In the world of cloud and data mobility, there is an expectation that information can be accessed anytime, anywhere and from any device. While this expectancy was originally driven in the form of public cloud services, enterprise users quickly took advantage of these services as corporate IT struggled to keep up.
This user-driven move to store corporate assets in the public cloud was not without risk. Corporate information began to leak into public clouds outside of the traditional enterprise security perimeter and was stored in places that lacked an appropriate level of enforceable security and compliance.
Today’s enterprises have no doubt about the advantages of mobility for business advantage and agility. Hitachi Vantara supports this capability by enabling enterprises to allow their users to securely access data anytime, anyplace and from any device through Hitachi Content Platform Anywhere (HCP Anywhere). This white paper describes the security aspects of HCP Anywhere.
User Access and Security
Hitachi Content Platform Anywhere controls user access by leveraging existing authentication and authorization infrastructure in the customer environment.
End-User and Administrative Authentication
In HCP Anywhere, administrators and end users are authenticated against Microsoft Active Directory (AD) via the Kerberos protocol. HCP Anywhere maintains lists of authorized AD groups that are permitted to access the system. Each user that requires access must be a member of at least one authorized AD group.
Also, HCP Anywhere supports SAML 2.0 protocol to authenticate users via identity providers (IdP) including Active Directory Federation Services (AD FS). This allows HCP Anywhere to authenticate users located in multiple AD forests.
Active Directory Status Change
The user’s status must remain active within AD in order to authenticate. A user will lose the ability to authenticate and access HCP Anywhere if his or her user account is:
- Removed from all AD groups that are registered with HCP
- Expired in
- Deleted from
- Locked or disabled in
Hitachi Content Platform Anywhere provides a variety of controls to enforce security no matter how end users want to access their data.
Device Access:Each user is permitted to register up to a specified number of devices (desktop and mobile) with HCP Anywhere. The HCP Anywhere administrator can configure the number and type of devices allowed for each user or profile.
Deregister Device and Data Wipe:At any time, the user or an administrator may deregister any registered device. On the next connection with the HCP Anywhere system, the deregistered device will note its state change and no longer synchronize. All HCP Anywhere data on the client is automatically deleted (by default) when it is deregistered. Additionally, administrator- configurable system settings allow deregistration of inactive devices after a certain number of days.
Data Security Controls
Data flows from the HCP Anywhere clients via the HCP Anywhere system to the Hitachi Content Platform object store for storage. No copies of the data remain on HCP Anywhere system.
As data moves between the client and the HCP Anywhere system, all network communication occurs over HTTPS with TLS (transport layer security) to prevent eavesdropping or tampering. Data in transit is always encrypted. The administrator can determine how this encrypted network traffic is terminated.
There are three options for implementing data-in-flight encryption on HCP Anywhere:
- The TLS protocol session can take place from the client all the way to the HCP Anywhere
- The TLS protocol session can take place from the client to the organization’s load balancer or firewall, terminate there, then transition to an unencrypted socket connection to the HCP Anywhere
- The TLS protocol session can take place from the client to the organization’s load balancer or firewall, terminate there, then transition to a new TLS session (with a new key) from the load balancer to the HCP Anywhere
In addition, administrators can configure the communication between HCP Anywhere system and HCP object storage to use HTTPS with TLS, for security.
HCP Anywhere system allows organizations the choice of using self-signed or trusted third-party certificates. HCP Anywhere can generate a certificate signing request if required or certificates can be uploaded in PKCS12 format. Optionally, self-signed certificates can also be generated. The mobile and desktop connections will leverage these certificates for secure transmission of data to and from HCP Anywhere.
- HCP Anywhere application’s storage device, the HCP system, can be configured to encrypt all data at rest within it. Data at rest is encrypted using 256-bit AES.
- All HCP Anywhere data on iOS clients is natively encrypted on disk without option by iOS itself. Please refer to “iOS Security” published by Apple Inc.
- HCP Anywhere currently does not perform data-at-rest encryption on the other client devices. HCP Anywhere clients are compatible to operate with corporate deployed disk encryption software technologies.
To protect users from accidental file or folder deletion, or unwanted file content changes, HCP Anywhere has a versioning capability. There are two versioning policies: latest versioning and extended versioning.
The HCP Anywhere administrator can set limits on the versioning policy. They can set both the length of time that any historical version remains accessible in the system, and the number of historical versions that remain accessible in the system. These parameters operate independently.
Hitachi Content Platform Object Store Security
HCP Anywhere stores its data onto the HCP object store and takes advantage of its legacy of offering enterprise- class security. The application leverages the multitenancy capabilities of HCP such that all HCP Anywhere data is isolated to its own private tenant. Within the HCP Anywhere tenant inside HCP, the application creates additional private namespaces to securely store the user files and backup copies of the HCP Anywhere database. These namespaces can only be accessed by the HCP Anywhere system.
A properly configured HCP has many additional features to safeguard that integrity of the data. These features, taken in aggregate, ensure that the system does not require backup.
HCP Anywhere Networking
HCP Anywhere has two separate networks.
- Corporate Network:
- Communicate with HCP Anywhere clients. This traffic comes over the internet and/or is routed over internal networks and should be configured through the company load balancer or firewall infrastructure. HCP Anywhere supports multiple options for SSL
- Communicate with corporate infrastructure behind the firewall, with, for example AD, DNS, NTP server, Virus Scanning Engine, NAS System, and HCP storage. For security purposes, corporate infrastructure should be segregated from HCP
- Private Network: This network is only used for HCP Anywhere internode communication and troubleshooting.
HCP Anywhere Node Hardening
- If a user is logged into the management console or the web portal and clicks on logout, all browser sessions will be terminated.
- HCP Anywhere software makes no direct SQL calls. All database functionality is passed through stored procedures to prevent SQL injection
- HCP Anywhere is validated against an industry-standard vulnerability scanner to identify and resolve common security issues such as:
- Weak SSL
- Form injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Product code upgrades are online, fast and customer executable. This enables rapid reaction to any newly discovered security
- Monitoring of system access attempts via both the web portal and management console so that a user or administrator can spot suspicious
- External security assessment and audit completed on a periodic basis.
In summary, HCP Anywhere allows an organization to select the appropriate level of security that is required for its environment. The comprehensive list of HCP Anywhere security features includes:
- AD and SAML authentication of users.
- Restrict access to specified device types, deregister devices and remote wipe select data.
- EMM and MDM integration.
- Data encryption.
- Virus and ransomware protection.
- Full data recovery.
- Full audit logging.
- Secure sharing and collaboration.
- Security and penetration testing.
Security is a core tenet of HCP and the HCP Anywhere system. Hitachi Vantara is committed to continue expanding the security capabilities of HCP Anywhere in future versions of the product while maintaining a positive user experience for end users and administrators alike. HCP Anywhere enables users to be more productive and teams to collaborate effectively, while maintaining high security and compliance certification standards.