In the age of information, data is considered to be the world’s most valuable resource. This fact alone demonstrates the value data holds for companies, and how much of a precious commodity it truly is in business life. Something this valuable needs to be protected and kept out of the hands of anyone not authorized to see it. That’s why you need complete 360 security.
Whether it’s on-prem or in the cloud, Quobyte provides complete 360 security that keeps your data protected from unauthorized access by hackers, cybercriminals, malicious insiders and even those attempting industrial espionage. Find out more about how it works
When using the native Quobyte or plugins (Hadoop/HDFS, TensorFlow, MPI-IO) client the data is encrypted or decrypted by the Quobyte driver on the same machine where the data is created or consumed. No data leaves the machine in plaintext format. The advantage is clear: Anything outside the client machine, including the network, the storage servers, drives and even the admins, can be untrusted.
With protocols that require a proxy, like Object/S3 or NFS, the encryption happens on the proxy node. The access protocol can be protected by using HTTPS for object.
TLS ensures secure communication between all Quobyte components, including clients, plugins and servers. TLS is the same protocol that is used on the web to ensure secure communication.
In Quobyte you can enable TLS selectively, e.g. only on certain networks that might be untrusted or for communication to external clients and Quobyte clusters. You can retain cleartext (as in plain TCP) connections inside a data center or cluster for maximum performance.
With X.509 certificates you can secure your Quobyte clusters from unauthorized access. All clients (including plugins) and quobyte services (servers) require a valid X.509 certificate to access the cluster. These certificates can be self-signed, use your organization's PKI or a public CA.
The certificates can be managed in Quobyte. They can be invalidated, be bound to a specific tenant or can be restricted to certain users or volumes.
Access Keys are the standard authentication mechanism for object storage/S3. In Quobyte, users can also use them for file system authentication. Admins can provide a single, well known authentication mechanism to their users across object and file. Quobyte's self service capabilities allow users to log into the webconsole and manage their access keys themselves.
On the file system layer access keys can be used with the native Quobyte drivers, the Hadoop/HDFS plugin TensorFlow. The Quobyte CSI plugin supports access keys natively: Users can provide their access and secret key as kubernetes secrets.
Quobyte's unified ACLs means that you have to manage a single set of ACLs for a file or directory (or object), regardless of the interface and protocol it is accessed through. Quobyte translates bidirectionally to NFS, POSIX, Windows, Object/S3 and macOS access control. This greatly simplifies ensuring proper access control and security for your data.