All Noraina Cloud storage is encrypted by default and we follow standard destruction procedures when dealing with media that is not longer on production.
Hosts
Our hosts have the hypervisor partition encrypted using Microsoft's Bitlocker technology and the key is stored in the hardware Trusted Platform Module (TPM), so any kind of tamper will disable access to that partition.
Instance Storage
Each of our datastores is also Bitlocker protected, with protector key stored offline, in an encrypted vault. So in case of storage outage, our Engineers need to enter the relevant key to recover access after ensuring system integrity. While running, protector key is managed by Bitlocker
Replica Storage
As our replica environment is able to start replicated instances, they are encrypted in the same way as the primary storage
Backup Storage
Backup storage is kept off-site at various encrypted at rest object storage provider. While the provider is also encrypting the media, all backup jobs encrypt the data using a key that never is stored in full at the storage provider. As we are using the same system as Noraina Efficient Cloud Backup to backup our customer instances, you can read this document about its encryption for more detail
