Let's Talk About Security
Today, Rubrik announced the r528, the industry’s first security-enhanced converged data management appliance.
So, let’s talk about security. Not just the kind that you set in place to keep your actual devices safe, but also what you do to protect the data on them. All of your data. Including your backups.
Remember when one of the largest regional banks in the United States “lost” computer back-up tapes containing personal information including social security numbers and bank account information for over 260,000 of its customers? That was in 2012. With the amount of digital data generated annually projected to grow to 44 ZB (1 zettabyte = 1 trillion gigabytes) by 2020¹, and a growing trend in data breaches, it is even more imperative to apply the highest security standards to all of our data, even backups.
Often times we think of data security as something applied to the information generated via transactions. We encrypt data in-flight to ensure data is secure against eavesdropping or manipulation as it travels across a network. We even put in place checks on data in our primary systems to ensure the data we really care about can’t be hacked into.
What about data that’s been backed up and now sits on a device in a data center or on a tape in “the mountain”? Well that’s secure by default because we can’t recover it easily anyway, right? Wrong answer. Our backup data needs to be accessible, searchable and archivable. But if we unlock that power for our backups, it also needs to be unbreachable. This includes the portals for getting the data backed up in the first place, and also upon any restoration. It should be secure whenever there is any data movement and at rest. If someone walks into your server room and walks off with a hard drive, they shouldn’t be able to plug it in and access all your files without proper authentication.
Rubrik’s converged data management solution unlocks all the power of your data and encrypts it at rest as well. Take a look at the the r528 appliance with FIPS 140-2 Level 2 certified drives. With self-encrypting HDDs and SSDs, flexible key management options, and physical tamper evidence, the r528 provides the highest level of FIPS certification for backup and recovery to the industries that need them most in a cost-effective way: federal, state, and local government, as well as the financial, legal, and healthcare sectors.
Self encrypting drives aren’t overrated. They offer a level of confidence that the hardware housing the data is secure without any interference from external software. The customer has no additional setup for the SED, and they provide the extra security without any performance degradation. Because the data is protected by an encryption module, it’s also easier to delete the data on the drive if needed. Rather than overriding or reformatting the entire drive, one must simply destroy this key to achieve the same result.
How do customers manage their passwords and keys? This is where dual key management comes in. Our customers sometimes have their own key management solutions that they want to continue using with their backup devices. Rubrik offers the Trusted Platform Module (TPM). In true Rubrik form, it is simple, easy and just works. There is nothing to install or setup – every r528 appliance ships with it, and it’s up to our customers to use it or not.
As a Rubrik customer, you already have the advantage of converged data management – you’ve increased the manageability and efficiency of your backup and recovery systems. You have hopefully reduced the number of pieces of hardware and software it takes to backup, compress, restore, search and archive your information. Now you’re doing it even more securely. Don’t back up. Go forward.
¹ Source: IDC, 2014