Data Security stored on vStorage
Encrypting the content of stored files (objects) is an effective data security solution. By encrypting data at rest, the data is transformed into a form that cannot be read by those without access. This helps protect data from unauthorized access, even if an attacker can access the system's storage gateway.
VNG Cloud currently provides the following mechanisms for encrypting the content of stored files (objects) on the vStorage service:
Client-side encryption: In this mechanism, the user is responsible for managing the key and workload of the encryption process. Data will be encrypted on the user's machine or application layer.
Server-side encryption: VNGCloud provides the feature to encrypt file content (objects) stored on the vStorage service using the encrypt endpoint. When customers upload files through this endpoint, the data is automatically encrypted before being stored. This mechanism provides high security benefits for sensitive data. Specifically, you can use vStorage endpoint with the following parameters:
Farm
Farm ID
Authentication endpoint
vStorage endpoint
Mục đích sử dụng
HCM03
8b1e9c9b-7123-54a5-ua8f-2d67d71c9212
https://hcm03.auth.vstorage.vngcloud.vn/v3
https://hcm03-encrypt-vstorage.vngcloud.vn
Khi sử dụng encryption endpoint này, dữ liệu của bạn sẽ được tự động mã hóa khi tải tệp tin lên vStorage theo đúng chuẩn mã hóa AES-256.
Note:
When you upload a file through the encryption endpoint, the file is encrypted before being stored on vStorage. Now, to download the file, you can use any vStorage endpoint of the HCM03 farm and the downloaded file will already be decrypted.
Uploading files through the encryption endpoint will make your files more secure but may reduce upload speeds. Average upload speeds when using encryption endpoints can be reduced by 5% to 10% compared to uploads using conventional endpoints.
Last updated
