Panzura Cloud Storage Controller Achieves FIPS 140-2 Certification
From US Department of Commerce National Institute for Standards and Technology
This is a Press Release edited by StorageNewsletter.com on March 22, 2013 at 2:48 pmPanzura, Inc., a provider of cloud storage solutions, announced
that the US Department of Commerce (DOC) National Institute for Standards and
Technology (NIST) has certified that the Panzura Global Cloud Storage System is
the first cloud-integrated storage platform to achieve Federal Information
Processing Standards (FIPS) 140-2 validation.
FIPS was established by NIST in response to the 2004 Homeland Security
Presidential Directive 12 to help secure intra-government communication using
common and robust identification verification. Panzura is also compliant with
the US Government Configuration Baseline (USGCB) for IT products. Panzura’s
security compliance achievements were key considerations in its selection by
DOC as its cloud storage platform for backup and the US Department of Justice
(DOJ) as the core technology to consolidate storage across 265 of its sites.
In 2009, the Obama administration
announced a new government cloud computing initiative designed to cut
infrastructure costs and enhance the greenness of government computing. A key
part of this initiative is to move data off expensive local storage and into
the cloud. Until now, data security concerns have tempered federal agency
enthusiasm for cloud storage. Panzura’s new certification brings both integration with cloud storage and security features to all branches of
US government.
"FIPS
validation is quite difficult to achieve but is increasingly required by
Federal agencies and contractors," said Robert R. Moore, SVP of storage
solutions, Carahsoft Technology Corporation. "As Panzura’s
public sector partner, we congratulate the company on this achievement and look
forward to leveraging this certification to drive even broader Federal adoption
of Panzura’s Global Cloud Storage System."
"Panzura’s
completion of FIPS 140-2 validation represents a significant milestone in the
development of cloud storage for Federal agencies and contractors,"
said Ashish Nadkarni, research director at IDC. "As the first cloud-integrated storage platform to meet this
requirement, Panzura has broken through a major barrier to gain widespread
cloud adoption by security conscious organizations."
The Panzura Global Cloud Storage System
provides a secure, robust platform to Federal agencies for cloud-integrated
NAS, capacity centralization, multi-directional data exchange, archiving,
backup, and DR with complete IT control. Dubbed ‘NetApp in the Sky’ by analysts, Panzura brings all of the
features and performance of local NAS
for Federal data plus the cost and scalability benefits of cloud storage
without requiring any changes to existing infrastructures, all while meeting
Federal security standards. Panzura partners with cloud storage
providers including Amazon, Dell, EMC, Google, HP, IBM, and Nirvanix.
In addition to validating Panzura for FIPS
140-2, the DOC’s NIST also selected Panzura as a means to move data from onsite
capacity to the cloud. The objective of this effort was to eliminate some of
NIST’s dependency on traditional storage media, improve NIST’s DR readiness and
reduce NIST’s storage cost. Among the key requirements for solutions considered
for this initiative was provision of advanced security features for preventing
unauthorized access.
"Completing
FIPS certification brings the power of the Panzura solution to a broad swath of
Federal agencies and other organizations that require it," said Randy
Chou, CEO and co-founder of Panzura. "Panzura
certification makes cloud storage, a key efficiency mandate for the Federal
government, a viable, non-disruptive option for Federal IT operations."
Panzura
Security
The Cryptographic Module Validation Program
(CMVP) validates cryptographic modules to FIPS 140-2 and other
cryptography-based standards. The CMVP is a joint effort between NIST and the
Communications Security Establishment (CSE) of the Government of Canada.
Solutions like Panzura validated as conforming to FIPS 140-2 are accepted by
the federal agencies of both countries for the protection of sensitive
information (US) or Designated Information (Canada). The goal of the CMVP is to
provide Federal agencies with a security metric to use in procuring
equipment containing validated technology.
The purpose of the USGCB initiative is to
create security configuration baselines for IT products, such as Panzura,
deployed across federal agencies. The technology accommodates the baseline recommendations of USGCB, enabling government agencies to
maintain compliance while leveraging the benefits of cloud storage.
Panzura also added FIPS 140-2 Level 3
validated Hardware Security Module (HSM) to provide crypto acceleration. The encryption keys are never exposed providing logical
and physical protection from non-authorized access including potential hardware
tampering attempts.
Panzura’s military-grade AES-256-CBC
encryption for data in motion and at rest ensures a high level of security for data stored in the cloud. Transmission security is
enhanced by application of transport layer security (TLS) for data sent to and
from the cloud.
Subscribe to our free daily newsletter
