Cloud Data Management – To help you become GDPR Compliant
Since the beginning, Rubrik’s Cloud Data Management platform has been designed with security as one of its core principles. Their goal is to ensure that data is managed in a secure and responsible manner, independent of its location. This capability is growing more important with the changes to the General Data Protection Regulation (GDPR), which goes into effect on 25th May 2018, for any organisation that processes or stores data from individuals in the EU.
For companies that must comply with GDPR, security by design is imperative. The regulation requires companies to use solutions in which data protection is designed into the development rather than added on at a later point. Requirements apply to on premise and cloud environments, as well as to measurements that prevent employee-caused breaches.
Data Management Designed for Protection
Rubrik delivers end-to-end encryption across all environments while maintaining performance. It starts at the point of ingesting the data from your production systems. For both virtual and physical environments, we encrypt data in-flight to protect it from eavesdropping. Once the data arrives to the Rubrik cluster, customers can choose the method for encryption at-rest, either using software-based encryption or FIPS 140-2 Level 2 Certified hardware-based encryption. Rubrik also offers robust key management with AES 256-based encryption, which can be either managed via a built-in Trusted Platform Module (TPM) or Key Management Interoperability Protocol (KMIP)-compliant external key management server.
In addition, all data that is stored on Rubrik is done so as immutable objects. In other words, once the backup completes, you can rest assured that this data can be restored in its original state, which is of the utmost importance since your backup data needs to be your indisputable source of truth.
Security Beyond the Data Centre
As mentioned, Rubrik is dedicated to providing end-to-end security regardless of your data’s location. This means that if we archive data out to another storage location like private or public cloud, including Object Storage and NFS storage systems, we can encrypt this data in-flight, leaving the Rubrik cluster in its ultimate long-term retention destination.
User access also needs to be safeguarded, which is accomplished with your own trusted Certificate Authority (CA) TLS certificates to safely authenticate with the Rubrik GUI. Additionally, Rubrik enables granular control of user data with our role-based access control (RBAC) feature. Limit an individual’s access to only pre-approved objects to prevent accidental deletion and to protect the privacy of other users in your organisation.
GDPR is multifaceted, and it’s important to understand that no single solution can make you comply. But Rubrik’s modern data management platform with a security built-in mindset can be a great partner in developing a GDPR-compliant environment.
Contact – Us for more information and whitepapers