Encryption

How do you achieve data encryption?

Strong encryption in-transit and at rest 

Data encrypted hosting is multi-faceted. Here is how we protect your data.

Features / Products
Dedicated Server
Cloud Server
Virtual Datacenter
Encryptionoptionally includedoptionally includedIncluded (mandatory)
Encryption LevelPer DiskPer ServerPer Storage *
Encryption MethodsAES 256-BIT XTSAES 256-BIT XTSAES 256-BIT XTS
Customer-managed keys (bring your own key)YesOn requestOn request
Data sliced and distributed to different locationsNoNoYes
Fully redundantOptionalYesYes
 Server Location SwitzerlandYesYesYes

* Each physical disk has a different randomly generated Data Encryption Key (DEK).


The inner workings of data encryption

Data security protocols include components such as firewalls, networking, backup, multi-factor authentication, physical security, and much more. We offer multiple layers of protection in our encrypted server hosting solution. Data is encrypted when it is transferred between clients and our servers. Data is also encrypted when it is stored in our data center. 

As a leading data protection provider, per default, all data stored on our servers are encrypted. 

No matter what type of file is stored on our servers, whether it is a database, operating system, or application data, everything will be encrypted by default using AES 256-BIT XTS encryption.

AES 

Advanced Encryption Standard (AES), developed by NIST, is a popular widely used public encryption standard. Known for being remarkably resilient against attempted breaches, AES is used by security services, governments, financial institutions, and other organizations around the world.

AES is regarded as one of the most robust encryption methods in existence. Data encrypted following this method will demand multiple security keys to retrieve the data in its original form.

256-Bit

Data breaches occur when bad actors employ brute force by using all possible key combinations to force decryption. In response to this threat, 256-bit encryption emerged. 

With this approach to encryption, every bit you add will double the number of possible keys creating an infinite number of key variations. As the time and computing power to try all the different key variations are staggering, it would take over a billion years to break even a 128-bit key.

XTS

AES can be described as a “block cipher” where the data is divided into 128-bit blocks before scrambling it with 256-bit keys. In this scenario, disks store data in a particular way, and disk sectors are divided into blocks which are the same size as blocks encrypted by a block cipher.

The scrambling process involves 14 different rounds of encryption to ensure that your data remains truly unrecognizable. Organizations that use XTS block cipher mode are guaranteed full disk encryption.


How do you encrypt data at rest?

When data is stored in data centers, it needs to be secured. To achieve this, we encrypt sensitive information stored in physical servers, cloud servers, and in virtual data centers. 

 

Encryption of physically server

Artmotion's approach to encrypted hosting employs HPE Secure Encryption for both local and remote deployments. Local Key Management mode enables a single server deployment. 

Additionally, Remote Key Management mode provides for central management of enterprise-wide deployment. Key features include Broad Encryption Coverage, HPE Secure Encryption, Secure Encryption Software, High Availability and Scalability, and Simplified Deployment and Management.

Encryption of cloud servers and data

Data At Rest Encryption (DARE) prevents data visibility in the event of theft or unauthorized access. It is essentially the encryption of data that is stored and not moving through networks.

With our approach to DARE, cloud servers have an option of offline backups with military-grade protection. Transparent Data Encryption is used when no changes are made to the application logic or schema. DARE is deployed for DB2, MySQL, and Oracle databases.

Encryption of a virtual data center

The virtual data center won't store sensitive data in a central location. Instead, we use industry-leading security tools to break up network data files and spread them across multiple nodes.

As each storage group will be encrypted with its own private key, it will be impossible for any other node that is participating in the network to achieve total data visibility. This process is known as "sharding."

Whether you're working with one or a 100 virtual servers, we can secure it efficiently.


How do you encrypt data in motion?

Data in transit demand robust protection as it can be exposed to a variety of threats. To secure data during a transfer, we encrypt sensitive information before moving and/or use encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) to protect the contents of data in transit. 

SSL

Transfer encryption secures the connections between servers and clients. This uses standard TLS, a secure communication protocol used by HTTPS (also called SSL).

Secure Sockets Layer or SSL is an industry standard security protocol for establishing encrypted links between a web server and a browser in online communication. Whenever SSL technology is used, you can rest assured that all data transmitted between the web server and browser remains encrypted.

Encrypted VPN

An encrypted Virtual Private Network (VPN) enables users to send and receive information through networks securely. 

This technology essentially creates a secure tunnel between two devices (typically the server and the client) where the data is encrypted when entering the tunnel and decrypted when it exits the tunnel.

Custom encryption

Our in-house security experts can also deploy highly customized data encryption solutions based on your specific business needs. So if you require custom encryption, we can help you achieve your security goals. 

Array

You can also apply your own approach to data encryption

In addition to the options listed above, clients can also use server-side encryption and install any encryption software such as Bitlocker for Windows or GnuPG for Linux. By default, these approaches leverage AES encryption algorithms in cipher block chaining (CBC) or XTS mode with a 128-bit or 256-bit key. 

All our data encryption solutions leverage AES 256-Bit XTS. However, our Encrypted Virtual Datacenter solution uses a process known as data sharding to protect your sensitive information.

Regardless of what you choose for your business, you can count on enterprise encryption to secure your digital assets. What is more, you won't need to make any changes to your current operating system or applications.

However, if your organization demands policy-based encryption, we can also support that by deploying a variety of randomly generated Disk Encryption Keys (DRK) across each physical disk.


Client use cases

Find out how our clients encrypted their data in the use cases below


Database encryption

Blockchain encryption

Cryptocurrency encryption

CMS & ERP encryption

File server encryption

Application encryption

Customer data encryption

Accounting software 

App encryption

Trading application

Terminal server encryption

Webserver encryption

Secure your business now

Protect your business data with our military-grade encryption solutions

to top