Oracle has built a Generation 2 Cloud specifically to meet the needs of demanding enterprise usage, where security of customer data is the first priority. In our continuous effort to ensure data security, we’re excited to announce that Oracle Cloud Infrastructure File Storage now provides a customer-selected option for in-transit encryption. This feature is now available at no additional cost in all OCI regions.
In-transit encryption secures communication between cloud compute instances and mounted file systems by using Transport Layer Security (TLS) 1.2 encryption. Together with other methods of security—such as Oracle Cloud Infrastructure Key Management and the existing capability of the File Storage service for AES-256 data encryption at-rest for newly created file systems—File Storage provides end-to-end security of data to help customers meet stringent compliance and regulatory requirements.
To enable in-transit encryption, you install a package, called oci-fss-utils, on each cloud compute instance that accesses the File Storage service. The oci-fss-utils package creates a network namespace and virtual network interface on your instance and provides a local NFS endpoint. The oci-fss-utils package also runs a forwarder process in the background, called oci-fss-fowarder.
The file system is mounted using a special command that initiates encryption. After the file system is mounted, the oci-fss-fowarder process connects the local NFS client to the NFS endpoint. The process then receives requests from the NFS client, encrypts them, and sends them to the mount target using a TLS tunnel.
Here are the general steps for setting up in-transit encryption:
These steps ensure that in-transit encryption is configured correctly for all connections. Doing so ensures that data remains protected at all times while passing through the Oracle Cloud Infrastructure network and when at rest in the storage system.
With this new encryption feature, shared data in Oracle Cloud Infrastructure File Storage continues to be encrypted at-rest and now can be encrypted in-transit as well.
To learn more about security in relation to Oracle Cloud Infrastructure File Storage, see the following resources: