This blog is the first of a four-part series designed to help you take advantage of all the security controls and services for data protection in Qumulo’s file data platform, as well as bring awareness to security best practices.
Introduction to Qumulo’s Security Architecture and Security Controls
Malware attacks are on the rise in quality and quantity, creating large impacts on businesses around the world. Recent attacks such as WannaCry, CryptoLocker.F, TorrentLockerhave and Petya (to name a few) infected hundreds of thousands of computers and other IT systems and caused millions, if not billions of dollars of damage to all kinds of businesses. Having a well thought through security architecture is critical for all IT infrastructure environments on premises and on the cloud.
The Qumulo File Data Platform includes a broad spectrum of modern technologies and data services to support holistic security architectures. This blog series covers Qumulo’s security architecture and best practices to counter malware, in four parts:
- Introduction to Qumulo’s Software Architecture
- Preventive Security Controls
- Detective Security Controls
- Corrective Security Controls
The Qumulo Software Architecture
The Qumulo File Data Platform is a scale out, software-only, NAS (Network Attached Storage) architecture. As such, Qumulo presents standard network protocols such as the Windows Server Message Block (SMB) protocol and the Unix/Linux Network File System (NFS) protocol to clients over a standard IPv4 or IPv6 connection. Qumulo provides several data services such as snapshots, replication, quotas, auditing, and role-based access control to protect your data.
As clients connect to the Qumulo cluster they issue requests to specific files for common read/write/modify/delete operations. The file system fulfills the requests and serves the files back to the customer over the protocol used by the client issuing the request (SMB/NFS).
Multiple “nodes” running Qumulo Core are combined to create a scale-out NAS cluster and a single volume (a single name-space). Connections are distributed between nodes to optimize performance and capacity.
Files written into Qumulo are broken into smaller blocks of data, automatically encrypted and distributed across the nodes in the cluster using a modern erasure coding algorithm.
Qumulo Core runs on various industry-standard hardware and cloud infrastructure platforms including AWS, Azure and Google Cloud. On all these platforms, Qumulo runs the very same code and follows the same management practices which makes it easy to use the security features and apply best practices everywhere. There are more security domains such as compliance, governance and process covered in Qumulo Software Architecture Overview. In, this blog series, we’ll focus on the technical features of the relevant IT systems.
Types of Information Security Controls
For IT systems, the technical security controls fall into three categories. For a complete description of these controls, see: Qumulo Security Architecture and Best Practices to Counter Malware.
- Preventive controls are designed to prevent cybersecurity incidents
- Detective controls detect a cybersecurity breach attempt (“event”) or successful breach (“incident”) while it is in progress, and alert cybersecurity personnel
- Corrective controls are used after a cybersecurity incident to minimize data loss and damage to information systems and restore systems as quickly as possible
Qumulo supports all three of these security controls with different techniques, which will be described in more detail in the next three blog posts of this series.
White Paper: Software Architecture Overview
Understand how Qumulo’s data services help you manage and protect massive amounts of file data.
Take a test drive. Demo Qumulo in our interactive Hands-On Labs.
Subscribe to the Qumulo blog for customer stories, technical insights, industry trends and product news.
Dr. Stefan Radtke, Field CTO EMEA, has spent his career working in technology and is the principal evangelist of universal-scale storage for Qumulo. He started as employee #1 in EMEA in 2017 as Technical Director where he built a fantastic multi-national technical team. Recently he took over the role of the Field CTO and he is now focusing on building a strong technical team for Cloud Q. He’s a certified AWS Solution Architect Professional and Azure Solution Architect Expert.