These new solutions can help secure data against attacks while ensuring that enterprises meet compliance requirements.
Protection of stored data has been with us for a long time. It all started with backup.
“Backup been around forever and you still need it,” said Jeremy Burton, CMO of Dell EMC.
But from those humble beginnings, data protection has expanded into an entire universe of technologies. While not the most glamorous of areas within the data storage sector, without it the entire field is in jeopardy. Recently, it’s become a hot area in terms of innovation.
Here are some of the latest offerings in data protection.
Dell EMC’s new Integrated Data Protection Appliance (IDPA) is a pre-integrated appliance that is said to be simple to deploy. It is designed to support a wide ecosystem of applications, both traditional and modern, as well as physical and virtual platforms. It also supports multiple hypervisors and can extend to the public, private and hybrid cloud for long-term retention.
Look upon this appliance as a hyper-converged data protection tool. As VMware is part of the Dell EMC empire, IDPA is optimization for VMware. It includes native cloud tiering, eliminating the need to have a cloud gateway for long-term retention. Data is encrypted in flight and at rest, as well as being deduplicated before it moves to the cloud. Dell EMC is boasting that this is reducing data volumes by an average rate of 55:1.
“IDPA is integrated data protection that provides ten times faster time-to-protect compared to traditional, do-it-yourself data protection solutions,” said Richa Dhanda, director of product marketing, data protection, Dell EMC.
In terms of convergence, the appliance includes storage, backup software, search and analytics, as well as encryption, fault detection and self-healing. Dell EMC is offering four models that scale from 34 TB to 1 PB of usable capacity. It is flash-enabled and VMware-optimized for instant access and restore of virtual machines. It also provides integration with platforms such as MongoDB, Hadoop and MySQL. Instead of viewing multiple screens to operate backup, encryption and deduplication, for example, IDPA offers a single user interface to schedule and manage protection jobs, set up policies for retention in the cloud and comply with SLAs.
Druva inSync addresses backup, restore, archiving, search, audit, compliance and legal hold. It brings together data protection and information governance on one screen across multiple endpoints and cloud applications (including Box, Office 365 and Salesforce). Features include time-indexed snapshots, self-service restore, bandwidth throttling, federated metadata search, monitoring data for unusual data activity such as ransomware detection, remote wipe, global deduplication, WAN optimization and encryption in transit and at rest. It does this by leveraging AWS and Azure.
Datos IO RecoverX is said to be a cloud-scale app-centric data management platform that protects application data across all types of cloud. This includes private clouds, mainly powered by VMware ESX, or public clouds like AWS and Azure that typically use Xen and Hyper-V for their virtualization technology. This is important most enterprises are using both private and public clouds, and managing them isn’t easy.
RecoverX provides cloud mobility, combined with data protection for relational databases. As such, you can run production apps in one cloud and test and dev in another; or move databases from one to another, or from on-prem to the cloud and back. It includes an elastic compute engine that can be scaled up or down based on application needs, deduplication, data services (e.g., BI, search), and a globally distributed metadata catalog.
It also includes source-side dedupe, data protection for PB-scale Hadoop distributions (Cloudera and Hortonworks), and enables file-level recovery and archiving for long-term retention. Backup and archiving can be stored either on-prem on S3-compatible object storage or in the cloud on cloud-native S3 storage. Further, it protects SQL Server (physical or virtual).
“Cloud data management is not about selling boxes, appliances or proprietary file systems; it’s also not about porting legacy backup software to the cloud,” said Tarun Thakur, co-founder and CEO of Datos IO. “Cloud data management is about reinventing the control plane with cloud principles in mind – elasticity, application-centricity, and scale – because that’s what enables customers to manage, protect, mobilize and harness the value of their data across all cloud boundaries.”
Peer Software has combined its high-performance data replication technology for file collaboration and continuous availability with Scality object and cloud storage technology. The result: Peer Global File Service (PeerGFS) and Scality RING working in concert to integrate distributed file and object storage architectures for backup and file collaboration.
PeerGFS utilizes a distributed file system that enables file-sharing with file-locking along with centralized backup. It achieves this by replicating data in real time across local storage at physical sites and to Scality RING, the repository for the shared file system.
“Enterprise customers typically have a combination of server and mixed storage infrastructure at their physical branch office locations, as well as centralized resources in a datacenter and in the cloud,” said Peer Software CEO Jimmy Tam. “The combination of PeerGFS and Scality RING enables our mutual customers to benefit from the operational efficiency of a shared file system.”
Carbonite made its name initially as a consumer backup service. But it has been steadily moving up the food chain over the last few years.
One example is Carbonite DoubleTake Availability, a service that offers high availability and disaster recovery (DR) for Windows and Linux servers. The software achieves this using continuous replication to maintain a secondary copy without taxing primary system or network bandwidth. The product supports physical, virtual and cloud systems. In the event of a disaster to one system or an entire data center, a failover to the secondary location is invoked. The secondary systems spins up and users are rerouted in minutes.
It includes data encryption in flight between the source and the target, as well as integrated Domain Name Systems (DNS) management, and three tiers of compression, which are aimed at minimizing network impact. Bandwidth throttling options are also available.
The Thales Vormetric Data Security Platform is another new product that converges several tools. It includes transparent file encryption, application-layer encryption, cloud storage encryption, batch data encryption, key management, tokenization, privileged user control, and static and dynamic data masking.
According to John Grimm, senior director of product marketing at Thales, the Global Encryption Trends Study shows that cloud adoption and escalating data security threats have accelerated encryption deployments. Forty-one percent of companies report that they have a consistent encryption strategy. But a big problem is that encryption is inconsistent. The Thales platform aims to eliminate the gaps.
“For particular types of sensitive data, organizations may encrypt it in one storage location, but not another,” said Grimm. “This is a gold mine for attackers, who like nothing more than to scour around for valuable targets once they breach an initial point of entry.”
Varonis Data Security Platform (DSP) v.6 introduces the Automation Engine, which automatically finds and fixes some of the most dangerous file system security issues so that organizations are less vulnerable to attacks, more compliant and consistently enforcing a least privilege model. According to Rob Sobers, director at Varonis, a manual remediation project of global access groups and inconsistent Access Control Lists (ACLs) that does not disrupt employee productivity requires at least three to six hours of work per misconfigured folder. With the Automation Engine, they can automatically remediate thousands of shares and folders in minutes after initial setup.
“Our data security platform analyzes the behavior of the people and machines that access your data, alerts on misbehavior and enforces a least privilege model,” said Sobers. “We capture metadata about enterprise data and file systems so that you can identify compromised accounts, privilege escalations, GPO changes, and malware attacks like ransomware — and stop them before they lead to a data breach.”
The Gemalto collection of data protection and security tools offers the means to protect and control sensitive data as it expands in volume, type and location. It includes encryption and tokenization. One part of its portfolio is SafeNet KeySecure, which uses key management to protect archived data while retaining compliance and control over sensitive data in storage repositories. It also has network-based encryption and access controls.
Photo courtesy of Shutterstock.