Cohesity FortKnox is an upcoming Cohesity SaaS service that provides customers an easy way to create a third copy of backup data - isolated in a secure data vault in the AWS cloud - and recover this data back to source or alternate locations in case of a ransomware attack or other disaster that compromises primary and secondary copies of the data. It helps customers eliminate the complexity and large CapEx investments of DIY data vaults and traditional tape outs.
Data Isolation and recovery to protect against ransomware, disasters and bad actors is not new to customers. In fact they may already be employing a variety of methods including shipping magnetic tapes offsite or deploying and maintaining remote clusters at parallel infrastructure. However, both these methods are complex, time-consuming, costly and error-prone. Restoring from tape in particular is seldom able to meet strict recovery SLAs.
Cohesity FortKnox simplifies this complexity by providing a modern SaaS solution for isolating data in the cloud that minimizes attack surfaces and improves recovery time SLAs. Additionally, it also helps improve ransomware attack and recovery preparedness by identifying clean copies of data to minimize the risk of reinfection, and by providing an environment for sandbox testing of recovery operations.
Cohesity FortKnox is best suited to address the following use cases:
- Ransomware protection and recovery
- Deploying defense-in-depth strategy
- Protection for sites that are not vaulting data yet
- Select workloads where cloud vaulting is preferred
- Edge location data vaulting
- Dynamically changing workloads/agile environments
Your data is secured both in transit and at rest — and we give you the option to manage your own encryption keys or have our service manage them for you. For more information visit the Cohesity Trust Center page.
The Cohesity Helios platform in which DMaaS offerings run on is SOC 2 Type II certified on the Security, Availability, and Confidentiality Trust Services Categories. Cohesity DataProtect maintains Common Criteria EAL2 and FIPS 140-2 Level 1 certificates. Additionally, Cohesity can make available a standard Business Associate Addendum (BAA) for organizations with applicable HIPAA compliance requirements. For more information visit the Cohesity Trust Center page.
Yes. You need Cohesity DataProtect before you can use FortKnox.
Cohesity provides our Helios SaaS SLA for this service. Please see our Helios Service Level Agreement for more details.
Yes, but each organization is responsible for their unique settings and configurations.
- Cohesity FortKnox will simplify operational complexity for our customers by providing a Cohesity-managed SaaS solution for data isolation.
- It also provides an additional layer of protection against ransomware in addition to immutability by creating an operationally air gapped copy of data that is tamper-resistant and isolated from ransomware attacks or bad actors.
- It also helps customers avoid CapEx and move to a predictable OpEx model.
True air gapping requires complete isolation of management and network connectivity to achieve data resiliency. In today’s world where we need to be able to rapidly recover business operations at scale - for example following a ransomware attack - Cohesity FortKnox provides the right balance of secure isolation and speed of recovery via a dynamic connection or ‘virtual air gap’ to meet the needs of the business.
Yes, customers can air gap their data today with Cohesity in a number of ways. They can use magnetic tape and ship it offsite or deploy and maintain parallel infrastructure with appropriate controls to serve as a data vault. Cohesity FortKnox is an additional way for our customers to achieve data isolation where Cohesity manages the data vault via a modern SaaS solution that eliminates operational complexity and CapEx for them. It has several advantages over tape in terms of speed and reliability of recovery and ease of use over DIY data vaults.
Cohesity FortKnox is a SaaS offering that is a complementary service to an existing on-prem/self-managed Cohesity cluster. The copy stored in Cohesity FortKnox is a tertiary copy and should complement existing data protection practices like maintaining snapshots for operational recovery and replicas for disaster recovery.
By providing a modern “3-2-1” alternative to the “1” being magnetic tape, Cohesity FortKnox can serve as additional insurance in case there is physical damage (natural disasters, power loss, etc.) to a Cohesity backup cluster or in scenarios where a rogue internal employee with authorized access tampers with the backup data.Since Cohesity manages the KMS or ‘keys’ to Cohesity FortKnox, the isolated copy of data that better protects you from both external and internal bad actors and can be recovered quickly and easily when needed.
In the 3-2-1 rule for Data Protection, you need 3 copies of your data in 2 locations with 1 being isolated. DataProtect provides the ability to rapidly recover from operational copies (e.g. Snapshots). SiteContinuity provides the ability to replicate and failover/failback data between 2 locations. Cohesity FortKnox provides the ability to create an isolated 3rd copy of the data in the cloud.