IT operations teams are facing the pinch of limited staff resources as they seek to meet cyber resiliency and compliance requirements. The use case for data vaulting has never been stronger, but at the same time, the resources to manage a physically air gapped environment, such as a tape storage implementation, are limited. Service-delivered and cloud-hosted solutions are emerging to address this challenge. But IT operations teams are skeptical—and rightfully so—regarding their isolation and security. There are a number of capabilities that must be in place to inhibit nefarious access, and to meet enterprise business continuity requirements.
With this in mind, Evaluator Group evaluated Cohesity FortKnox, a SaaS data vaulting solution that serves as an alternative to traditional air-gapping methodologies such as tape or self-managed data vaulting solutions. This study was done not only to vet the solution’s specific merits, but also to provide IT operations with some food for thought on what to look for in a modern data vaulting solution.
There are a host of capabilities that can contribute to the ability for such “operationally air gapped” solutions to inhibit access to, and malicious tampering of, data. A few rise to the top in their importance for consideration. Here is a list of the top five things to consider when evaluating a data vaulting solution.
1. Data isolation
It’s key to have control over and isolation of the network over which the data is being transferred. In the absence of the ability to have complete physical isolation, this becomes critical. Data should be transferred over a secure network to an isolated storage target. That is, the storage target should be dedicated specifically to the customer, and the network over which data is transferred should be independent of all public-facing environments, including the production and backup environments. We advise customers to look for the ability to control the window of time during which the connection to the vault target is open for the purposes of transferring data. The ability to manually sever access is key, as well, in the event that a security breach is detected. For FortKnox, in addition to meeting the above requirements, Cohesity adds support for the TLS1.2. cryptographic protocol and AWS PrivateLink connections, to further strengthen the solution’s network security.
2. Access control
Access should be privileged, with strict control over who has access to the vault data and policies. Specifically, this means that as few individuals, internal and external to the customer’s organization, as possible should have the ability to make changes to the vault environment, and user permissions should be minimal. In FortKnox, this is achieved through role-based access control, with multi-factor authentication being applied to ensure that only the correct individuals receive access to accounts with administrator-level access. In addition to vetting these capabilities, we vetted FortKnox for potential backdoors that bad actors could use to gain access, such as through the user interface or APIs.
In the event that a malicious actor is able to gain access to the environment, such as through compromised credentials, the ability to enforce two-person concurrence becomes important. This is especially true as hackers continue to find evermore creative ways to gain access, and to protect against rogue admins with authorized access. Cohesity achieves this with FortKnox through a capability it calls Quorum which necessitates the approval of at least a second administrator for potentially destructive operations such as deleting backup copies, and to execute data recovery.
3. Tamper resistance
Hackers are innovative. The unfortunate reality is that they might find ways around isolation and access control measures. Additionally, insider threats such as rogue administrators are real and as a result, immutability and end-to-end encryption are table stakes as additional measures for inhibiting malicious tampering with data. The FortKnox solution automatically applies the AWS Object Lock Write Once Read Many (WORM) capability, which when combined with immutability and quorum features, provides strong defense against rogue admins. Data is encrypted in-flight and at-rest, using the AWS encryption key management system (KMS). Customers can bring their own encryption key, or they can have their encryption key managed as-a-service by Cohesity for additional protection against rogue internal administrators.
4. Recovery
When it comes to recovering from ransomware, customers face a significant challenge. Many ransomware variants are designed to penetrate the backup environment and lie dormant for a substantial period of time, making it difficult for IT operations teams to identify the last clean, uninfected backup copy that should be used for recovery in order to reduce the amount of data loss. Cohesity Helios, the SaaS-based control plane common to all Cohesity services, uses machine learning to help customers identify the last known “good” copy of data.
Along a similar vein, precision in the form of granular recoveries is often important when recovering from ransomware. This can allow IT operations teams to recover their organization’s most critical data first, thus mitigating the downtime of key business services, and it can help them to avoid recovering malware back into production. FortKnox has a granular, copy-based recovery option, in addition to the fast recovery of entire volumes that is available through Cohesity’s flagship Instant Mass Restore capability that’s part of its DataProtect service.
The choice of recovery locations is also important in the event of a ransomware attack because the original backup cluster might be compromised and therefore unavailable for recovery. The ability to recover to an alternate location also comes into play in the event that customers want to verify that data and systems are clean before being restored back into production. FortKnox provides the flexibility of recovering to either the original location or an alternate location including public or private cloud.
5. Ease of use
The last, but not least category, is operational simplicity and manageability, a key item leading IT teams to seek external data vaulting solutions in the first place. IT teams should evaluate solutions for their ease of use and ROI. Our evaluation found FortKnox’s SaaS consumption model and single UI for managing and monitoring global data vaults to be useful in minimizing the burden on IT teams that are already stretched thin. This way, they avoid the complexity and costs (storage costs, egress, etc.) of self-managed solutions, without compromising on security or recovery service level agreements (SLAs). It also provides a choice of warm or cold backend storage targets to help organizations meet varied cost and recovery objectives.
There are a host of nuances to consider when evaluating data vaulting solutions for their effectiveness in terms of achieving data isolation. For additional considerations, access Evaluator Group’s complete Cohesity FortKnox Lab Validation report.