Then, each chunk is encrypted using its own unique key. Each file to be stored is broken into one or more chunks, depending its size. Here's how that data is secured:Īll content is encrypted, potentially with multiple keys, and distributed across the datacenter. All customer content in OneDrive for Business and SharePoint Online will be migrated to blob storage. These credentials are stored in a separate physical location from either the content or the content keys.įor additional information about FIPS 140-2 compliance, see FIPS 140-2 Compliance.įile-level encryption at rest takes advantage of blob storage to provide for virtually unlimited storage growth and to enable unprecedented protection. The encrypted content is distributed across a number of containers throughout the datacenter, and each container has unique credentials. Every step of this encryption uses Advanced Encryption Standard (AES) with 256-bit keys and is Federal Information Processing Standard (FIPS) 140-2 compliant. The keys to the encrypted content are stored in a physically separate location from the content. Further, every update to every file is encrypted using its own encryption key. While BitLocker encrypts all data on a disk, per-file encryption goes even further by including a unique encryption key for each file. Per-file encryption is also in OneDrive for Business and SharePoint Online in Microsoft 365 multi-tenant and new dedicated environments that are built on multi-tenant technology. While this data is already transmitted by using a private network, it is further protected with best-in-class encryption.Įncryption at rest includes two components: BitLocker disk-level encryption and per-file encryption of customer content.īitLocker is deployed for OneDrive for Business and SharePoint Online across the service. For instance, SQL Server transaction logs and blob storage deltas travel along this pipe. All SSL connections are established using 2048-bit keys.ĭata movement between datacenters The primary reason to move data between datacenters is for geo-replication to enable disaster recovery. In OneDrive for Business and SharePoint Online, there are two scenarios in which data enters and exits the datacenters.Ĭlient communication with the server Communication to OneDrive for Business across the Internet uses SSL/TLS connections.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |