...
Therefore the proposed user driven, device management event flow, will be as follows.
Vault Manager to anchor handling of security policies
This module in EVE, will be responsible for periodic device policy fetch from controller and enforce them on the device. More details, are specified in [Ref.1].
Break-up of the proposed security config
The policies are grouped into two major categories
- Data At Rest Policies
- Data In Transit Policies (mostly a placeholder for now, added for future use)
Data at Rest Policy
Data at rest security is applicable for the Application Instance mutable business sensitive data and storage for EVE sensitive configuration information.Application instance mutable business sensitive data will be stored in a reserved partition/directory and the security policy configuration will be applied on it.
...
- encryption algorithm
- data handling policy
- data recovery policy
- key rotation policy
- key Information
Encryption Algorithm
This specifies, the encryption algorithm to be used for data at rest security. [Ref. 1].
- NONE
- AES256
- ADIANTUM
Data handling policy
Data handling policy will define, sensitive storage data handling, on encryption algorithm change,
...