How Is My Data Secured in the ReadyNAS Vault?

At ReadyNAS Vault, we are constantly refining our security measures to meet the rapidly evolving threats in the digital space (like viruses, attackers, and hackers) as well as to protect against the everyday disasters that Murphy's Law provides us (like fires, floods, thefts, and accidents).

Applying classic principles of secure programming with the knowledge of the latest advances, threats, and countermeasures allows us to provide you with the most secure environment for your data.

We harden every server and network device and place it in the secure ReadyNAS Vault datacenter.

Applying the time-tested security principles of "Least Privilege" and "Economy of Mechanism,” we remove every program and close every port that isn't absolutely necessary for our systems to operate, and we restrict physical access and enforce strict rules regarding the environment in which the machines are kept. Unlike your home or office computer, ReadyNAS Vault machines are there to serve one, and only one, purpose - securely storing and managing your data. There are no additional programs for hackers to exploit. Our computers are housed inside locked cages in a temperature-controlled facility with redundant power, connectivity, and fire/flood protections. Access is monitored and granted to authorized-personnel-only, and food and drink are prohibited. These efforts enable us to dramatically reduce the potential avenues of attack from would-be wrong-doers and the chances of freak accidents.

We insist on persistent authentication at the most granular level.                 

This involves applying two additional well-established security principles, "Fail-safe Defaults" and "Complete Mediation." In other words, we start by assuming that all requests for information we receive should be denied, and then evaluate whether or not to grant permission (rather than the converse). We then apply this analysis to each individual request. For instance, when a ReadyNAS Vault user wants to upload a file, the software not only verifies the user's identify before the file begins its transfer, but also verifies each chunk of information delivered. This vigilance helps us to dramatically reduce the opportunities for fraud.

We compartmentalize sensitive data in accordance with the principles of "Separation of Privilege" and "Least Common Mechanism."

This means that, wherever possible, we split sensitive information into pieces that are insufficient to reveal anything without their corresponding parts, and we keep functionality at a minimum. A familiar example of this is widely seen in movies where the use of two independent keys or codes are required to the launch weapons or gain entry - one is useless without the other. The best example of this principle in action is a result of our encryption processes. Every file you store with ReadyNAS Vault is encrypted before it ever leaves your computer, and the file and the key with which it was encrypted are stored on separate devices. Furthermore, the ReadyNAS Vault team members separate their administration responsibilities such that the individuals responsible for managing the file do not overlap with those managing the keys. The result is that all files handled by ReadyNAS Vault are completely unreadable without proper decryption.

ReadyNAS Vault files are encrypted with the "Advanced Encryption Standard," also known as AES, using a 256-bit key.

The key is derived from the file itself. The United States National Security Agency has approved this algorithm and key combination for digital information classified as "TOP SECRET." The key itself is encrypted with AES, using either another key provided by ReadyNAS Vault or one of your own choosing, and stored separately, as previously mentioned. It is worth noting that should you choose to use your own key, no one at ReadyNAS Vault (not even all the employees working in concert) will be able to access your data.

We work hard to be open about the security we provide and to make it practical for our users.

The first guiding principle here is known as "Open Design." In lay terms, this means separating the mechanisms we use to provide security from the keys we use to enforce protection. By making the system details transparent we: 1.) allow our systems to be examined by experts and reviewers who can offer us feedback on future theoretical attacks or existing vulnerabilities, and 2.) need only protect a small amount of discrete information. The second rule applied here is "Psychological Acceptance." This means the security protocols we've chosen to implement have to be simple enough to be understood by our end users, and easy enough that we can actually count on our users to follow them.

Hopefully this explanation provided a better understanding of how we work with you to secure your information, and that our software will be straightforward and painless enough for you to utilize and trust.

ReadyNAS Vault employees will never ask for your password. To ensure maximum security, never share your password.

Register now and start protecting your valuable data!

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk