How is Volumez secured?
  • 23 Dec 2024
  • 2 Minutes to read
  • Dark
    Light

How is Volumez secured?

  • Dark
    Light

Article summary

Data in flight

How does Volumez protect data in transit (for user-to-website communication and between the connector and Volumez service)?

With Volumez, all data in transit is fully encrypted using industry-standard security protocols. We ensure the highest level of security for user-to-website communication and communication between the connector and the Volumez service. To achieve this, we employ HTTPS and TLS 1.3 for all data transmission, providing robust encryption to safeguard the information as it travels between endpoints.

Additionally, authentication is carried out using standard JWT (JSON Web Token) tokens, ensuring secure and authorized access to the services. All communication is initiated from the customer's site or tenant, adding an extra layer of control and security.

At Volumez, we take data protection seriously, and our commitment to following established security best practices helps maintain the confidentiality and integrity of your data during its journey from your system to our service.

Is there any type of inbound communication with Volumez, where the Volumez service accesses my own tenant?

No, all communication schemes are based on outbound communication, where the session is initiated from the customer site.

What is the frequency of exchanging encryption keys for the internal messaging services in use by Volumez?

All encryption keys are changed every 24 hours.

Data at rest

Does Volumez use encryption to protect the data collected from the media and application nodes?

Yes, all data collected is stored securely in encrypted tables. 

How does Volumez protect customer accounts and private data?

We prioritize the security of our customers' accounts and private data by employing multiple measures, including the use of Amazon Cognito—a robust and industry-standard solution. Amazon Cognito is used for user authentication, enabling secure access to Volumez services while managing user profiles efficiently.

What private data is kept on Volumez records?

Refer to our Privacy Policy here.

The Volumez Connector

The Connector is the application deployed on the tenant’s Virtual Machines (VMs) in their cloud or on-premise environment. This diagram illustrates the Connector Provisioning Workflow, focusing on both provisioning and the token-based security mechanisms that ensure secure identification and communication.

The process demonstrates how security is applied using tokens to validate tenants and uniquely identify individual machines. It ensures that all operations initiated by the Connector are authenticated and authorized using token-based security mechanisms.


Key Concepts:

  1. Tenant Token Deployment:

  1. The Tenant Token is pre-deployed with the Connector on the customer’s machine.

  1. It uniquely identifies the tenant (customer) to Volumez.

  1. Connector Provisioning:

  1. Once executed, the Connector reads the Tenant Token and makes an outgoing HTTPS call to the Volumez REST API Gateway (backed by AWS Cognito for authentication).

  1. It sends essential information such as the VM ID, Internal IP address and Tenant Token.

  1. Tenant Host Token Generation:

  1. If the Tenant Token is valid, Volumez responds with a Tenant Host Token.

  1. This token is unique to the Connector and the machine (node) it runs on, precisely identifying the VM for the tenant.

  1. Token Storage and Usage:

  1. The Tenant Host Token is securely saved locally by the Connector.

  1. This token is used in all subsequent REST API operations initiated by the Connector to securely authenticate with the Volumez backend.


Was this article helpful?