What is Cohesity FortKnox?

Why would a customer need Cohesity FortKnox?

Which use cases are best suited for Cohesity FortKnox?

What security measures are used to keep my data safe?

What compliance or security certifications does Cohesity’s DMaaS services have?

Do I need Cohesity DataProtect to use FortKnox?

What service level agreements (SLAs) should I expect for the FortKnox service?

Is FortKnox a fully managed service?

How will Cohesity FortKnox help customers?

Is Cohesity FortKnox air-gapping data?

Can customers air gap data with Cohesity today?

What are the Cohesity prerequisites for Cohesity FortKnox?

Why do customers need Cohesity FortKnox if they already have a Cohesity backup cluster that is immutable?

How is Cohesity FortKnox different from DataProtect or SiteContinuity if all are recovering data in case of a ransomware attack?


1. What is Cohesity FortKnox?

Cohesity FortKnox is an upcoming Cohesity SaaS service that provides customers an easy way to create a third copy of backup data - isolated in a secure data vault in the AWS cloud - and recover this data back to source or alternate locations in case of a ransomware attack or other disaster that compromises primary and secondary copies of the data. It helps customers eliminate the complexity and large CapEx investments of DIY data vaults and traditional tape outs.


2. Why would a customer need Cohesity FortKnox?

Data Isolation and recovery to protect against ransomware, disasters and bad actors is not new to customers. In fact they may already be employing a variety of methods including shipping magnetic tapes offsite or deploying and maintaining remote clusters at parallel infrastructure. However, both these methods are complex, time-consuming, costly and error-prone. Restoring from tape in particular is seldom able to meet strict recovery SLAs.

Cohesity FortKnox simplifies this complexity by providing a modern SaaS solution for isolating data in the cloud that minimizes attack surfaces and improves recovery time SLAs. Additionally, it also helps improve ransomware attack and recovery preparedness by identifying clean copies of data to minimize the risk of reinfection, and by providing an environment for sandbox testing of recovery operations.


3. Which use cases are best suited for Cohesity FortKnox?

Cohesity FortKnox is best suited to address the following use cases:

  • Ransomware protection and recovery
  • Deploying defense-in-depth strategy
  • Protection for sites that are not vaulting data yet
  • Select workloads where cloud vaulting is preferred
  • Edge location data vaulting
  • Dynamically changing workloads/agile environments


4. What security measures are used to keep my data safe?

Your data is secured both in transit and at rest — and we give you the option to manage your own encryption keys or have our service manage them for you. For more information visit the Cohesity Trust Center page.


5. What compliance or security certifications does Cohesity’s DMaaS services have?

The Cohesity Helios platform in which DMaaS offerings run on is SOC 2 Type II certified on the Security, Availability, and Confidentiality Trust Services Categories. Cohesity DataProtect maintains Common Criteria EAL2 and FIPS 140-2 Level 1 certificates. Additionally, Cohesity can make available a standard Business Associate Addendum (BAA) for organizations with applicable HIPAA compliance requirements. For more information visit the Cohesity Trust Center page.


6. Do I need Cohesity DataProtect to use FortKnox?

Yes. You need Cohesity DataProtect before you can use FortKnox.


7. What service level agreements (SLAs) should I expect for the FortKnox service?

Cohesity provides our Helios SaaS SLA for this service. Please see our Helios Service Level Agreement for more details.


8. Is FortKnox a fully managed service?

Yes, but each organization is responsible for their unique settings and configurations.


9. How will Cohesity FortKnox help customers?

  • Cohesity FortKnox will simplify operational complexity for our customers by providing a Cohesity-managed SaaS solution for data isolation.
  • It also provides an additional layer of protection against ransomware in addition to immutability by creating an operationally air gapped copy of data that is tamper-resistant and isolated from ransomware attacks or bad actors.
  • It also helps customers avoid CapEx and move to a predictable OpEx model.


10. Is Cohesity FortKnox air-gapping data?

True air gapping requires complete isolation of management and network connectivity to achieve data resiliency. In today’s world where we need to be able to rapidly recover business operations at scale - for example following a ransomware attack - Cohesity FortKnox provides the right balance of secure isolation and speed of recovery via a dynamic connection or ‘virtual air gap’ to meet the needs of the business.


11. Can customers air gap data with Cohesity today?

Yes, customers can air gap their data today with Cohesity in a number of ways. They can use magnetic tape and ship it offsite or deploy and maintain parallel infrastructure with appropriate controls to serve as a data vault. Cohesity FortKnox is an additional way for our customers to achieve data isolation where Cohesity manages the data vault via a modern SaaS solution that eliminates operational complexity and CapEx for them. It has several advantages over tape in terms of speed and reliability of recovery and ease of use over DIY data vaults.


12. What are the Cohesity prerequisites for Cohesity FortKnox?

Cohesity FortKnox is a SaaS offering that is a complementary service to an existing on-prem/self-managed Cohesity cluster. The copy stored in Cohesity FortKnox is a tertiary copy and should complement existing data protection practices like maintaining snapshots for operational recovery and replicas for disaster recovery.


13. Why do customers need Cohesity FortKnox if they already have a Cohesity backup cluster that is immutable?

By providing a modern “3-2-1” alternative to the “1” being magnetic tape, Cohesity FortKnox can serve as additional insurance in case there is physical damage (natural disasters, power loss, etc.) to a Cohesity backup cluster or in scenarios where a rogue internal employee with authorized access tampers with the backup data.Since Cohesity manages the KMS or ‘keys’ to Cohesity FortKnox, the isolated copy of data that better protects you from both external and internal bad actors and can be recovered quickly and easily when needed.


14. How is Cohesity FortKnox different from DataProtect or SiteContinuity if all are recovering data in case of a ransomware attack?

In the 3-2-1 rule for Data Protection, you need 3 copies of your data in 2 locations with 1 being isolated. DataProtect provides the ability to rapidly recover from operational copies (e.g. Snapshots). SiteContinuity provides the ability to replicate and failover/failback data between 2 locations. Cohesity FortKnox provides the ability to create an isolated 3rd copy of the data in the cloud.