Druva Being FIPS 140-2 Compliance for AWS GovCloud
Providing US government with secure data protection based on public cloud
This is a Press Release edited by StorageNewsletter.com on December 24, 2015 at 2:55 pmDruva, Inc., in converged data protection, said to be the first organization to provide FIPS-enabled endpoint data protection in the AWS GovCloud.
This support enables Druva’s data protection and governance solution in the cloud. In addition, the solution ensures government agencies and contractors that must adhere to the FIPS 140-2 encryption standard have the ability to meet the technology requirements for running sensitive workloads in the cloud. Druva is incorporating both device level FIPS-validated encryption modules for the secure transmission of data and also leveraging AWS GovCloud FIPS-enabled endpoints and storage, simplifying the data protection process for organizations needing to adhere to FIPS (Federal Information Processing Standards).
“We’ve seen a sharp increase in interest from government agencies and contractors for endpoint data protection in the cloud as part of the US government’s cloud-first initiative. Public cloud environments like Amazon’s GovCloud have been a huge step in the right direction, but the lack of software vendors meeting their unique data processing requirements has created barriers to adoption,” said Jaspreet Singh, CEO, Druva. “By bringing together GovCloud with FIPS support, Druva becomes the first data protection and governance solution that can be utilized by these organizations, ensuring they meet the standards set forth by NIST.“
The US Cloud First policy requires that government agencies take advantage of cloud computing to improve IT flexibility, boost operational efficiency and minimize costs, correcting some of the current IT issues related to duplicative systems, low asset utilization and fragmented, dispersed resources. FIPS includes publicly announced security standards developed by the US federal government for computer systems used by non-military government agencies and government contractors. GovCloud is an isolated AWS (Amazon Web Services) region for government agencies, contractors and educational institutions to run sensitive workloads in the cloud by addressing their specific regulatory and compliance requirements. The FIPS 140-2 standard is published by NIST (National Institute of Standards and Technology) and outlines the requirements that federal agencies and departments must adhere to when using technology that uses encryption for transmission and storage of their data.
Government agencies often face vendor roadblocks around a lack of FIPS support when trying to move to the cloud; FIPS support must exist throughout the cloud environment at the infrastructure level through to the application level. By combining AWS GovCloud, a specialized instance of Amazon’s cloud services that is FedRAMP (Federal Risk and Authorization Management Program) and FIPS-compliant, with Druva’s added FIPS support for its flagship inSync product, organizations can be compliant throughout the stack, leveraging Druva’s data protection and governance capabilities in the process.
Druva’s end-to-end FIPS support within GovCloud offers:
- FIPS Data Transmission: FIPS-validated modules on mobile devices that enable transmission of data to AWS’ GovCloud, which will receive data through a FIPS- validated SSL terminating point
- AWS GovCloud: An isolated AWS Region designed to allow US government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements, the AWS GovCloud (US) framework adheres to US International Traffic in Arms Regulations (ITAR) as well as the FedRAMP requirements
- FIPS storage: Once within the GovCloud environment, unique block data is encrypted and stored within S3 object storage using Druva’s patented data duplication capabilities, adding additional layers of protection to customer data
Druva inSync is in endpoint data protection and governance; the solution integrates scalable endpoint backup, secure file access and synchronization, data loss prevention, compliance monitoring and ediscovery capabilities in a single platform. This converged data protection strategy – spanning any mix of BYOD or corporate-owned desktops, laptops, tablets and smartphones as well as cloud services, such as Office 365 – reduces IT overhead as well as enables the organization to take a proactive posture in quickly identifying and mitigating data risks. Analyst firm Gartner rated Druva inSync highest overall for three out of three use cases in its 2015 Enterprise Endpoint Critical Capabilities report.
“Security and compliance count as two of the top reasons organizations are moving to the cloud. Protecting critical data within organizations – be it across endpoints, the cloud or across distributed servers – is critical to the success of any enterprise today. Government organizations, being held to additional requirements and specific standards, face the same security and compliance challenges with additional complexities. The Druva solution allows organizations to operate in a secure cloud environment and adhere to standards such as FIPS,” said Henry Baltazar, research director for the storage channel, 451 Research LLC.
Druva currently deploys on AWS GovCloud. Additionally, FIPS support will be available within 90 days.
More about Druva solutions and their support of federal standards