Close this search box.

Azure Native Qumulo Now available in the EU, UK, and Canada – Learn More

How Qumulo’s Built-in Security Approach Makes Your Unstructured Data Simply Secure

Authored by:

Learn more about the layers of security we’ve built and all-in-one approach to help make data security radically simple.

It’ll come as no surprise to anyone responsible for data security that cyberattacks are a growing concern. What we’re seeing lately is not only are attacks on the rise, but they’re becoming more sophisticated. 

This trend has been ongoing for some time now however when the world went remote during the COVID-19 pandemic, things got more complicated. The global workforce suddenly became more distributed than ever, virtually overnight, opening more potentially exploitable entry points for cybercriminals. Additionally, with more people working from home, and possibly juggling distractions like childcare, they’re more likely to click on a bad link without full attention. 

From February to March 2020, even in the early days of before the pandemic fully kicked off, there were 500,000 breaches through video conferencing software alone. 

If that wasn’t bad enough, there was simultaneously a 15% increase in attacks using unknown methods.  

Introducing the Simply Secure Initiative

We understand the pressure of keeping your organization’s data secure in all ways and at all times, so we designed and engineered Qumulo to make data security as simple as possible, even as your data continues to grow and expand – on-prem, in the cloud, even at the edge.
Our goal with the Simply Secure initiative is to turn the often complex, painstaking, and stressful challenge of protecting unstructured data into a simplified, all-in-one experience for our customers, with minimal financial and operational barriers to implementing a world-class data security strategy.

Qumulo takes a comprehensive, proactive, and holistic approach to maximizing the security for your data. We think of security much like an onion: constructed of multiple layers that increase and harden over time. At its core, Qumulo includes innate defense features – like encryption at rest, bit-rot detection, and 10,000-year MTTDL – included with every license. At the outer layers, we provide tools to address points of vulnerability at the network, user, and protocol levels like Role-Based Access Controls (RBAC) and ACLs. If and when attacks occur, real-time data visibility of your Qumulo clusters ensures timely detection of anomalies so you can contain threats before damage occurs. And when disaster strikes, ongoing safeguards like continuous replication and snapshots help ensure data can be quickly recovered when the unthinkable happens.

What’s New With the Latest Release?

Phase 1 of the Simply Secure initiative adds a notable set of enhanced security features for greater protection, compliance, and increased peace of mind.

Multi-Tenant Networking

Network multi-tenancy lets you configure a single storage platform to serve multiple independent networks, partitioning shares by VLAN, as well as isolating data services from cluster management across those networks. Large enterprises leverage network isolation to serve multiple end customers from a single cluster without the fear of clients or networks seeing or accessing data not meant for them. 

Enterprises can use network multi-tenancy to consolidate  multiple business units on a single Qumulo cluster, reducing cost and complexity and simplifying management, without compromising security. A key benefit of an exabyte-capable system like Qumulo is that it can be used to aggregate and consolidate multiple smaller use cases on a single platform to realize an economy of scale that wasn’t possible before – either your storage solution couldn’t deliver the capacity you needed, or its security model didn’t support a multitenant model to segment your business units. 

Single Sign-On and Multifactor Authentication

Multi-tenant networking lets you isolate your end users from your management traffic, but you also want to tighten the security of the cluster itself, including your administrative users.

Enterprise businesses often have internal security policies that require multi-factor authentication to manage critical information technology services. This approach helps ensure that the person signing in is actually the user that’s supposed to be signing in, rather than a bot or cybercriminal. 

Qumulo’s Simply Secure release also includes support for single sign-on (SSO) and multi-factor authentication (MFA) services. You can assign administrator rights to Active Directory user accounts using Qumulo’s RBAC support, and then configure your cluster to require that your cluster admins first authenticate through your preferred MFA platform, e.g. OneLogin or Okta before they are granted admin access to the system.

Qumulo’s added support for multi-factor authentication adds another layer of security to your enterprise – ensuring that access to the cluster itself is restricted using the tightest possible security controls.

NFS v4.1 Kerberos Enhancements

Not only does NFSv3 lack support for a strong user-authentication mechanism, but it also doesn’t offer  fine-grained permissions like Windows’ Access Control List (ACL) capabilities. 

With Qumulo’s support for NFSv4, you can now take advantage of features like Kerberos-based user authentication, Windows-style ACL user access management, and implement over-the-wire protection for your NFS data. Qumulo’s NFSv4 support lets you choose to enable full encryption using the KRB5p standard, or implement checksum-based KRB5i integrity protection for better performance.

FIPS 140-2 Certification of Qumulo Software Encryption

Besides protecting your data over the wire, Qumulo has for years offered industry-leading encryption for your data at rest as well. Our AES 256-bit software encryption algorithm is so secure, in fact, that it’s earned FIPS 140-2 Level 1 certification from the National Institute of Standards and Technology (NIST) following rigorous testing and verification by an independent lab.

While we will continue to include software-based encryption at rest for all Qumulo deployments, customers who require FIPS certification will be able to manage their encryption separately from the rest of the Qumulo Core operating system in order to ensure continuous compliance. 

For details and verification about our FIPS certificate and compliance, please click here.

OpenMetrics API Monitoring and Management

Finally, for all the proactive steps that Simply Secure adds to your Qumulo deployment, there’s no 100% perfect security framework that can guarantee nothing bad will ever happen. And if that moment ever arrives, you need the tools to be able to detect and contain an attack, in real time if possible.

With Qumulo’s new OpenMetrics feature, you can connect your existing enterprise monitoring platform to your Qumulo cluster for long-term retention of event data and cluster telemetry. If you have an intrusion-monitoring system, you can collect that data as well, giving you the tools you need to detect and respond to security breaches.

Another part of the OpenMetrics feature set is the ability to generate access keys that can be used to simplify automated cluster workflows. With Qumulo’s API-first management model, you can already script or automate every conceivable storage/data management operation on your cluster. These access tokens can be mapped to a specific user or service account, and then integrated into your automated tasks so you no longer have to worry about user authentication as part of the workflow.

Want to learn more about Simply Secure

If you’re a Qumulo customer, you’re in luck. Simply Secure is already a part of Qumulo. If you’re not a customer (or you are a customer who wants to learn more about how to take advantage of Simply Secure) let’s talk. We’re happy to help demonstrate how you can increase the layers of protection on your data, without adding complexity.

Contact us today to learn more.

Related Posts

Scroll to Top