Resource

Actifio for Cyber Resiliency

Orchestrating Data Recovery Instantly and Securely in Air-Gapped
Object Storage Environments

Download the PDF

Cyber security has long been an integral IT priority governing the methods, processes, and tactics used to protect data and systems. It means implementing the technology and best practices needed to prevent unauthorized data access. Now, cyber resiliency has joined the concept of cyber security as a growing enterprise imperative. Cyber resiliency extends abilities that magnify protection and, more specifically, include capabilities to recover from a cyber attack or data breach. The goal is to demonstrate confidence in data integrity using immutable data copies that assure the availability of data within minutes for continued business operations.

As daily security incidents create new challenges, we see threats not only against production data but also against secondary copies of data used for backup, disaster recovery, analytics, and more. With the increasing incidence of malware, phishing, and denial of service attacks, Actifio recognizes the need for new capabilities to both protect data initially and also automate recovery processes through assured rollback, validation, and air gap techniques. Enterprises also require the implementation of this cyber resiliency strategy to be accomplished with predictable costs as solutions scale.

Leading industry analyst firm, IDC, suggests five key elements be included within cyber security to embrace a
comprehensive cyber resiliency framework:
• Automation and Orchestration: for Recovery of Platforms and Application Data
• Write Once, Read Many: Immutable Storage Technology to Prevent Corruption or Deletion
• Air-Gapped Protection: as a Fail-Safe Copy Against Propagated Malware
• Efficient Point-in-Time Copies: and Data Verification to Quickly Identify Recoverable Data
• Regulatory Reporting and Assurances: Validating Transaction Capture Through Regulatory Reporting Processes
(Source: Five Key Technologies for Enabling a Cyber-Resilience Framework, Phil Goodwin, IDC 2018)

Challenges with Traditional Tools

Some of the biggest challenges that traditional tools face are: large recovery times of mission critical multi-TB
applications; takes an unacceptable amount of time to recover sequentially from various points in time to determine when the data was compromised; have too many physical copies of production applications for test/dev which are easy to be compromised; no role based access control to backup copies; and no WORM capabilities to secure backups from back-end corruption.

Actifio Copy Data Management for Cyber Resiliency

Actifio’s copy data management (CDM) technology offers the ideal platform to establish durable and reliable cyber resiliency. With immutable storage, disaster recovery automation, and comprehensive reporting, Actifio helps organizations rapidly recover clean and secure data copies while restoring application services and quickly resuming business operations after or during a disruptive cyber incident. Particularly for organizations in regulated industries such as financial services and healthcare, the approach outlined here will provide the capabilities to identify and address disruptive risks and to recover more quickly from unexpected cyber attacks.

Actifio Introduces Radical Simplification

Actifio introduces radical simplification of data management. A single platform, Actifio Virtual Data Pipeline™ (VDP), creates virtual full copies of production data for multiple use cases such as backup, disaster recovery, database cloning for test/dev, and instant access to analytics. Some of the key features and benefits that Actifio introduces to ensure data copies are never compromised are:

  1. Role Based Access Control (RBAC): AD/LDAP users can be assigned different roles in Actifio. This ensures that not every user has access to data copies for specific applications and hence reduces the probability of accidental deletion of such data copies.
  2. Retention Lock at software layer: When this feature is enabled, even an administrator can not delete / expire backup images. This keeps the data copies safe from a disgruntled administrator who could have potentially deleted them.
  3. WORM capability at storage layer: This feature ensures that even if a rogue user has access to the underlying S3 compatible object storage where the data copies are stored, they will not be able to delete / change/expire them.
  4. Encryption: All data copies are encrypted in-flight and at-rest by Actifio under the file system. This ensures that users who have access to storage subsystems can never access the data.
  5. Air Gap: Actifio’s cyber resiliency platform design allows enterprises to “mind the gap.” This feature helps administrators to establish an air gap between Actifio software and the storage where the data copies will be stored by separating them not only geographically, but also by enabling the network access only during the backup window.
  6. Reduction of Surface Area of Attack: Actifio helps reduce the number of physical copies and hence the surface area of attack with its unique capability to reuse its data copies (traditionally created for backups) directly for test/dev/analytics environments while not consuming any extra physical storage.

Actifio provides the following key features that help enterprises recover rapidly in the event that production
application data has been compromised:

  1. Instant mount & recovery: Users can recover their mission critical multi-TB applications and databases instantly in minutes, thus ensuring that enterprises are not spending hours and days waiting for data to be recovered.
  2. Wide workload support: Actifio can not only recover instantly for VMs, but also for multi-TB databases, cloud VMs, physical servers, NAS filers etc, thus ensuring that all applications in an enterprise are cyber resilient.
  3. Instant recovery from any point-in-time: Users can rewind, similar to a DVR, to any point-in-time and instantly mount and recover VMs, databases, and physical servers, thus significantly reducing RTO.
  4. Instant recovery from multiple points-in-time simultaneously: In a situation when users don’t know when the production applications were compromised (likely from a ransomware attack), Actifio helps users to recover systems from multiple points-in-time simultaneously, thus reducing the time to recover to right before the corruption/attack occurred.
  5. Automated recovery more frequently: Users can specify an automated instant mount and recovery of mission
    critical applications on a daily basis and perform data integrity checks to catch any cyber attacks very quickly
    and minimize the downtime further.

In summary, Actifio’s copy data management technology provides a comprehensive feature set and functionality to enable cyber resiliency for mission-critical applications. Actifio provides critical protection for data copies used for backup, recovery, test/dev, among many other use cases, while also delivering core capabilities to recover quickly in the event of a security attack such as ransomware or malware. Actifio gives confidence to thousands of enterprises around the world and continues to lead the way in developing innovative cyber resilience solutions that help our clients more quickly respond to and recover from disruptive cyber incidents.

“In today’s data landscape, security and privacy are at the top of our agenda.
No company wants to be in the news when it comes to data protection, which
is why we require the ability to recover instantly at any point in time. Actifio
has given our organization peace of mind with its disaster recovery automation
and reporting platforms. It helps us rapidly recover clean and immutable copies
of data, restore application services, and resume standard business operations
quickly during or after any disruptive cyber incidents.”
CIO, MULTINATIONAL CONSULTING FIRM

Download the PDF