• Partners Pricing
  • Partner PortalCustomer Sign in

  • Menu

    Close
    • Google Workspace Backup
    • Microsoft 365 Backup
    • K8s Backup & Management
    • Platform Overview
    • Pricing
    • Partners
    • About Afi
    • Support
    • Blog
    Sign in

  • Platform

    Overview of Afi technology and next-generation architecture

Application Backup

  • — Google Workspace (G Suite)

  • — Microsoft (Office) 365

  • — K8s Backup & Management

About

Learn more and get in touch with us

  • Terms & Conditions

  • Privacy Policy
  • Terms of Service

  • Social Networks

  • Twitter
  • Linkedin

  • Security & Legal

From the blog

  • Google Workspace Backup Solutions Review
  • Microsoft Teams Backup: Options & Key Features
  • Can Ransomware Hit Your Microsoft 365 Data?

  • Resources

  • Support ticket

    Submit a new support ticket or check the resolution of an existing ticket

  • Documentation

    Review product documentation in Afi Knowledge Base

Afi Announces Encryption Key Management Assessment Completion

Alan Photo
Sep 27, 2023
~3 min read•~500 words

At a Glance

  • Afi completed a encryption key management assessment project, evaluating Afi encryption mechanisms and encryption key management infrastructure.
  • The assessment follows the secure code review project and leverages its results.
  • Existing Afi customers and potential customers may contact Afi support or sales teams to get the project report.

Intro

We are proud to announce the successful completion of the Encryption Key Management System (KMS) Assessment project conducted by SecureIT, a leading cybersecurity and risk audit firm.

This assessment follows the comprehensive secure code review project that Afi announced last week. SecureIT leveraged the analysis from the source code review project to zero in on Afi data encryption mechanisms and key management infrastructure.

The successful completion of this project is a significant milestone for us, providing both Afi and our customers with additional independent validation of our data protection controls.

 1 

What Is a KMS Assessment?

The goal of the Encryption Key Management System Assessment project was to evaluate Afi encryption implementation and encryption key management infrastructure.

During the KMS assessment, SecureIT manually reviewed Afi source code and infrastructure, identifying vulnerabilities in the Key Management System (KMS) implementation and assessing risks related to encryption key exposure, unauthorized access, and potential data breaches.

In addition to analyzing encryption configuration and infrastructure SecureIT conducted an analysis of encrypted file samples to validate cryptographic properties of encrypted data.

 2 

How Is It Related to Afi Secure Code Review?

During the the Secure Code Review – which was completed earlier – Secure IT analyzed Afi source code, encompassing all significant components of the application. The code review involved a manual assessment of potential weaknesses within the source code and the presence of adequate information security controls within the application.

SecureIT used results from the code review project to conduct this KMS assessment, specifically focusing potential weaknesses and vulnerabilities with respect to data encryption, confidentiality and integrity.

 3 

Project Results and Report

SecureIT’s examination of Afi encryption KMS did not identify any misconfigurations or weaknesses in encryption that an attacker can target or exploit. The assessment confirmed Afi's sound approach to data protection.

SecureIT noted Afi’s well-architected cloud infrastructure design, providing recommendations to further enhance the architecture. It also confirmed Afi’s implementation of multi-layered encryption approach, with encryption keys stored securely, ensuring the confidentiality and integrity of sensitive data.

Afi data encryption key chain (default configuration with Google Key Management Service)

Description of Afi layered encryption approach

  • Every backup tenant has its own tenant encryption key created during onboarding. The tenant key is stored in a database (DB) encrypted using an external KMS.
  • The tenant key and never leaves the secret-manager, ensuring that the tenant key remains protected.
  • Afi also supports Bring-Your-Own-Key (BYOK) capabilities, enabling customers to use their own KMS provider (including AWS and Azure KMS). Backup archives (groups of resources that belong to one tenant) are also encrypted using a per-archive archive key. The use of the archive key enhances data security by isolating the encryption keys for individual archives.
  • The data key is encrypted by the archive key which in turn is encrypted by the tenant key. This layered encryption approach ensures that sensitive data is well-protected and requires the appropriate keys for decryption.

The assessor also examined the key storage and rotation mechanisms, protecting encryption keys from unauthorized access and potential compromises.

The KMS Assessment report, along with the Secure Code Review report, is available for existing Afi customers and potential customers upon request.

 

Related stories

G Suite email backup options overview.

How to recover deleted G Suite Drive files, Gmail data and Contacts?

Ready to try Afi? It only takes 1 min.

Start free trial
© Afi
Security & Legal
Terms
Privacy