Greater data protection: Immutable backups to the cloud with Hitachi Data Protection Suite (HDPS)

Cyber threats are rapidly increasing in sophistication and persistence. As threats increase, security expenditures are expected to reach $133.8 billion worldwide annually by 2022, according to IDC.1 Despite the increase in awareness and spending, every 14 seconds an organization will still fall victim to ransomware, according to the Official Annual Cybercrime Report.2 These statistics reinforce the importance of recovery readiness. With cloud storage a popular choice for offsite copies, the question of data security becomes an important consideration. To address this, many data protection solutions offer robust WORM and immutability options for stronger cloud protection and security.

Combining the HDPS industry-leading security controls, with cloud-based WORM and immutable storage integration, organizations can be assured that their important data cannot easily be deleted, modified, or accessed by malicious cyber and internal threats maintaining compliance with governing regulations.

AAA security framework controls

HDPS protects access, privacy, and control of backup data residing across copies, including cloud. HDPS immutable backup data utilizes a rich feature set and incorporates the AAA security framework principles:

Authentication controls provide and grant access to backup data. This can be thought of as the “gate-keeper.” Features include certificate authentication, two-factor authentication (2FA) and
integration with multiple third-party identity providers using secure protocols such as LDAPS, SAML and OpenID.

Authorization controls determine what level of access is allowed on the HDPS CommCell. Once authentication is allowed, HDPS has various controls such as role-based security, multi-tenancy, privacy locks and multi-level authentication. Each of these features work in tandem to protect data from being accessed, retrieved and deleted. Adding these gates create software isolation, where even administrators are blocked from deleting and accessing backup data as well as reversing security controls. Similarly, if a malicious actor steals access into the CommCell, the backup data is secured from malicious activity within the HDPS platform.

Lastly, HDPS enforces Accountability by auditing events, and actions within the CommCell and providing a rich customizable interface to view this information. Hundreds of reports are readily available in the HDPS store providing deep information on the operations, events and action of the CommCell. Information within reports and dashboards is only visible to users given access. This allows owners to view the same audit reports and dashboards as Administrators, without seeing resources they do not have permission to see. The ability to customize and create your own reports using HDPS data sources, and external APIs, is useful for expanding its capabilities and power. For continuous monitoring, HDPS integrates with third-party tools such as Syslog, Splunk and SNMP systems. This further expands the accounting and audit capabilities within HDPS and provides flexibility to integrate with whatever systems are already.

Immutable backups in cloud

HDPS provides on-premises backup immutability by combining the AAA framework security controls, hardening, data encryption and native ransomware protection locks. However, when designing a solution to protect against ransomware and cyber threats, offsite copies of data is imperative. Cloud storage is an economical solution because resources are readily available, elastic and multi-tiered.

When using cloud storage (such as Amazon Web Services (AWS) or Microsoft Azure), immutability options are enabled at the storage level with the cloud vendor. The cloud destination is configured as a library within HDPS for secondary and/or tertiary copies. When cloud immutability is enabled, the entire storage container is locked and the contents within the container cannot be modified, or deleted for the specified immutability time frame. Using HDPS with immutable cloud storage, has key advantages over other backup products: Hitachi Data Protection Suite security controls and hardening.

If a bad actor was to obtain your cloud credentials, it would be almost impossible to delete, encrypt, manipulate or reverse the immutability options applied to the backup data. If a bad actor was to gain access to HDPS, the software’s AAA security controls and hardening capabilities act as a first line of defense, blocking the bad actor from gaining access and deleting data, while the immutable lock on the storage provides another layer of backup data protection.

Deduplication

When organizations are faced with sending multi-petabytes worth of data to the cloud, cost and bandwidth dominate the conversation. HDPS deduplication begins where the source data resides. Only changed blocks are sent to the cloud, drastically reducing the amount of bandwidth required for copy operations. This also allows more backup cycles (Full, and Incremental backups) to be protected in the cloud, while reducing the storage footprint. Ultimately, HDPS deduplication allows backup copies to quickly get to the cloud, reduce recovery point objectives, increase recover readiness and reduce storage footprint costs.

Encryption and key management

Cloud storage encryption is great for protecting data at rest from being useful if stolen. However, this does not handle source side encryption needs. Hitachi Data Protection Suite’s FIPS 140-2 certified encryption module handles encryption at the source, prior to sending data to the cloud. This ensures every block of data transmitted to the cloud is encrypted and secured. For deeper levels of security, encryption keys can be offloaded to external key management servers, including AWS, Azure, or any KMIP compliant system.

Data management and analytics

HDPS manages retention and backup policies, while cloud manages the immutable locks configured at the storage. Using a multi-tiered approach to storing data in the cloud, organizations can take advantage of cold storage options to save cost, while having the index readily available on-premises or in warmer cloud storage tiers for analytic purposes. HDPS allows immutable backups that exist in cold storage to be analyzed in a cost-effective way and can be leveraged for other business purposes. Without the ability to use a tiered storage approach, backups that exist in cold storage would otherwise be very expensive to index and analyze due to egress/access charges from the cloud provider.

Regulatory compliance

Using Cloud WORM and immutable storage options with HDPS helps organizations address SEC 17a-4(f), CFTC 1.31(d), FINRA, and other regulations related to the recording, storage, and retention requirements for electronic records. AWS3 and Azure4 are both compliant storage options supported by HDPS, designed to meet securities industry requirements for preserving records in a non-rewriteable and non-erasable format using their respective storage locking technologies.

Conclusion

While cyber threats are increasing, your organization can keep pace and mitigate risk. With highly available cloud storage and greater security protection, it is simple to start creating secondary and tertiary data copies in the cloud. Without any extra costs, Hitachi Data Protection Suite will manage, analyze and secure your backup data efficiently, while cloud immutability further locks data from all the various cyber threats rampant today, and in the future. With HDPS, you have the security and protection to store and manage your data on-premises and in the cloud; you are recovery ready.

References

1 Worldwide Spending on Security Solutions Forecast To Reach $103.1 Billion in 2019, According To a New IDC Spending Guide, March 20, 2019

2 CPO Magazine, 11 Eye Opening Cyber Security Statistics for 2019, By Matt Powell, June 25, 2019

3 Amazon Glacier with Vault Lock: SEC 17a-4(f) and CFTC 1.31(b)-(c) Compliance Assessment | https://d0.awsstatic.com/whitepapers/Amazon-GlacierVaultLock_CohassetAssessmentReport.pdf

4 Microsoft Azure Storage: SEC 17a-4(f) and CFTC 1.31(c)-(d) Compliance Assessment | https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob- immutable-storage

Hitachi Vantara

Protect, manage and recover data across your global operations with a data management solution built for the world’s biggest companies.