Helping to protect Customer Data at rest and Customer Data in transit

Customer Data is an organization’s most valuable and irreplaceable asset, and encryption serves as the last and strongest line of defense in a multilayered Customer Data security strategy. 21Vianet cloud services use encryption to safeguard Customer Data and help you maintain control over it. Encrypting your information renders it unreadable to unauthorized persons, even if they break through your firewalls, infiltrate your network, get physical access to your devices, or bypass the permissions on your local machine. Encryption transforms Customer Data so that only someone with the decryption key can access it.

Our products also use industry-standard secure transport protocols for Customer Data as it moves through a network—whether between user devices and datacenters or within datacenters themselves. To help protect Customer Data at rest, 21Vianet offers a range of built-in encryption capabilities.

Secure identity

Identity (of a user, computer, or both) is a key element in many encryption technologies. For example, in public key (asymmetric) cryptography, a key pair—consisting of a public and a private key—is issued to each user. Because only the owner of the key pair has access to the private key, the use of that key identifies the associated owner as a party to the encryption/decryption process. Microsoft Public Key Infrastructure is based on certificates that verify the identity of users and computers.

Secure infrastructure

21Vianet uses multiple encryption methods, protocols, and algorithms across its services to help provide a secure path for Customer Data to travel through the infrastructure, and to help protect the confidentiality of Customer Data that is stored within the infrastructure. 21Vianet uses some of the strongest, most secure encryption protocols in the industry to provide a barrier against unauthorized access to your Customer Data. Proper key management is an essential element in encryption best practices, and 21Vianet helps ensure that encryption keys are properly secured by Microsoft’s technology.

Protocols and technologies examples include:

Transport Layer Security/Secure Sockets Layer (TLS/SSL), which uses symmetric cryptography based on a shared secret to encrypt communications as they travel over the network.

Internet Protocol Security (IPsec), an industry-standard set of protocols used to provide authentication, integrity, and confidentiality of Customer Data at the IP packet level as it’s transferred across the network.

Azure Storage Service Encryption encrypts Customer Data at rest when it’s stored in Azure Blob storage. Azure Disk Encryption encrypts your Windows and Linux infrastructure as a service (IaaS) virtual machine disks by using the BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the operating system and the data disk.

Transparent Data Encryption (TDE) encrypts Customer Data at rest when it’s stored in an Azure SQL database.

Secure apps and data

Microsoft Azure, Microsoft 365Microsoft Dynamics 365 and Microsoft Power Platform online servicesoperated by 21Vianet use encryption to safeguard Customer Data and help you maintain control over it. When Customer Data moves over a network—between user devices and Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services datacenters or within the datacenters themselves— Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services use industry-standard secure transport protocols. For Customer Data at rest, Microsoft Azure, Microsoft 365, Microsoft Dynamics 365 and Microsoft Power Platform online services offer a range of encryption capabilities, giving you the flexibility to choose the solution that best meets your needs.

Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet

Microsoft Dynamics 365 and Microsoft Power Platform online services operated by 21Vianet follows Microsoft Azure standards for Data in Transit and Data at Rest, so you gain the assurance that your Customer Data is protected by consistent methodology whether at the Azure platform layer or in the Microsoft Dynamics 365 and Power Platform online services offering.