Cohesity said it can protect user data in a cloud vault it describes as secure as Fort Knox, a military base where about half of the U.S. Treasury's stored gold is kept.
Cohesity FortKnox has entered general availability, enabling managed SaaS data protection capabilities for the Cohesity Helios platform. The service enables users to create an air-gapped digital vault within AWS that is managed by Cohesity, which can enhance an organization's cyber resilience and recovery times against ransomware or other disaster recovery concerns.
Air gapping typically refers to the protection provided by the physical act of disconnecting a hard drive or tape from a network environment, but modern computing environments have created a need to extend the definition to include environments fully outside an organization's infrastructure, such as the public cloud.
Cohesity FortKnox provides access to additional cyber-resilience tools such as object lock, data immutability and anomaly detection in data using other capabilities in the Helios platform. Data protection can be further enhanced by requiring multifactor authentication or minimum user quorums to change data retention policies.
Shifting to a cloud data center over tape backups also enables faster, more granular recovery according to Cohesity, and helps organizations meet the requirements for a 3-2-1 backup policy, the common industry standard to follow for viable data backups.
The 3-2-1 backup policy for data ultimately involves more than just an air-gapped data copy, said Johnny Yu, a research manager at IDC. Complete recovery should involve additional recovery strategies such as digital forensic research and following recovery insurance guidelines.
"[FortKnox is] a very good Step 1 for having a recoverable copy of data," Yu said. "There's a gap for who's in charge of your data. That's an extra chasm for the bad guys."
Total cost of the service is based on how many TB are under Cohesity's control and how much AWS storage is used, according to Cohesity. There is no charge for recovery actions.
Sealing a skill gap
Organizations understand the need for cyber resilience and up-to-date security policies, but may lack in-house expertise to build and maintain a program, said Robert Shields, director of product marketing for data governance, security and privacy at Cohesity.
"You have that extra layer of security for that worst-case ransomware attack," he said. "A customer buys it, points their backup at it, and we're off and running."
The service also enables users to create an additional data vault backup at an alternative location created and managed by the user on premises or in another cloud.
The isolated nature of the primary vault, despite existing in AWS, does help protect backups from infection, Yu said. Modern ransomware attacks typically aim to corrupt the backup data rather than simply the production data.
"You don't want to risk restoring the malware that got you into this situation in the first place," Yu said. "There needs to be an in-between step. That's where the isolated recovery comes in."
Cohesity spokespeople said the company isn't discussing any additional partnerships or hyperscaler options at this time. AWS has been a partner and equity investor in Cohesity for the past several years, supporting or funding other Cohesity SaaS products.
A Midas opportunity
Larger organizations, especially those facing stiff regulatory and compliance demands, may balk at having to place backups into a different and public cloud.
Cohesity FortKnox will likely serve midmarket organizations that need safe backups but don't have the staffing or capital to create their cyber-resilience systems, according to Krista Macomber, a senior analyst at Evaluator Group.
"These are companies that can't typically afford to purchase, deploy and manage their own [vaults]," she said.
At the end of the day, I have a working backup system. I'm looking for the results and I don't want to be the one to do that all myself.
Johnny YuResearch Manager, IDC
Many managed vault services can be recreated using the intrinsic policies, capabilities and facilities of hyperscalers such as AWS, Microsoft Azure and the Google Cloud Platform, Yu said. Organizations may see value with not having to build cybersecurity infrastructure, even if it requires relinquishing some control, Yu said.
"At the end of the day, I [as a SaaS customer] have a working backup system," he said. "I'm looking for the results and I don't want to be the one to do that all myself."
Tim McCarthy is a journalist living on the North Shore of Massachusetts. He covers cloud and data storage news.
