two people on scaffolding silhouette sunset working on construction site

The Cloud Made Simple

Cloud File Security and Encryption

Panzura CloudFS™ incorporates FIPS 140-2 certification, military grade encryption, secure erase, and other important security features to protect your enterprise’s most valuable assets.


Ransomware Recovery

In the event of a ransomware attack, malicious code is inserted into your files, changing them. Panzura recognizes altered file data, and the resulting encrypted files are written to the object store as new data. A legacy storage system allows a file to be edited as this code is inserted, changing the file itself. By contrast, when a file is infected by ransomware on CloudFS, it is now comprised of completely new blocks of data. 

Since CloudFS preserves existing data as original objects in the object store, any file encrypted by the ransomware code can be immediately reverted back to its state prior to infection, using snapshots. This can be easily done for a single file, entire directories, or even the entire global file system. With Panzura’s immutable data, your files aren’t encrypted at all. Instead, file pointers are now pointing to data blocks containing encryption. Reverting to the snapshot prior to the attack points back to clean data blocks … and your clean files are back.

Unlike restoring from a backup, this approach allows granular restoration of files, with a near-zero recovery point objective, to minimize any data loss.

See why Panzura customers don’t pay ransoms.

Strong Security

Panzura ensures enterprises are responsible for their portion of the shared responsibility security model employed by so many clouds today. When connected to the cloud, enterprises should make sure the cloud has strong security measures — but should also make sure not to rely on cloud encryption and security measures alone. Panzura CloudFS encrypts data in two ways:

  1. Data at rest is encrypted using AES 256-bit algorithms.
  2. Data in transit is encrypted using TLS 1.2

Secure Erase

IT environments often require the ability to securely remove all traces of highly sensitive files. Secure erase makes it possible to delete a file or folder so that the contents cannot be restored, even using the most advanced technology available.

The secure erase capability is the highest purge level that can be attained without physically destroying the disk drives. It removes all versions of specified files and folders from the Panzura Freedom filer and the associated objects stored in the cloud and ensures all data is securely erased and replaced with zeros.

Secure erase can be used with any supported cloud provider.


Private Secure Sites

A private secure site, also known as a dark site, is an installation with security restrictions that requires absolutely no external communications. These installations can include government and military sites, government and military contractors, industries such as healthcare and finance, and regulated industries such as gaming.

Panzura Freedom fully supports private secure site mode, which will disable all external public communications in a manner that is compliant with the most stringent security requirements.


Additional Important Security Features

Strong, standards-based authentication methods for file access.

Secure access to Panzura
administration tools.

Data is deduplicated and compressed before it’s sent to the cloud, providing an additional layer of security by obfuscating the data.

To learn more about Enterprise Cloud Data Protection and Compliance, download the technology brief.


How Data is Secured

  • NIST compliance
  • Military-grade AES-256-CBC encryption
  • KMIP for encryption certificates
  • Data masking & obfuscation 
  • Secure erase