Panzura, which provides what's called the Panzura Global Cloud Storage System for network-attached storage, backup and disaster recovery, today said its product has earned FIPS 140-2 validation for its encryption technology from the National Institute of Standards and Technology (NIST).
The NIST FIPS 140-2 evaluation program calls for lab testing of encryption security processes in a wide variety of products but this is believed to be the first time that a cloud-integrated storage platform has gained FIPS 140-2 certification, often cited as a requirement in federal contracts. Panzura also announced it has federal government agencies as customers. NIST itself is the first and the second is the U.S. Department of Justice which last December elected to use the cloud storage system.
[Background: The Pros and Cons of Storage as a Service]
"This is the first cloud gateway to be certified under FIPS," said Randy Chou, CEO at Panzura. The product testing was done under the aegis of the Cryptographic Module Validation Program, a joint effort between the U.S. agency NIST and the Canadian agency the Communications Security Establishment, for protection of sensitive information. The Panzura technology tested pertained to military-grade AES-256-CBC (cyclic block cipher) encryption for data in motion and at rest. Transport layer security is also an additional method for protecting data sent to and from the cloud.
Last December, the DoJ division known as the Executive Office of the District Attorneys selected the Panzura cloud-storage appliance to provide global storage consolidation of case data across its 265 sites to the EMC Atmos cloud storage platform. Panzura also partners with Amazon, Dell, EMC, Google, HP, IBM and Nirvanix.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: email@example.com.
This story, "Panzura cloud storage controller gets NIST FIPS 140-2 certification for crypto" was originally published by Network World.