Best practices to secure data in CloudLink

After configuring and setting up CloudLink Center, it is recommended that you follow certain best practices to secure your data in CloudLink.

Following are the best practices to manage and secure the CloudLink Center and encryption keys:
  • Rotate keys automatically—It is recommended to rotate keys on a scheduled basis. By setting an automatic rotation interval, encryption keys are updated without further effort . These rotations can be set at one day, seven days, 30 days, and 365 days interval. You can also customize the rotation interval. You can set the key rotation interval while creating a machine group or update it while modifying the machine group properties. For more information about setting key lifetime, see Create a machine group to CloudLink Center.
  • Shred keys periodically—It is recommended to shred keys periodically to protect the data. Key shredding is destroying or deleting the encryption keys that is used for securing the data that was previously stored on the respective machine. You can shred a key by shredding a machine from CloudLink Center. By shredding a machine, you are deleting keys in all accessible keystores. For more information about shredding a machine from CloudLink Center, see Shred a machine from CloudLink Center.
  • Automatically backup CloudLink Center—To prevent data loss or database corruption, it is important to have a backup of CloudLink Center so that you can deploy a new server and restore CloudLink Center from the backup. CloudLink Center automatically generates a backup file each day at midnight (UTC time). You can choose to change this backup schedule to an hourly basis or how frequently you want to backup CloudLink Center. For more information about changing the schedule for automatic backups, see Change the schedule for automatic backups.