How to Use Qumulo’s Corrective Controls is the final entry of a four-part series designed to help you take advantage of the security controls and data protection capabilities in Qumulo’s file data platform.
In the first story of this series, I introduced the security architecture, part 2 covered threat prevention, and part 3 covered detection against data breaches. Now we’re going to focus on corrective controls–what happens after a security incident–to minimize data loss and restore information systems quickly as part of a disaster recovery strategy.
Supporting enterprise disaster recovery strategies
Recent history has shown that even good preventive controls can be overcome by attackers. Therefore, another line of defense is essential: a cloud disaster recovery strategy. It’s important to note that a disaster recovery strategy can be quite complex and detailed. It typically contains an inventory list of all systems and applications and a procedure to recover the business in case all systems must be rolled back to an earlier known good state. It is beyond the scope of this article to deliver a complete disaster recovery strategy, but Qumulo supports disaster recovery strategies with some very effective and easy-to-implement features. Following are four way Qumulo can help.
A Qumulo Snapshot is a very efficient corrective control feature. Snapshots can be taken at any point in time, schedule, or on-demand, and consume no space at the time the snapshot is taken. Only file changes will consume extra space as the changes are stored in addition to the previous version(s) of files.
In case a file or directory needs to be rolled back to a previous version, files can be copied back from a previous version. Because snapshots are immutable (read-only), a potential malware or ransomware will not be able to change its content.
2. Snapshot policy based replication
Qumulo replication offers an additional level of corrective action. With snapshot policy replication, local snapshots can be replicated to another Qumulo cluster. Having an additional copy of a snapshot adds additional reliability in case of a disastrous event in the data center.
An IT best practice is to keep backups of your relevant data. Qumulo supports all major backup software solutions available in the market. Several vendors such as Commvault and Atempo are using the Qumulo API to identify changes between two snapshots which allows them to take instantaneous incremental backups without the need to perform a tree walk. This allows the implementation of an incremental forever strategy with minimal effort. Since they do not use an NDMP format for this task but their native file format, restores are storage agnostic and data can be restored to any place of choice.
4. Qumulo Shift
With Qumulo Shift, Qumulo hosted data can be copied efficiently to an AWS S3 bucket. In the AWS S3 bucket, Qumulo stores files in native S3 format, no gateway required. Subsequent copies are incremental so that only changed files are copied. This is another reliable corrective control to store Qumulo data in a different location and thus, prevent it from a potential local attacker. Depending on the workload or file changing characteristics, one could decide to copy consistent snapshots to an S3 bucket or use AWS versioning to keep multiple versions of files in the bucket. The strategy can be complemented by using AWS intelligent tiering to move older files to AWS Glacier which is a cost-effective method of storing data that is not actively being used.
Like all other tasks on Qumulo, the data movement can be highly automated by using the API or CLI.
The Qumulo File Data Platform provides a rich set of data services that allow customers to implement a holistic defense strategy against all kinds of malware including ransomware. It provides several technology advantages that minimize the risk surface to attackers, such as a locked-down Linux version which is kept up to date by Qumulo, a user space application, and several advanced security features for prevention mentioned in part 2.
With Qumulo Secure, organizations can benefit from a granular data access and management event stream in an industry-standard format that is supported by all major intrusion detection and monitoring systems. This allows them to integrate Qumulo into a holistic security architecture that detects ransomware and other forms of malware.
In addition, Qumulo Protect provides a robust set of corrective controls such as snapshots, data movements to AWS S3, backups, and snapshot replications to support secure and robust recovery strategies.
To learn about all the corrective controls in the Qumulo File Data Platform, download the white paper: Security Architecture and Best Practices to Counter Malware.
- Part 1: How to Use Qumulo’s Built-in Security Controls for Data Protection
- Part 2: How to Use Qumulo’s Preventive Controls Against Malware
- Part 3: How to Use Qumulo’s Detective Controls Against Data Breaches
Understand how Qumulo’s data services help you manage and protect massive amounts of file data.
Take a test drive. Demo Qumulo in our interactive Hands-On Labs.
Subscribe to the Qumulo blog for customer stories, technical insights, industry trends and product news.