Siddharth Agrawal, Product Manager, Cloudian
Data security is complicated. Compliance with security regulations has never been more important than it is today. It takes a lot of work to ensure your organization has a solid security program in place. How can you ensure you’re doing everything you can to protect your organization’s data?
Here are the 5 things to keep in mind when picking a bulletproof enterprise data storage solution that not only satisfies the compliance requirements but also allows self-governance.
1. Ability to preserve the records in a non-rewritable, non-erasable format aka WORM (Write Once Read Many) — Most compliance regulations mandate that the records should be maintained in an unalterable medium for the required retention period so that they can be accurately reproduced for later reference. Cloudian® HyperStore® provides WORM protection for stored records by supporting the standards-based S3 “Object Lock” functionality. HyperStore uniquely identifies each record object using a combination of bucket name, object name, and version identifier. You can lock the objects for the desired time by specifying the retention period and selecting the mode as Compliance or Governance on a per-object basis. Additionally, a legal hold may also be placed on a record object to protect against modification, overwrite, and deletion until the legal hold is released.
2. Ability to prevent deletions or modifications at the filesystem level by the root user — Merely providing a software-based WORM functionality is not enough. Most of the available solutions restrict data modification operations to only account root users at the storage level. It is equally important to restrict access at the filesystem level by the root user. Cloudian HyperStore goes much further, disabling the root user at the filesystem level and enabling HyperStore Shell for systemwide protection. HyperStore has earned the Common Criteria for Information Technology Security Evaluation certification, with an Evaluation Assurance Level 2 (EAL2) designation and meets rigorous international security standards for use in government deployments.
3. Duplicate copy of record stored separately — Many compliance regulations mandate storing a second copy of the data, separately from the original. In case one copy is compromised, lost, or damaged, administrators and/or auditors should be able to recover from the other copy. By allowing storage policies on a bucket level, HyperStore allows customers to fulfill this requirement at bucket level granularity. In a distributed multiple data centers deployment, you can configure a data center assignment scheme. This determines which of your data centers to use for storing data, for each bucket.
4. Ability to readily download the records — Many compliance requirements necessitate an adequate capacity to readily download records and the associated metadata. HyperStore allows searching and downloading of the records using Cloudian Management Console, HyperStore Command Line Interface, and HyperStore S3-compatible APIs.
5. Audit logging — Monitoring user activity is essential to observe and prevent any unusual activity on the systems. All S3 client activity pertaining to setting Object Lock attributes on a bucket or on individual objects, and all S3 client attempts to delete locked objects, are logged in an audit log. For deeper analysis and forensics you can use Cloudian HyperIQ™ Enterprise, which provides user behavioral analytics to monitor the user and bucket level activity on the Cloudian HyperStore cluster.
Much of your organization’s success will be determined by how well you secure and use data and information technology. Ensuring that your organization is deploying the right security features and protections is more essential than ever before. Choosing a bulletproof enterprise data storage solution is required not only to meet compliance requirements but also to ensure business continuity and success.
You may also be interested in:
A new ransomware attack occurs three times a minute. Don’t let your company be next. Download our guide to understand ransomware threats and what you can do to protect your organization.
Key topics include:
- The four most common types of ransomware attacks
- Eight urgent steps you can take today
- Three dangerous myths about ransomware
- Three ways cyber insurance can hurt you
In this white paper, we exam three important security questions every CIO should ask about your data storage platform and why getting clear answers to each one matters.
1. How are we protecting data in-flight and data-at-rest?
2. Can our data be made immutable or tamperproof?
3. Does our data storage architecture meet our compliance requirements?
The Rise of Ransomware and How it Has Impacted Enterprise Data Security
Hear Richard Stiennon, industry analyst and author of Security Yearbook 2020, as he investigates the rise of ransomware, the top concern of most organizations today.
View this webinar on-demand to learn about:
- The rapid evolution from end-user attacks to attacks targeting entire organizations.
- The technologies used in ransomware.
- The impact on cyber insurance policies.
- The multi-layered defenses against ransomware attacks being deployed.
- The vital role of immutable data backup and recovery in defense against ransomware.