Cohesity FortKnox: Data Isolation and Recovery as a Service

This article was contributed by Cohesity.

Data powering business operations is more valuable than ever. It is also more vulnerable than ever to cybersecurity threats, power outages and natural disasters. This reality has forced organizations to rethink their approaches to the 3-2-1 strategy of backing up data — three copies of data, on two different media, with one of them in an off-site environment. Although a traditional air gap model where data is stored on magnetic tapes and moved off-site for data isolation ensures data security in the face of increasing ransomware attacks, it impedes rapid recovery which prevents teams from achieving stringent service-level agreements (SLAs). To stay competitive while protecting data, enterprises are embracing a modern 3-2-1 strategy that includes a virtual air gap with physical and network isolation and provides both secure and highly available data.

Modern air gap for the cloud era

Cohesity FortKnox powers a modern 3-2-1 strategy for the cloud era that effectively balances organizations' security and agility priorities. A SaaS data isolation and recovery solution, FortKnox improves cyber resiliency with an immutable copy of data in a Cohesity-managed cloud vault via a virtual air gap. Organizations relying on FortKnox gain an additional layer of security against ransomware and other cybersecurity threats through physical, network and operational isolation. FortKnox dramatically simplifies operations and lowers costs, eliminating the complexity and resource requirements of internally managed isolation solutions. FortKnox is a cloud service empowering organizations to prepare for and recover quickly and confidently from attacks with granular recovery back to the source or an alternate location, including the public cloud.

Managing data vaults on-premises or in the cloud can be complicated and costly for internal teams, particularly as they encounter skills gaps and ever-more destructive ransomware that deletes backups and steals data. FortKnox overcomes these obstacles with a new data isolation technique that improves data resiliency amid rising ransomware attacks.

Additional protection layer safeguards data and reputations

FortKnox is an integral part of the multilayered Cohesity Threat Defense architecture built on the notion of least privilege and segregation of duties with granular Zero Trust security principles. It keeps bad actors at bay with advanced access controls and early threat detection capabilities. FortKnox stores an immutable copy of data in a Cohesity-managed cloud vault via a configurable transfer window or virtual air gap and that copy of data is further protected with safeguards. These include role-based access (RBAC), encryption, multi-factor authentication (MFA), a WORM lock policy and a quorum rule that requires at least two employees to approve any critical actions, protecting data from unauthorized access or tampering. FortKnox allows for the management of global data vaults through a single UI and also automatically scans for cybercrimes by monitoring anomalous snapshots.

As-a-Service consumption dramatically simplifies operations and lowers costs

In a pay-as-you-grow service that keeps costs down, FortKnox empowers organizations to simply connect, vault and recover data. When teams need to safely deposit data to the cloud vault or recover it quickly, Cohesity establishes a temporary and highly secure network connection that limits access to the isolated data by cybercriminals and unauthorized insiders while supporting business SLAs. Teams can leverage FortKnox self-service data vaulting and recovery with customizable protection policies. Not only does FortKnox minimize enterprise attack surfaces, it also reduces the likelihood of a data breach.

Rapid recovery saves time and improves business continuity

FortKnox delivers fast, granular recovery of data back to the source or an alternate location, enabling enterprises to be more agile. Preferred recovery sites may be onsite, a public cloud (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform), or an edge location. Since FortKnox prevents vaulted data from being modified, organizations with compromised or lost production data can be confident knowing that they can easily identify and recover an untainted copy of data. In contrast to legacy backup and air gap solutions, FortKnox simplifies the recovery of specific files and objects quickly — without having to restore whole data volumes.

Learn more about FortKnox and WWT and Cohesity's joint capabilities.