On-Premises to Cloud Enterprise-Grade Security
CTERA allows customers to control all levels of security independent of their choice of cloud infrastructure. This includes built-in data-at-rest encryption, data-in-transit encryption, Active Directory or LDAP user authentication with single sign-on, and data integrity verification.
By using source-based encryption in all CTERA Cloud Storage Gateways and end-point software Agents, CTERA effectively creates a VPN for cloud storage, in which the customer has full control over who can access and read his files. CTERA uses enterprise-grade AES-256 (Advanced Encryption Standard) encryption for all data sent to the cloud. AES-256 is a highly secure encryption algorithm, approved for protecting U.S. government classified material, and widely used by financial institutions.
Users also have the option of encrypting local volumes on CTERA Cloud Storage Gateways, further protecting their data in case of physical theft of the appliance or its hard drives.
Authentication and Identity Management
CTERA integrates with your existing Active Directory/LDAP services to provide user authentication and single sign-on, including password expiration policies and AD forests support. Active Directory groups can be used to determine user privleges and management roles. A fully documented API is provided for additional custom integration.
For administration access, CTERA Portal supports role-based access permissions, automatic lockout after failed login attempts and IP-based access control.
Private Encryption keys
CTERA Portal allows each user to choose either a private key derived from a personal encryption passphrase, or to accept an automatically generated key. The system administrator has full control over the choices of encryption keys given to users, according to the security policies of the organization.
In addition the encrypting the data itself, all cloud traffic is transmitted over a TLS (Transport Level Security) connection, the same kind of connection used for safe transactions on e-commerce sites. TLS protects data from being read or intercepted en route to the online backup infrastructure. CTERA Portal uses X.509 digital certificates to prevent "man in the middle" attacks.
CTERA uses SHA-1 (Secure Hash Algorithm) to "fingerprint" the data sent to the cloud. This is a method to ensure data integrity, i.e. that the data set reaching its destination is the same data set transmitted by the user, and that it has not been tampered with.