Hammerspace builds ransomware bunker in universal data services extension

Hammerspace has introduced ransomware protection and other security services to its data-as-a-service platform.

The new features span hybrid and multi-cloud environments and are as follows:

  • Global undelete for files and snapshots that allows users to self-service data recovery
  • Automated data classification
  • Integration with customer-managed key management systems for multi-cloud security
  • Metadata harvesting integration with cloud analytics services to detect and tag files with content information

When files are deleted they are moved to the equivalent of a PC’s trashcan. They can be recovered – undeleted – using snapshot technology.

User-managed key management enables customers to put encrypted data in the public cloud, safe in the knowledge that it is secure against access, Hammerspace claims. Even if the cloud service provider suffers a breach, as AWS did in July this year with Capital One, the data is secure and the public cloud acts as a ransomware bunker, the company said.

Hammerspace provides a software control plane or gateway through a SaaS model, to access all of a company’s data, whether block, file or object, across all of its data centre sites and public cloud stores.

It is not a fan of NAS filers as an access path to files. CEO David Flynn told us in a briefing: “NAS as a delivery system for file is broken [because access and control are combined]. You have to be in the data path and that kills you.” Hammerspace separates control from the data path.

Hammerspace technology

According to Hammerspace, users and applications typically access data in specific silos in specific ways; data is stuck in place and format without dedicated tools to move and convert it. The control plane and data planes are co-located. Hammerspace Data Services technology separates the control and data planes. One generic storage and protocol-agnostic control plane can be used across all data stores, types and protocols, enabling data access planes to all of them.

Hammerspace Data Services diagram.

Hammerspace is developing a hybrid, multi-cloud environment covering on-premises bare metal, virtualized and containerised systems as well as AWS, Azure and GCP. Data lives in a universal namespace across all of these locations and can move between them.

Users and applications can access data anywhere within this namespace. Every data centre has a full copy of the metadata needed. The cloud-native Hammerspace Data Services software uses machine learning to optimise the system for performance and cost.  

Kubernetes orchestrates container micro-services for users who declare what they need. Hammerspace orchestrates data services for users in the same declarative way, Flynn said.

Hammering away at the file access problem

Hammerspace emerged from the ashes of a defunct company called Primary Data and came out of stealth in October 2018. Flynn previously founded or co-founded FusionIO, bought by SanDisk for $1.1bn,  and Primary Data. He told Blocks & Files ithat Hammerspace has done very well since its product was launched, earning “several millions of dollars in  revenue”.

He said customers have had bad experiences with failed cross-data centre file virtualization technology and need convincing that Hammerspace works in the area where previous companies crashed out.

“Other suppliers’ messages about hybrid cloud data management are just fluff,” he said, citing recent acquisitions by Google’s Cloud business and Commvault. “These other suppliers weren’t successful in the market,” according to Flynn, implying Hedvig (Commvault) and Elastifile (Google) are hybrid cloud data management duds.