360 Security

When the stakes of a data breach are so high, there’s no substitute for defense in-depth.

Quobyte is committed to creating secure storage infrastructure for the generation scale-out. True end-to-end data encryption offers the highest level of data protection from unauthorized access. Our holistic cybersecurity strategy aligns your storage infrastructure to the rest of your security posture.

  • End-to-end encryption with AES-XTS protects both data in transit and at rest. By putting the encryption into the client itself, we protect data as it flows over the network, sits on storage machines, and everywhere else. Even storage administrators can’t read user data, and if there’s an accident and somebody loses a disk, then we can rest assured that the data is fully encrypted.
  • End-to-end encryption means you don’t have to trust anything outside of your client machine.
  • Software-defined policies make enforcing security best practices easy. If you say a volume should be encrypted, Quobyte can take care of the rest.
  • TLS encrypts data as it moves both between clients and servers and between servers. If you want to run multiple clusters across different data centers or use a hybrid on-prem/public cloud infrastructure, TLS provides a secure tunnel, even on untrusted networks like the internet.
  • Selective TLS support is configurable per network. Choose to encrypt all traffic or just the lines running between selected networks, e.g. choose not to encrypt intra data center traffic for maximum performance.
  • Choose between built-in or external key management.
  • Quobyte’s storage system includes built-in access control. By using X.509 certificates and access keys for user authentication, we make sure that a user can only act as themselves to prevent privilege escalation and mitigate insider threats. We also support IP network filters.
  • NFSv4 ACLs let administrators choose who has access to what. These granular access controls automatically translate between the ACL’s from different platforms, such as Windows, Mac, POSIX, and S3. Making ACLs easier to enforce is one part of our vision of grand unified storage.
  • Quobyte is compatible with LDAP and Active Directory, allowing it to seamlessly integrate with your enterprise directory service for user authentication.
  • Metadata, data access, and change events are logged via Kafka. By giving you a full record of who accessed what file when, Quobyte speeds up and simplifies audits, security analysis, and forensics.