Running Hadoop in the cloud makes sense for many of the same reasons as running any other application in the cloud. It can increase business efficiency, reduce costs, and increase agility and the speed of innovation. But for many organizations moving to the cloud is a non-starter due to data governance and control issues. Beyond the need to protect against data breaches and cyber attacks, organizations need assurance that cloud providers cannot arbitrarily access their data.
NuCypher provides an encryption layer with access controls embedded directly into the encryption algorithm. As a result, administrators can manage decryption permissions without access to the secret keys, enforcing separation of duties. Enterprises can maintain privacy, confidentiality, and data integrity encrypting on-premise and outsourcing storage and processing to the cloud.
NuCypher supports on-premise key management so that keys never leave your control. It provides encryption for unlimited clusters across private, public, or hybrid clouds. Cloud providers receive only encrypted data and on-premise key management means that nobody can access your data without your consent – nobody!
Proper key management is just as important as encryption itself. With NuCypher, key management is easily integrated into console GUIs and APIs. Manage keys in concert with your existing policy settings to make the system easy to use. NuCypher performs ultra-efficient key rotation in accordance with industry regulations like PCI or internal security guidelines. Key rotation can be done automatically on a fixed schedule or an ad-hoc basis.
NuCypher’s military-grade encryption integrates with FIPS 140-2 compliant key managers to help organizations meet compliance requirements and protect sensitive artifacts. It allows administrators to track all key retrieval, key management, and system activity while maintaining exclusive control over encryption keys in their Hardware Security Module (HSM).
NuCypher offers block and file-level encryption to secure data at-rest and in-transit. To protect data in-use, fine-grained field and column-level encryption can be applied, ensuring both security and flexibility.