They say you can’t have everything you want in life, and sometimes you are forced to make difficult choices. This is especially true with IT teams who must balance IT security, performance, operational simplicity, staff hours, and costs. For any business problem that IT tries to solve, they need to consider all these factors, and many more, before settling upon a solution. And even if they do all the due diligence and choose the right product or service that works for them, it still adds yet another technology that they need to spend precious time and money to manage.
It’s no wonder that many organizations are looking to cloud/managed services to outsource some of these operational burdens. Cohesity FortKnox, the latest award-winning as-a-service offering from the Cohesity Cloud Services portfolio, simplifies the complexity of securing data against ransomware and other cybersecurity threats, while helping organizations meet their business recovery SLAs. Unlike traditional methods of air gapping, which are secure but slow to recover from—such as shipping magnetic tape offsite—FortKnox is a cyber vaulting solution that provides an always available, secure copy of data in the cloud that avoids IT teams having to make the hard choice between data security and speed of recovery.
FortKnox creates an immutable copy of data in a Cohesity-managed cyber vault in the AWS Cloud with a host of built-in security features to prevent tampering of the vault data and policies. This ‘gold’ copy of data can be recovered back to the source location or an alternate location, including public or private clouds, in case of a security breach. It also avoids the cost and complexity of self-managed data vaulting approaches, helping teams trade long hours deploying and maintaining the solution with the operational simplicity of FortKnox as a service data vaulting.
What’s new in Cohesity FortKnox
Continuing in this tradition of simplifying hard choices, Cohesity’s latest innovation provides customers with a more cost-effective vaulting option without having to compromise on data security. Starting today, Cohesity customers can choose between the existing FortKnox warm storage tier and the newly-available FortKnox cold storage tier—both hosted on AWS—to meet varied business recovery and cost objectives. Depending on their use case, customers can pick the warm tier for vaulting data to meet stringent recovery SLAs or the cold tier for data that can tolerate longer recovery times but must be securely retained for the long term to meet compliance requirements. This allows more data workloads than ever before to be securely vaulted into FortKnox without worrying about the costs incurred with self-managed data vaults.
And the best part? With both options, customers benefit from the same enhanced data security features of FortKnox, including virtual air gapping, immutability, role-based access control (RBAC), quorum, multifactor authentication (MFA), and Cohesity key management system (KMS), that they have relied upon to help them protect their precious data against internal and external bad actors.
It is important to note that while customers can choose the FortKnox warm storage tier or the FortKnox cold storage tier or even both at the same time, at this time, automatic tiering of data from warm to cold tier on the backend is not supported. The recovery SLAs and the retention periods for the two tiers are also different and customers should consider these factors while deciding which option best suits their individual use case. Below is a table that details the differences between the two storage tiers.
Other improvements to FortKnox include expanded support for new workloads, as well as the ability to have multiple vaults in the same region, up to a maximum of 10 vaults. The latter helps customers better organize their data vaults based on workload type, business units, or environment. For example, teams can have different vaults for production and non-production data in the same region or apply different encryption methods for different vaults.
Cohesity and AWS—better together
At the heart of FortKnox’s comprehensive security is the “virtual air gap” that is created between the vaulted copy in the AWS Cloud and the primary and backup copies of data. To achieve this, data is encrypted and transmitted from the customer-managed Cohesity backup cluster to Amazon S3 directly. The data transfer happens over HTTPS, a stateless protocol, and authentication for API access is via short-lived tokens. The vaulting window is static and is opened at the times configured by the customer.
Additionally, FortKnox can leverage AWS PrivateLink capabilities to provide private connectivity between virtual private clouds (VPCs), AWS services, and on-premises networks, without exposing network traffic to the public internet. Using AWS PrivateLink, the on-prem Cohesity software can communicate privately with Amazon S3 for storing and retrieving backup data. Cohesity assigns FortKnox customers their own dedicated Amazon S3 bucket, and implements best practices such as employing AWS IAM roles and policies to ensure that customer content is logically isolated and cannot be shared or accessed across different customers.
“Cohesity FortKnox on AWS is the easiest way to maintain a secure offsite backup as part of a 3-2-1 strategy,” said Christopher Abel, CIO/IT Director at Citizen Potawatomi Nation. “It’s much simpler and less expensive than assigning our own staff to set up and maintain storage at a remote site or in the cloud. We sleep better knowing that Cohesity FortKnox protects our data in transit and at rest, in a secure vault on AWS.”
“With limited staff being a top issue facing IT operations teams, SaaS-delivered solutions like FortKnox allow data vaulting practices to be implemented without the hassle of managing infrastructure and key security features such as access control,” said Krista Macomber, Senior Analyst, Evaluator Group. “The most significant value-adds of FortKnox specifically include the ability to choose between two back-end storage targets, the option for both granular and mass recoveries, and Cohesity’s Quorum two-person concurrence and full data cataloging and search capabilities.”
Cohesity FortKnox helps you make easier choices
Yes, life gives us hard choices to make. Luckily, securing your data with Cohesity FortKnox is not one of them.
To learn more, check out this lab validation report by Evaluator Group to dig deep into FortKnox features and capabilities across a number of areas including access and security controls, manageability, cost-efficiency, and performance.
To see the benefits for yourself, you can also get access to a free trial of Cohesity FortKnox.
Existing Cohesity customers can also simplify the procurement process by purchasing FortKnox directly from the AWS private listing marketplace.
Read about how Cohesity FortKnox helped Clayton County School District save time and budget, and Citizen Potawatomi Nation protect its data—and heritage—while helping both of them qualify for cyber security insurance.
For more information:
- Read more about Cohesity FortKnox in this data sheet.
- Watch this lightboard video to hear how it works.