Home > Storage > PowerScale (Isilon) > Product Documentation > Storage (general) > PowerScale OneFS Operating System > Security
To help enterprises meet their corporate governance and compliance requirements, OneFS includes robust security options that offer unprecedented levels of scale-out NAS security.
OneFS and SmartLock software combine to provide Write Once Read Many (WORM) data protection to prevent accidental, premature, or malicious alteration or deletion of your critical data. With OneFS, we also help you meet regulatory and governance needs – including stringent SEC 17a-4 requirements - by providing tamper proof data retention and protection of your business-critical data.
You can further enhance security by using the role-based administration capabilities of OneFS. This feature enables you to establish a secure role separation between storage administration and file system access, improving security and preventing malicious or accidental changes to your data.
OneFS also enables you to create Access Zones to provide secure, isolated storage pools for specific departments within your organization. This also allows you to consolidate storage resources for increased operating efficiency without compromising organizational security.
To complement this, OneFS auditing can detect potential sources of data loss, fraud, inappropriate entitlements, access attempts that should not occur, and a range of other anomalies that are indicators of risk - especially when the audit associate’s data access with specific user identities.
In the interests of data security, OneFS provides ‘chain of custody’ auditing by logging specific activity on the cluster. This activity includes OneFS configuration changes and SMB client protocol activity, both of which are required for organizational IT security compliance, as mandated by regulatory bodies like HIPAA, SOX, FISMA, and MPAA.
OneFS auditing uses the Dell Common Event Enabler (CEE) to provide compatibility with external, third-party audit applications like Varonis DatAdvantage. This feature allows OneFS to deliver an end-to-end, enterprise-grade audit solution.
OneFS also provides a solution for the security of data at rest. This solution involves dedicated storage nodes containing self-encrypting drives (SEDs), in combination with the OneFS KMIP-compliant encryption key management system. This means that the data on any SED which is removed from its source node cannot be unlocked and read, guarding against the data security risks of hard drive theft. SED drives can also be securely wiped before being repurposed or retired using cryptographic erasure.
OneFS encryption of data at rest satisfies several industry regulatory compliance requirements, including US Federal FIPS 104-2 Level 2 and PCI-DSS v2.0 section 3.4.
To further increase the protection and security of in-flight data, OneFS provides encryption for clients that support the SMBv3 protocol version. This can be configured on a per-share, zone, or cluster-wide basis. Encryption is also provided for SyncIQ replication over untrusted networks.
Also, OneFS provides a hardened profile that can be enabled for sites that are looking for additional security or need to comply with the US Department of Defense’s Security Technical Implementation Guide (STIG).
Finally, OneFS supports anti-virus detection and remediation by integration with most common AV software vendors, including Symantec, TrendMicro, Kaspersky, McAfee, and Sophos.