal for customers who want a robust encryption solution without the complexities of key management. It integrates the use of KMS (Key Management Service).

End.