# HG changeset patch # User Sebastien Jodogne # Date 1609929029 -3600 # Node ID 5f5519f1491a0a2ca05266abe288cd41079a6d63 # Parent ffdbe8f64e76f6dc17fbf4f5f5cae54b50890cc7 securing the storage diff -r ffdbe8f64e76 -r 5f5519f1491a Sphinx/source/faq/security.rst --- a/Sphinx/source/faq/security.rst Wed Jan 06 09:50:56 2021 +0100 +++ b/Sphinx/source/faq/security.rst Wed Jan 06 11:30:29 2021 +0100 @@ -206,3 +206,40 @@ `__. We are looking for :ref:`an industrial sponsor ` to implement DICOM TLS in the core of Orthanc, as this feature is dedicated to enterprise and cloud environments. + + +Securing the storage +-------------------- + +In general, for security, Orthanc should store its database index +(PostgreSQL, SQLite...) and its :ref:`storage area ` +for DICOM files on an `on-premises, self-hosted infrastructure +`__ with `disk +encryption `__. + +It is possible to move the storage area to a `cloud-based object +storage `__, by using +the :ref:`dedicated storage plugins ` at the condition +that :ref:`Orthanc-side encryption is enabled +`. + + +General remark +-------------- + +In any case, make sure to get legal advice that is very specific to +the legislation of the countries where you are active (for +illustration, check out the recent debates over the `privacy shield +`__ in +Europe). Make sure to understand the implications of using cloud-based +object storage, of using virtual machines in the cloud to store health +data, of using managed database servers (even with +"encryption-at-rest")... + +As a free and open-source project, the Orthanc ecosystem cannot be +taken as liable for any security breach or data leak in your +deployments, for any misconfiguration, for any bad handling of +personal/health data, for any bypassing of regulatory requirements, +for not being compliant with your local legislation, or for any +similar stuff: Orthanc is just software, security is your +responsibility. diff -r ffdbe8f64e76 -r 5f5519f1491a Sphinx/source/plugins/object-storage.rst --- a/Sphinx/source/plugins/object-storage.rst Wed Jan 06 09:50:56 2021 +0100 +++ b/Sphinx/source/plugins/object-storage.rst Wed Jan 06 11:30:29 2021 +0100 @@ -280,6 +280,8 @@ You'll find some performance comparison between VM SSDs and object-storage `here `__ . +.. _client-side-encryption: + Client-side encryption ----------------------