secure, manage, and recover all agency secondary data and apps · 2020-06-04 · secure, manage,...
TRANSCRIPT
SOLUTION BRIEF
Secure, Manage, and Recover all Agency Secondary Data and AppsFederal agencies maintain and process a wide variety of target-rich
electronic information—from tax payments to sensitive strategic plans—
with some data now collected and stored by U.S. intelligence agencies
for up to 75 years or more.1 In today’s increasingly digital world, the
security, availability, and management of ever-increasing data is more
important than ever. That’s why there’s Cohesity.
Cohesity is mission-ready for the federal government. Cohesity
modernizes secondary data and application management with one
software-defined, hyperconverged, security-certified solution for
backup and recovery, archiving, files, objects, test/dev, and analytics.
Unlike existing solution silos that are inefficient, unaware, and widen
threat surfaces for cyberattacks, Cohesity empowers agencies to cost-
efficiently manage and secure all data and workload types from core
data centers to FedRAMP clouds to the edge.
DataProtection
Files &Objects
Archiving/LTR
Data Centers
Test &Development
Search &Analytics
DataProtection
Files &Objects
Archiving/LTR
Test &Development
Search &Analytics
DataPlatform DataPlatformCloud Edition
REDUCE TARGET-RICH ENVIRONMENT ATTACK SURFACES
Thirty-five percent of Federal CIOs recently reported a rising trend in
cybersecurity threats.2 In response to personal experience and the
Presidential Executive Order on Strengthening the Cybersecurity of
Federal Networks and Critical Infrastructure,3 agency CIOs have an
opportunity with Cohesity to both reduce agency costs and mitigate
risks because Cohesity centralizes data assets, reducing the attack
surface of target-rich environments while ensuring data is secure and
compliant throughout its lifecycle.
KEY BENEFITS
• Eliminates legacy secondary data
and application management and
protection silos
• Addresses stringent government
security certification requirements\
• Native integration with leading
FedRAMP certified government
clouds—AWS GovCloud,
• Microsoft Azure GovCloud, and
Google Cloud Platform
• FIPS 140-2 Level 2 Validated
• Always–on encryption, based on
strong AES-256
• TAA compliant
• Federal Information Security
Management Act (FISMA)
Compliance | Authorities to
Operate (ATOs) on DoD networks
• WORM Compliant – SEC 17a-4f
certification
• Strong multi-factor, certificate (PIV/
CAC)-based authentication
• Common Criteria: EAL 2+ (in
process)
• Internal key management service
(KMS) support and integration with
external KMS for key management
• SafeNet integration
SOLUTION BRIEF
Secure, Manage, and Recover all
Agency Secondary Data and Apps
The U.S. Departments of Justice, Homeland Security, and Energy, as well as government integrators, for
example, are strengthening cybersecurity postures and enhancing agility with Cohesity. While a typical agency
might maintain 10 to 12 copies of information—contributing to 80 percent of all of their secondary data
and apps—Cohesity’s consolidated platform features data optimization capabilities such as advanced global
deduplication and compression that reduce complexity, eliminate data copy redundancy, and are data-aware so
agencies can quickly glean insights from analytics.
GAIN DEFENSE-IN-DEPTH PROTECTION
No agency can secure data it does not know it has nor protect data that’s been stored and forgotten. Cohesity
consolidates secondary data and workflows with web-scale simplicity. Security is baked into the Cohesity
platform—rather than it being bolted on as an afterthought—so agencies can govern data using automated,
central security policies.
Cohesity’s defense-in-depth approach allows government IT teams to spend less time managing data security
and operations and more time innovating. Confident data is protected, they can focus on other mission-critical
transformational digital initiatives such as public cloud adoption and mobility that improve constituent access to
government services while streamlining compliance with requirements such as the E-Government Act of 2002
and the Data Center Optimization Initiative (DCOI).
Government agencies and contractors build Cohesity into their budgets because Cohesity DataProtect and
Cohesity DataPlatform protect, detect, and remediate threats. The platform’s key features and capabilities include:
Backup and recovery – From virtual machines (VMs) to applications to storage devices,
agencies protect all their data with Cohesity. The platform supports VMware vSphere,
Microsoft Hyper-V, Nutanix AHV, and KVM for VMs. It also protects SQL and Oracle databases,
and supports the provisioning of test/dev environments directly on the platform. Cohesity
natively protects leading storage devices, including Pure Storage FlashArray, Pure Storage
FlashBlade, NetApp, Dell EMC Isilon, and any generic NAS device.
Disaster recovery and replication – Cohesity guarantees fast recovery points. With patented
SnapTree® technology, Cohesity stores each backup as a fully hydrated snap, enabling instant
mass restore of any number of applications to any point in time, and can restore hundreds of
VMs without any performance degradation.
Long-term retention and archival – Cohesity supports a myriad of long-term data protection
options, including off-site disaster recovery, archive to tape, and integration with all public
cloud providers.
Cohesity is a Trusted Government IT Solution
SOLUTION BRIEF
Secure, Manage, and Recover all
Agency Secondary Data and Apps
Granular global search and recovery makes it easy for agency staff to instantly locate VMs and files with
Google-like wild-card search. With Cohesity, agencies can recover individual VMs, restore files to source VMs,
and recover individual application objects for Exchange, SQL, and SharePoint.
COMPREHENSIVE SECURITY CERTIFICATIONS
Cybercriminals are inventive. Cohesity helps agencies stay ahead of them with the comprehensive technical
controls federal agencies expect of enterprise solutions, including the following:
• FIPS 140-2 Level 2 Validated
• Always–On Encryption, based on strong AES-256
• TAA compliant
• Native cloud integrations with leading FedRAMP clouds: AWS GovCloud, Microsoft Azure Government, and
Google Cloud Platform Compute Engine and Storage
• Federal Information Security Management Act (FISMA) Compliance | Authorities to Operate (ATOs) on
DoD networks
• WORM Compliant – SEC 17a-4f certification
• Strong multi-factor, certificate (PIV/CAC)-based authentication
• Common Criteria: EAL 2+ (in process)
• Internal key management service (KMS) support and integration with external KMS for key management
• Integration with SafeNet
ENCRYPTION
Hardware-only encryption works but Cohesity’s FIPS-certified encryption architecture is more secure. The
Cohesity file system (SpanFSTM) provides full at-rest encryption based on the strong AES-256 standard.
Beyond that, Cohesity’s encryption architecture delivers high security while giving agencies the flexibility to
optimally leverage available hardware and software resources. Cohesity encryption can be set to run under
FIPS-certified mode.
Cohesity’s full software-based encryption is hardware-accelerated through the latest Intel processors. With
hardware acceleration, the software-based encryption has become faster (in the order of several GB/s),
minimally impacting performance. Because Cohesity uses a crypto module with encryption algorithms that
are FIPS 140-2 Level 2 certified and designed an option for software-only encryption that removes hardware
component dependency during FIPS certification, the platform maintains FIPS certification and provides
agencies the freedom to upgrade to faster drives as they become available.
SOLUTION BRIEF
Secure, Manage, and Recover all
Agency Secondary Data and Apps
KEY MANAGEMENT
Cohesity also simplifies key management, ensuring encryption keys are automatically rotated with a cadence
set by customers (see Figure 1). The solution provides the flexibility to use an external key manager, if available,
or the Cohesity cluster can manage it on its own. For efficiency, the data is not re-encrypted every time the key
is changed.
Figure 1. Cohesity simplifies key management.
In addition to encryption and technical controls compliance, three additional Cohesity platform-related features
directly enhance security and significantly differentiate the platform. They are data isolation, native FedRAMP
cloud integration, and frequent backups.
DATA ISOLATION
Virtual and physical data isolation can minimize agency breaches while providing multi-tenancy. Cohesity
is architected to provide physical and virtual data isolation through Partitions and View Boxes (see Figure 2).
Partitions are complete physical isolations of compute and storage resources in a cluster so agencies can force
given workloads, if needed, to run only on particular hardware within the cluster. A View Box is a logical division
of a partition, that contains one or more filesystems. Each View Box encrypts data stored within it using its own
independent keys. This allows for robust data isolation. For example, if IT data and financial data are on different
View Boxes, a breach on the IT data will not automatically risk financial data.
SOLUTION BRIEF
Secure, Manage, and Recover all
Agency Secondary Data and Apps
Figure 2. Cohesity ensures data isolation.
As the data flows into the Cohesity cluster through secure channels or from a secure private network, it is
encrypted based on the View Box it belongs to, and stored securely on SSDs, HDDs or a cloud tier.
NATIVE CLOUD INTEGRATION WITH FEDRAMP CLOUDS
Federal agencies choosing Cohesity can extend to multiple FedRAMP clouds to leverage the cost, efficiency,
and agility of cloud infrastructure. Cohesity’s unified, intelligent secondary data and application platform
integrates seamlessly with public and private cloud services to advance a variety of use cases, such as long-
term data retention and disaster recovery. Because Cohesity was purpose-built with security at its core, the
same security, for example the full at-rest and in-flight encryption that ensures data is protected end-to-end,
is applied to cloud data as to on-premises data. AWS GovCloud customers can further get the benefits of our
entire DataPlatform to expand use cases to EC2 backups, analytics, and more comprehensive backup and
recovery options.
3000029-004-ENCohesity.com 1-855-926-4374 300 Park Ave., Suite 1700, San Jose, CA 95110
©Cohesity, Inc. 2019. All Rights Reserved. This document is for informational purposes only and Cohesity, Inc. assumes no responsibility for any inaccuracies. Cohesity, Inc. reserves the right to modify this publication without notice. See complete legal notices here.
SOLUTION BRIEF
Secure, Manage, and Recover all
Agency Secondary Data and Apps
FREQUENT BACKUPS AND RANSOMWARE RECOVERY
Although no organization is immune from cybercriminals’ attempts to take control of its data, agencies can do
more to mitigate the threat. Cohesity provides detection and protection against ransomware. In alignment with
the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center
(NCCIC) recommendation as a best practice when dealing with ransomware,4 Cohesity performs frequent
backups of systems and important files and verifies those backups regularly. If ransomware affects an agency
system, Cohesity can restore the system to its previous state with any files unaffected by ransomware.
Cohesity’s unified platform ensures always protected backups are available, on-premises or in the cloud, and
that organizations can instantly go back to any point in time with near-instant recovery time objectives (RTO)—all
with zero data loss and no ransomware payment. Cohesity writes time-based snapshots into internal views that
are never exposed. During data restoration, Cohesity clones the snapshots and only mounts the clones. Should
cybercriminals attack the Cohesity platform directly, the ransomware could only change data in a clone or delete
files in the user-created view, never reaching the internal view nor touching a true copy of the snapshot.
In the unlikely event ransomware burrows into the backup repository, Cohesity’s patented technology, which
includes capabilities leading to extremely high space efficiency, provides an additional layer of protection in
the form of Redirect-on-Write. This unique prevention approach stops ransomware should it begin to encrypt
and write data back on Cohesity in an attempt to lock it. Cohesity, in response, directs the new write to a new
location without modifying the last immutable backup. Ransomware payout never happens because the true
copy of data is still available, ensuring an administrator can easily restore the latest healthy snapshot and obtain
forensic evidence of the cybercrime.
FOCUS ON YOUR MISSION, NOT SECURING DATA
Federal agencies are working harder than ever to achieve mission objectives because securing and managing
growing amounts of data is becoming increasingly challenging. Data protection is Cohesity’s top priority.
Cohesity satisfies security needs while streamlining compliance for some of the most risk-sensitive agencies
across the government.
The ground-breaking Cohesity platform is supported by a world-class company and community. Cohesity
CEO, Dr. Mohit Aron, previously a lead developer on the Google File System and co-founder/CTO of Nutanix,
together with a team of innovators from enterprise leaders such as VMware, Google, and Cisco, are forging
partnerships with leading public cloud providers Amazon Web Services (AWS), Microsoft, and Google, as well as
data center market leaders including HPE, Nutanix, and Pure Storage to accelerate feature delivery. Cohesity has
been recognized by analysts and IT influencers with accolades that include Gartner Peer-Insights Customer’s
Choice 2018, Gartner Cool Vendor 2017, and WEF Tech Pioneer 2018.
If your federal agency or government integration business is looking to better safeguard secondary data and
apps, contact Cohesity for defense-in-depth security that consolidates workflows, leverages FIPS-certified at-
rest encryption, ensures multi-cloud mobility, and deploys other multi-layered security capabilities to stop data
breaches and minimize risk.
Learn more at https://www.cohesity.com/solution/government/.
1 Brennan Center for Justice. “What the Government Does with Americans’ Data,” Rachel Levinson-Waldman, October 2013.2 Professional Services Council. “The 2017 Federal CIO Survey,” September 2017.3 U.S. Federal Government. “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” May 11, 2017.4 US-Cert. https://www.us-cert.gov/security-publications/Ransomware, April 9, 2018.