Atlantic.Net Cloud Platform Automatically Encrypts Data At Rest

Healthcare organizations looking to use the cloud for storing ePHI or hosting applications that interact with ePHI require world-class hosting services with top grade security.

To further meet the needs of healthcare clients, Atlantic.Net has implemented a cloud platform that automatically encrypts all customer data at rest for maximum protection against unauthorized data access.

World-class encryption mechanisms are used to encrypt data at the storage layer. For ease of use, the encryption takes place in a transparent manner and requires no configuration to reduce the potential for user error.

The default encryption setting is part of Atlantic.Net’s ongoing efforts to ensure the privacy of all customer data. Atlantic.Net believes customer privacy is paramount, and a security setting as important as encryption should not be an optional or add-on feature. Encryption is provided to all customers free of charge.

Prior to being written to disk, all data is encrypted using the Advanced Encryption Standard 256-bit (AES-256) cipher. AES256 is the only cipher approved by the NSA for top-secret information. Encryption of customer data using AES-256 meets NIST recommendations and compliance requirements in highly regulated industries such as healthcare.

“We believe encryption of customer’s data at rest shouldn’t be an optional feature, but rather a requirement,” said Marty Puranik, CEO of Atlantic.Net. “Encryption in transit and at rest is a central component of our security strategy which will help to ensure data can only be accessed by authorized services within our cloud platforms.”

When a customer stores data on the Atlantic.Net cloud platform, prior to being written to disk, the data is encrypted. That data is then distributed across the storage system in chunks. In order for the data to be accessed by an individual not authorized to view the information, that person would need to identify all chunks of data they want to access. They would then need to supply the corresponding keys to open those chucks of data. Additional controls have also been incorporated to ensure data access can only be granted by authorized roles at authorized points in time.

Encryption by default for all data at rest and in transit, robust access controls, and a host of other privacy and security features ensure that customer data remains private and confidential and healthcare organizations can use the Atlantic.Net cloud platform in full compliance with HIPAA.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.