Why would a customer need Cohesity FortKnox?
Which use cases are most suitable for FortKnox?
What security measures are used to keep my data safe?
What compliance or security certifications does FortKnox have?
Do I need Cohesity DataProtect to use FortKnox?
What service level agreements (SLAs) should I expect for the FortKnox service?
Is FortKnox a fully-managed service?
How will FortKnox help customers?
Can customers air gap data with Cohesity today?
What data sources will FortKnox support?
What are the Cohesity prerequisites for using FortKnox?
Are multiple versions of FortKnox available? What are the differences between them?
Why do customers need FortKnox if they already have a Cohesity backup cluster that’s immutable?
Cohesity FortKnox is a SaaS cyber vaulting solution that improves cyber resiliency with an immutable copy of data in a Cohesity-managed cloud vault via a virtual air-gap. FortKnox is part of the Cohesity Cloud Service (CCS) portfolio and provides an additional layer of protection against ransomware and other cybersecurity threats while dramatically simplifying operations and lowering costs, preparing organizations to recover confidently from attacks. Hosted in Amazon Web Services (AWS), the vaulted data can be recovered back to its original source or alternate locations in case of a ransomware attack or other incident that compromises primary and secondary copies of the data. It helps customers eliminate the complexity and large CapEx investments of DIY data vaults and traditional tape outs.
2. Why did you call it FortKnox?
FortKnox is an impenetrable vault facility that houses half of the USA’s gold reserves, and we have named our secure data vault solution after this facility.
3. Why would a customer need Cohesity FortKnox?
Protecting against ransomware, disasters, and bad actors using cyber vaulting and recovery isn’t new to customers. In fact, they may already be employing a variety of methods to protect their data, including shipping magnetic tapes offsite or deploying and maintaining remote clusters at parallel infrastructure. But these methods are complex, time-consuming, costly, and error-prone. Restoring from tape, in particular, is seldom able to meet strict recovery SLAs.
FortKnox simplifies this complexity by providing a modern SaaS solution for vaulting data in the cloud that minimizes attack surfaces and improves recovery time SLAs. It also helps improve ransomware attack and recovery preparedness. FortKnox monitors for anomalous snapshots that could indicate a ransomware attack. And it identifies clean copies of data to minimize the risk of reinfection.
4. Which use cases are most suitable for FortKnox?
FortKnox is best suited to address the following use cases:
- Ransomware protection and recovery
- Secure, cost-effective cloud archival
- Long-term retention for data governance and compliance
- Deploying defense-in-depth strategy
- Protection for sites that are not yet vaulting data
- Select workloads where cloud vaulting is preferred
- Edge location data vaulting
- Dynamically changing workloads/agile environments
- Qualifying for cyber security insurance
5. What security measures are used to keep my data safe?
Your data is secured both in transit and at rest—and we give you the option to manage your own encryption keys or have our service manage them for you. For more information, visit the Cohesity Trust Center page.
6. What compliance or security certifications does FortKnox have?
Cohesity takes the security of our customers’ information very seriously. We recognize how critical it is to comply with standards and protect the confidentiality, integrity, and availability of information assets. We maintain third-party assessments and assurances to validate the security posture of our products and services against industry standards, including SOC 2 Type II.
Cohesity also performs regular penetration tests by qualified third-party assessors.
7. Do I need Cohesity DataProtect to use FortKnox?
Yes. You need Cohesity DataProtect self-managed before you can use FortKnox.
8. What service level agreements (SLAs) should I expect for the FortKnox service?
Cohesity provides our SaaS SLA for this service. Please see our SaaS Service Level Agreement for more details.
9. Is FortKnox a fully-managed service?
Yes, but each organization is responsible for their unique settings and configurations.
10. How will FortKnox help customers?
FortKnox simplifies operational complexity for our customers by providing a Cohesity-managed SaaS solution for cyber vaulting.
It provides an additional layer of protection and immutability by creating an operationally air-gapped copy of data that’s tamper-resistant and isolated from ransomware attacks or bad actors.
It helps customers avoid CapEx and move to a predictable OpEx model.
11. Is FortKnox air gapping data?
True air gapping requires complete isolation of management and network connectivity to achieve data resiliency. In today’s world where we need to be able to rapidly recover business operations at scale—for example, following a ransomware attack—FortKnox provides the right balance of secure isolation and speed of recovery via a dynamic connection or ‘virtual air gap’ to meet the needs of the business.
12. Can customers air gap data with Cohesity today?
Yes, customers can air gap their data with Cohesity today in a number of ways. They can use magnetic tape and ship it offsite or deploy and maintain parallel infrastructure with appropriate controls to serve as a data vault. They can use FortKnox to achieve data isolation, with Cohesity managing the data vault via a modern SaaS solution that eliminates operational complexity and CapEx. FortKnox offers several advantages over tape: it’s faster, more reliable in terms of recovery, and easier to use than DIY data vaults.
13. What data sources will FortKnox support?
FortKnox continues to add support for new workloads. Find an updated list of data sources here.
14. What are the Cohesity prerequisites for using FortKnox?
FortKnox is a SaaS offering that’s a complementary to an existing self-managed Cohesity cluster. The copy stored in FortKnox is isolated from the primary and backup copies of data. It should complement existing data protection practices like maintaining snapshots for operational recovery and replicas for disaster recovery.
15. Are multiple versions of FortKnox available? What are the differences between them?
Yes, there are two versions of FortKnox available today. Cohesity customers can choose between the FortKnox warm storage tier and the FortKnox cold storage tier—both hosted on AWS—to meet varied business recovery and cost objectives. The warm tier vaults data to meet stringent recovery SLAs. The cold tier vaults data that can tolerate longer recovery times but must be securely retained for the long term to meet compliance requirements.
16. Why do customers need FortKnox if they already have a Cohesity backup cluster that’s immutable?
By providing a modern “3-2-1” alternative to the “1” (magnetic tape), can serve as added insurance in case of physical damage (natural disasters, power loss, etc.) to, or accidental deletion of, the Cohesity backup cluster.
With FortKnox, customers can create an immutable copy of their data in a Cohesity-managed cloud vault via a virtual air gap. The FortKnox data is not hosted in the same environment as the production or primary backup copy of data. The FortKnox data can be configured to be held in a different location than the production and/or primary backup copies of data. Moreover, the vault is kept separate from the customer's AWS instance, which results in an improved security posture and helps protect their vaulted data from both internal and external bad actors.
17. How is FortKnox different from DataProtect or SiteContinuity if they’re all designed to recover data in case of a ransomware attack?
In the 3-2-1 rule for data protection, you need 3 copies of your data in 2 locations, with 1 being isolated. DataProtect offers the ability to rapidly recover from operational copies (e.g. snapshots). SiteContinuity offers the ability to replicate and fail over/fail back data between 2 locations. FortKnox offers the ability to create an isolated 3rd (or 4th or 5th, and so on) copy of the data in the cloud. It differs from the other copies of data due to its many built-in security features that keep the data out of the hands of external and internal bad actors.
FortKnox does not provide automated failover/failback to the DR site.