Strong encryption in-transit and at rest
Data encrypted hosting is multi-faceted. Here is how we protect your data.
Features / Products
|Encryption||optionally included||optionally included||Included (mandatory)|
|Encryption Level||Per Disk||Per Server||Per Storage *|
|Encryption Methods||AES 256-BIT XTS||AES 256-BIT XTS||AES 256-BIT XTS|
|Customer-managed keys (bring your own key)||Yes||On request||On request|
|Data sliced and distributed to different locations||No||No||Yes|
|Server Location Switzerland||Yes||Yes||Yes|
* Each physical disk has a different randomly generated Data Encryption Key (DEK).
The inner workings of data encryption
Data security protocols include components such as firewalls, networking, backup, multi-factor authentication, physical security, and much more. We offer multiple layers of protection in our encrypted server hosting solution. Data is encrypted when it is transferred between clients and our servers. Data is also encrypted when it is stored in our data center.
As a leading data protection provider, per default, all data stored on our servers are encrypted.
No matter what type of file is stored on our servers, whether it is a database, operating system, or application data, everything will be encrypted by default using AES 256-BIT XTS encryption.
Advanced Encryption Standard (AES), developed by NIST, is a popular widely used public encryption standard. Known for being remarkably resilient against attempted breaches, AES is used by security services, governments, financial institutions, and other organizations around the world.
AES is regarded as one of the most robust encryption methods in existence. Data encrypted following this method will demand multiple security keys to retrieve the data in its original form.
Data breaches occur when bad actors employ brute force by using all possible key combinations to force decryption. In response to this threat, 256-bit encryption emerged.
With this approach to encryption, every bit you add will double the number of possible keys creating an infinite number of key variations. As the time and computing power to try all the different key variations are staggering, it would take over a billion years to break even a 128-bit key.
AES can be described as a “block cipher” where the data is divided into 128-bit blocks before scrambling it with 256-bit keys. In this scenario, disks store data in a particular way, and disk sectors are divided into blocks which are the same size as blocks encrypted by a block cipher.
The scrambling process involves 14 different rounds of encryption to ensure that your data remains truly unrecognizable. Organizations that use XTS block cipher mode are guaranteed full disk encryption.
How do you encrypt data at rest?
When data is stored in data centers, it needs to be secured. To achieve this, we encrypt sensitive information stored in physical servers, cloud servers, and in virtual data centers.
Encryption of physically server
Artmotion's approach to encrypted hosting employs HPE Secure Encryption for both local and remote deployments. Local Key Management mode enables a single server deployment.
Additionally, Remote Key Management mode provides for central management of enterprise-wide deployment. Key features include Broad Encryption Coverage, HPE Secure Encryption, Secure Encryption Software, High Availability and Scalability, and Simplified Deployment and Management.
Encryption of cloud servers and data
Data At Rest Encryption (DARE) prevents data visibility in the event of theft or unauthorized access. It is essentially the encryption of data that is stored and not moving through networks.
With our approach to DARE, cloud servers have an option of offline backups with military-grade protection. Transparent Data Encryption is used when no changes are made to the application logic or schema. DARE is deployed for DB2, MySQL, and Oracle databases.
Encryption of a virtual data center
The virtual data center won't store sensitive data in a central location. Instead, we use industry-leading security tools to break up network data files and spread them across multiple nodes.
As each storage group will be encrypted with its own private key, it will be impossible for any other node that is participating in the network to achieve total data visibility. This process is known as "sharding."
Whether you're working with one or a 100 virtual servers, we can secure it efficiently.
How do you encrypt data in motion?
Data in transit demand robust protection as it can be exposed to a variety of threats. To secure data during a transfer, we encrypt sensitive information before moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) to protect the contents of data in transit.
Transfer encryption secures the connections between servers and clients. This uses standard TLS, a secure communication protocol used by HTTPS (also called SSL).
Secure Sockets Layer or SSL is an industry standard security protocol for establishing encrypted links between a web server and a browser in online communication. Whenever SSL technology is used, you can rest assured that all data transmitted between the web server and browser remains encrypted.
An encrypted Virtual Private Network (VPN) enables users to send and receive information through networks securely.
This technology essentially creates a secure tunnel between two devices (typically the server and the client) where the data is encrypted when entering the tunnel and decrypted when it exits the tunnel.
Our in-house security experts can also deploy highly customized data encryption solutions based on your specific business needs. So if you require custom encryption, we can help you achieve your security goals.Array
You can also apply your own approach to data encryption
In addition to the options listed above, clients can also use server-side encryption and install any encryption software such as Bitlocker for Windows or GnuPG for Linux. By default, these approaches leverage AES encryption algorithms in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key.
All our data encryption solutions leverage AES 256-Bit XTS. However, our Encrypted Virtual Datacenter solution uses a process known as data sharding to protect your sensitive information.
Regardless of what you choose for your business, you can count on enterprise encryption to secure your digital assets. What is more, you won't need to make any changes to your current operating system or applications.
However, if your organization demands policy-based encryption, we can also support that by deploying a variety of randomly generated Disk Encryption Keys (DRK) across each physical disk.