Supported Data Security & Storage Class Life Cycle Options

• Overview
• Authentication Best Practice
• Data Inflight Encryption
• Data at Rest Encryption
• Data Retention Policies
• Object Data Version Control

Overview

Data copied to objects can have several policies applied for security, retention and versioning.  This section covers supported options.

Authentication Best Practice

S3 devices support access and secret keys to authenticate remote applications to the S3 bucket.  This is the recommended best practice.

Amazon S3 Recommendation

AWS advises against using IAM roles for GoldenCopy, as GoldenCopy operates within an on-premises environment, and IAM roles are designed specifically for AWS resources, making them incompatible for this purpose.

Data Inflight Encryption

1. Adding endpoints using https ensures that inflight data will be encrypted using TLS security protocol.
2. The endpoint can use self signed or signed certificates.  Certificate signing is external to Golden Copy, and no configuration is required to support signed or unsigned.

Data at Rest Encryption

1. S3 targets that support customer provided keys to encrypt data at rest would be configured on the S3 provider bucket level.
2. Consult S3 target documentation about default data at rest encryption keys that are applied without any configuration at the storage bucket level.
3. No support for object level encryption keys.

Data Retention Policies

1. Data retention for objects is configured at the bucket level using the S3 target administration policies.
2. Create different storage buckets to set different retention levels for copied objects.

Object Data Version Control

1. Version control is configured at the bucket level following S3 target documentation.  Golden Copy supports versioning by updating existing objects with a newer version, NOTE: No configuration is required within Golden Copy to use Versioning on your S3 target device.   If versioning is enabled on the storage bucket both versions will be available using S3 bucket browsing tools.
2. A future version of Golden Copy will support version aware recall feature that allows a specific version of data to be recalled based on a date range.  Check documentation for the build and version number that support version aware recall.  The command supports recall data older than or Newer thann  x date and time.
   1. Azure object versioning configuration 
      1. General Overview
      2. How to Enable or disable Blob Versioning
   2. AWS object versioning configuration
      1. General Overview
      2. How to Enable S3 Versioning 
   3. All other supported S3 targets consult vendor documentation.