How to Use Qumulo’s Corrective Controls is the final blog of a four-part series designed to help you take advantage of the security controls and data protection capabilities in Qumulo’s file data platform.
In the first blog of this series, I introduced the security architecture, the second covered threat prevention and blog 3 covered detection against data breaches. Now we’re going to focus on corrective controls–what happens after a security incident–to minimize data loss and restore information systems quickly.
Recent history has shown that even good preventive controls can be overcome by attackers. Therefore, another line of defense is essential: a recovery strategy. A recovery strategy can be quite complex and detailed. It typically contains an inventory list of all systems and applications and a procedure to recover the business in case all systems must be rolled back to an earlier known good state. It is beyond the scope of the paper to deliver a complete recovery strategy but Qumulo supports recovery strategies with some very effective and easy-to-implement features:
A Qumulo Snapshot is a very efficient corrective control feature. Snapshots can be taken at any point in time, schedule, or on-demand, and consume no space at the time the snapshot is taken. Only file changes will consume extra space as the changes are stored in addition to the previous version(s) of files.
In case a file or directory needs to be rolled back to a previous version, files can be copied back from a previous version. Because snapshots are immutable (read-only), a potential malware or ransomware will not be able to change its content.
Snapshot policy based replication
Qumulo replication offers an additional level of corrective action. With snapshot policy replication, local snapshots can be replicated to another Qumulo cluster. Having an additional copy of a snapshot adds additional reliability in case of a disastrous event in the data center.
An IT best practice is to keep backups of your relevant data. Qumulo supports all major backup software solutions available in the market. Several vendors such as Commvault and Atempo are using the Qumulo API to identify changes between two snapshots which allows them to take instantaneous incremental backups without the need to perform a tree walk. This allows the implementation of an incremental forever strategy with minimal effort. Since they do not use an NDMP format for this task but their native file format, restores are storage agnostic and data can be restored to any place of choice.
With Qumulo Shift, Qumulo hosted data can be copied efficiently to an AWS S3 bucket. In the AWS S3 bucket, Qumulo stores files in native S3 format, no gateway required. Subsequent copies are incremental so that only changed files are copied. This is another reliable corrective control to store Qumulo data in a different location and thus, prevent it from a potential local attacker. Depending on the workload or file changing characteristics, one could decide to copy consistent snapshots to an S3 bucket or use AWS versioning to keep multiple versions of files in the bucket. The strategy can be complemented by using AWS intelligent tiering to move older files to AWS Glacier which is a cost-effective method of storing data that is not actively being used.
Like all other tasks on Qumulo, the data movement can be highly automated by using the API or CLI.
The Qumulo File Data Platform provides a rich set of data services that allow customers to implement a holistic defense strategy against all kinds of malware including ransomware. It provides several technology advantages that minimize the risk surface to attackers, such as a locked-down Linux version which is kept up to date by Qumulo, a user space application, and several advanced security features for prevention mentioned in blog 2.
With Qumulo Secure, organizations can benefit from a granular data access and management event stream in an industry-standard format that is supported by all major intrusion detection and monitoring systems. This allows them to integrate Qumulo into a holistic security architecture that detects ransomware and other forms of malware.
In addition, Qumulo Protect provides a robust set of corrective controls such as snapshots, data movements to AWS S3, backups, and snapshot replications to support secure and robust recovery strategies.
To learn about all the corrective controls in the Qumulo File Data Platform, download the white paper: Security Architecture and Best Practices to Counter Malware.
Understand how Qumulo’s data services help you manage and protect massive amounts of file data.
Take a test drive. Demo Qumulo in our interactive Hands-On Labs.
Subscribe to the Qumulo blog for customer stories, technical insights, industry trends and product news.
Stefan Radtke, Field CTO EMEA, has spent his career working in technology and is the principal evangelist of universal-scale storage for Qumulo. He started as employee #1 in EMEA in 2017 as Technical Director where he built a fantastic multi-national technical team. Recently he took over the role of the Field CTO and he is now focusing on building a strong technical team for Cloud Q. He’s a certified AWS Solution Architect Professional and Azure Solution Architect Expert.