Immutability, a Security Benefit of Enterprise Data-as-a-Service

Starting two weeks ago with the blog of our CEO, Ash Ashutosh, we have witnessed next evolutionary step in the progression of copy data management into Enterprise Data-as- a-Service (EDaaS). Last week in this forum, our own David Chang initiated a fascinating discussion about the security benefits EDaaS can bring to an enterprise. As security is such an important and hot topic across so many industries, this will be one of a few blogs on security.

It’s hard to turn on the news today without hearing something about cyber security. Whether it be accusations of State-sponsored hacking and election manipulation or phishers stealing thousands of records containing personally identifiable data (of which I have been a victim twice in the last two years alone!), even enterprises that don’t view themselves as traditional targets of cyber crime are facing the stark reality of today’s world.

For this week’s topic, let’s discuss immutability, a hot topic in the security and compliance space today. Those in the financial service space will undoubtly recognize that this is a central tenant of the recent “Appendix J” addition to the Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook. To be succinct, immutability is the assurance that precious data, especially that needed for backup or compliance, cannot be altered or destroyed. In the era when tape was king, this was easy to ensure. You wrote your data to tapes, a truck picked them up and locked them up in a secure vault. One couldn’t expect to restore anything meaningful on a timeframe less than the order of days, but one could be reasonably certain and intruder could not break into the vault and destroy or modify data without detection.

Actifio provides nearly instant access to data under its management without regard to the size of the data. Unlike legacy backup systems, Actifio acts like a storage system in its own right with the added “knob” of time. This is achieved by stringing together incremental updates of production data. One can expose any point-in- time dataset to a system that can consume it, and for reasons that go far beyond recovering something lost, as previously discussed in this forum. For this reason, one has to have complete trust that the data presented is indeed a true unmodified copy of the original.

Starting with ingest of production data to Actifio’s “golden copy”, a series of layered systems provide immutability and fidelity of the data. Unlike legacy products that may do a verification check after the fact, Actifio is constantly checking that the data written to disk is what it should be. We call it fingerprinting, and it is so good at its job that Actifio appliances have in essence acted as early warning systems, detecting both failure as well as previously unknown very serious product bugs in underlying storage arrays and hypervisors that were causing silent data corruption!

Once we know the data is correct on disk, it’s important to ensure it stays that way. When a point-in- time is accessed a new “fork in the road” is always created. Changes to that point are always written in an ephemeral sandbox that persists as long as it is needed or dictated by policy. The original chain of changes is immutable. This is not a security function per say, but a necessity when one is serving data as a storage system at wire-speed. One could mount a point-in- time to 200 different users or servers and there would be 200 independently tracked set of changes created, while the original is untouched. Even a fully privileged system administrator, let alone an intruder or inside threat actor, cannot modify the original data.

Even this may not be enough to satisfy the rigors of some regimes that even if all of the appliance’s safeguards failed, that additional “air gapped” copies exist. For this, there are several options. First, Actifio can replicate data over encrypted channels to remote appliances. These can exist on the corporate network, in the major public clouds, or within a Managed Service Provider (MSP). In such cases, appliances can be configured not to share administrative data between them. In other words, an administrator who may be able to log into the first appliance may not have access to the replication partner. Furthermore, appliances can be chained further in a “multi-hop” scenario where ‘A’ sends to ‘B’ which sends to ‘C’. These appliances again can be in disparate locations and managed by different individuals to ensure that no one person or group has access to all of the data. Finally, if that is not enough, Actifio’s new OnVault feature allows administrators to write encrypted data out to object storage, including S3. In this case, the storage layer itself can provide an additional level of immutability. All of these options can be controlled at the SLA level, such that data is given the compliance rules necessary to achieve the business or security objective, while not wasting precious resources on data that is subject to more minimalistic requirements.

Once the fidelity and immutability of the data is established, several interesting use-cases present themselves. Imagine that one finds themselves in the unenviable position of investigating a potential breach. Point-in- time known-good images of the suspected systems are available to be served up by the Actifio appliances. Since Actifio operates at the block level, all metadata information is preserved allowing for complete forensic examination. Unlike backup products, one does not need to wait to restore gigabytes or terabytes of data either. Multiple point-in- time images can be made available and rapidly inspected to determine the presence and/or scope of a breach over time. With Actifio’s application-central SLAs security and/or compliance data such as system logs can be separately protected with potentially more aggressive, longer retention, and more separation of privilege than the rest of the data within the same production physical or virtual machine.

Actifio’s EDaaS solution was designed for resiliency and agility, yet delivers meaningful security benefits without being a security product. Actifio is trusted by some of the most rigorously regulated sectors with regard to security, including global financial institutions and exchanges, defense and intelligence, and healthcare. If your vision is to both make data readily accessible and consumable, while at the same time jealously and vigorously guard and protect it, Actifio DaaS is a major tool to make that vision reality.

– Dr. John A. Meyers, Ph.D.