This article explains Login and Data Replication Policies for Organizations.
Introduction
KODiAC Cloud Services manages cryptographic operations, auditing, access control, data storage and recovery, and other service capabilities. These are implemented in the context of a Server Set, introduced in the article, Trusts, Profiles, and Server Sets. Server Sets are deployed in numerous data centers around the globe.
Data Management Policies
Regulatory requirements stipulate that certain forms of information should not be globally distributed in cloud storage systems. Sensitive data records should thus be stored within geopolitical boundaries defined by data owners. SSProtect and KODiAC support flexible, policy-based management of how and where content is replicated (or not replicated). This same Policy allows you to determine how authorized Accounts access content, whether from within the same Region or a limited set of nearby or trusted Regions.
Regional Login Policy
SSProtect Login is required to establish a Session that uses your Identity to govern data access and service requests. These requests are handled by your host's :Foundation Client and dispatched to KODiAC Cloud Services, in turn hosted in Server Sets.
Login directs your first request(s) to the nearest Server Set, reducing latency that would be encountered if you attempted to connect to a Server Set in another region. At that time, and after your Account is authenticated and authorized, Login Policy manages subsequent action.
This Login Policy may deny access based on where you're located - or it may redirect your request to another region for a, "long-distance" direct connection to proceed. This is handled behind the scenes, and invisible to end-users. Privileged Organization Users define the underlying Policies to establish the rules.
Global Data Replication Policy
As you work with and manage data, KODiAC creates, accesses, and modifies configuration and content on your behalf. This content may include :Recover protected end-user data that you later Restore, or it may be the cryptographic keys and primitives required to manage ongoing access.
In either case, content is stored local to the Server Set to which your :Foundation Client is connected, then replicated to other Server Sets as you wish. As a Privileged Organization User, you determine when, where, and how this content is (or is not) replicated.
Login and Replication Policy Defaults
By default, Users in your Organization can at first Login to the Home Server Set, which is the Server Set you used to create your Organization Administrator Account. Subsequent changes allow you to expand access by enabling Account Registration from other Regions. You can, at the same time, determine where and how content is Replicated so Users in remote regions have direct and low-latency access to your Organization's managed content.
By allowing SSProtect Organizations to determine both where content is replicated, globally, and how authorized Account holders access this data, you can maintain adherence to Regulatory requirements while at the same time making certain SSProtect and KODiAC deliver high-performance access to managed content and associated services.
Additional Resources
You can search this site for more information on various topics, or use this link to submit a specific request. You can also send email directly to support@definisec.com, and our staff will respond to your needs as soon as possible.
In the meantime, don't forget to check out our primary website and Insights columns for information on current trends, security topics, and how our technologies relate.
This article was updated w/ v9.8.1 of the :Foundation Client