A cyber vault provides the ability to improve cyber resiliency by creating an isolated copy of production data. With a clean, separate, and protected copy of data always on standby, organizations can rapidly recover data back to its original source, or alternate backup locations, in case of a ransomware attack or other incident that compromises production or primary backup systems. A modern cyber vault strategy uses “virtual air gap” technology that protects backups but allows for temporary network connections to enable necessary remote access—albeit with very strong controls—while further isolating data with the cloud as needed. A well-designed cyber vault can be an effective part of a robust data isolation and disaster recovery strategy.
What is the capability of a cyber vault?
Leading cyber vault solutions offer five key capabilities: they isolate data; they tightly control access to it; they make sure the data cannot be tampered with; they allow for quick identification and recovery of the latest “clean” data to minimize data loss and downtime of business-critical systems; and they are easy to use and manage.
Here’s a deeper dive into each of these capabilities:
Isolate data — Data isolation is when an organization implements physical, network, or operational separation of critical data to keep it safe from both external cyberattacks and internal threats. There are numerous ways to isolate data. Traditional air gaps isolate data both physically and electronically. But this total isolation makes it difficult to achieve the recovery time objectives (RTOs) and recovery point objectives (RPOs) of today’s businesses, which typically run 24/7. That’s why successful cyber vault strategies employ “virtual air gaps” that provide organizations with the protection of physical air gaps while allowing them to securely access the air-gapped assets from anywhere in the world.
Tightly control access — Cyber vaults should be accessible to as few people as possible, so both administrator and user permissions should be minimal. This would ideally involve role-based access control (RBAC) with multi-factor authentication (MFA). For especially sensitive actions or procedures, such as deleting backup copies, and to execute data recovery, quorum authentication requires the intended action to be approved by two or more people.
Resist tampering — Hackers are extraordinarily savvy. Organizations cannot rule out the possibility that hackers could surmount isolation and access control barriers. And insider threats are also very real. Because of all this, immutability and encryption both in-flight and at-rest are necessary to prevent malicious actors from tampering with data, even when it has been cyber vaulted. Combining write-once-read-many (WORM) technology with immutability offers strong defenses against both internal and external threats.
Quickly identify and recover the latest clean data — One of the biggest problems with combating ransomware is that such malware is designed to enter a backup system and lie in wait, sometimes for many months, making it difficult to identify the last clean, uninfected backup copy of data. Leading cyber vault solutions use artificial intelligence (AI) to detect the latest version of uninfected data, minimizing data loss.
Easily use and manage — Finally, cyber vault solutions should have an intuitive interface to promote simple operations and management. Not only will this minimize time to value and maximize the ROI of the investment, but it will ease support burdens on already-stretched IT staff.
Why do you need a cyber vault?
Protecting against cyberattacks, particularly those launched with ransomware, is an ongoing battle. Virtually all organizations have invested significant time and money in backup and recovery solutions, and use multiple overlapping technologies to protect their data, including shipping magnetic tapes off-site or deploying and maintaining remote clusters at parallel infrastructure environments. But these methods are complex, time-consuming, costly, and error-prone. For example, restoring data from tape is rarely able to meet RTOs, RPOs, or other service-level agreements (SLAs).
Cyber vaults simplify the process of restoring data to business-critical systems and getting organizations back online quickly to meet even the strictest SLAs. They also do this for low total cost of ownership (TCO) and high ROI.
How does cyber vaulting improve your cyber resilience?
The definition of cyber resilience, according to the U.S. National Institute of Standards and Technology (NIST), is “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.”
Here are the ways cyber vaulting meets each of these requirements to improve cyber resilience:
Anticipate — Knowing that backups are most vulnerable when connected to public-facing networks, successful cyber vault strategies employ air gaps—both physical and virtual—to prevent unauthorized access. Additionally, cyber vaults are only accessible on a need-to-have-it basis using RBAC with MFA. Quorum authentication is especially useful for sensitive actions as two or more people are required to approve.
Withstand — The most effective cyber vaults use immutability and encryption both in-flight and at-rest to prevent malicious actors from tampering with data, even when it has been isolated, virtually or physically. Combining WORM technology with immutability offers strong defenses against both internal and external threats.
Recover from — Leading cyber vault solutions use AI technologies such as machine learning (ML) to detect the latest version of uninfected data, minimizing data loss and getting business critical systems online again as soon as possible.
Adapt — Top cyber vault solutions are also easy to manage and re-configure based on experience and learning to ease support burdens on the IT staff.
Cohesity and cyber vaulting
Data today is central to every organization. Given their dependence on it—no matter if it is stored on premises or in the cloud—cybercriminals see data as a tempting target. It is thus more vulnerable than ever to cybersecurity threats, especially ransomware.
The traditional 3-2-1 strategy of backing up data—three copies of data, on two different media, with one of them in an off-site environment—no longer cuts it for protecting valuable and sensitive data. Although a physical air gap model where data is stored on tapes and moved off-site to isolate it ensures data security, recovery is slow. It is virtually impossible to meet enterprise-grade SLAs with such a strategy.
Cohesity recommends a modern strategy, with a “virtual air gap” that also involves physical separation, and network and operational isolation, but which keeps data secure and highly available.
Cohesity FortKnox is a software-as-a-service (SaaS) cyber vault, data isolation, and recovery solution that improves cyber resiliency by storing an immutable copy of data in a Cohesity-managed cloud. By significantly simplifying backup operations while lowering costs, FortKnox enables organizations to both prevent and recover swiftly from any attacks.
The FortKnox cyber vault does this in three ways:
Provides an additional protection layer — As an important component in the multi-layered Cohesity security architecture, FortKnox is built using the mutually supportive philosophies of least privilege and segregation of duties along with granular Zero Trust security principles. By storing an immutable copy of data in a Cohesity-managed cloud vault via a configurable transfer window or virtual air gap, FortKnox is able to ensure that data is further protected with RBAC, encryption, MFA, a WORM lock policy, and a “quorum” rule that requires at least two employees to approve any critical actions.
Offers all the benefits of the SaaS model — In a pay-as-you-grow service, FortKnox empowers organizations to connect, vault, and recover data while keeping costs to a minimum. No need to worry about deploying and maintaining “do-it-yourself” (DIY) data vaults or the associated cloud storage or egress costs, as they are covered in the FortKnox subscription. When teams need to safely deposit data to the cloud, vault, or recover it quickly, Cohesity establishes a temporary and highly secure network connection that limits access to the isolated data by cybercriminals and unauthorized insiders while supporting business SLAs.
Recovers swiftly if the worst happens — FortKnox delivers fast, granular recovery of data back to the source or an alternate location, enabling enterprises to be more agile. Preferred recovery sites may be onsite, a public cloud (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform), or an edge location. Since FortKnox prevents vaulted data from being modified, organizations with compromised or lost production data can be confident knowing that they can easily identify and recover an untainted copy of data.
Cohesity is also a founding member of the Data Security Alliance, an organization of more than a dozen security industry heavyweights, giving businesses and governments more ways to win against cyberattacks.