Data protector and manager, and soon governess, Cohesity has announced a Disaster Recovery-as-a-Service offering along with DataGovern, a data security and governance service, and Project Fort Knox, a virtual secure vault service for customers’ data. The company is building a suite of cloud-provided threat defence features.
Announced at its Cohesity Connect virtual event, these follow on from the DataProtect Backup-as-a-Service news and extends the automated disaster recovery (DR) capabilities of Cohesity’s SiteContinuity. Its DRaaS adds the ability to use Amazon Web Services (AWS) as a recovery location for failover and failback in a Software as a Service (SaaS) model.
Matt Waxman, Cohesity VP of product management, said: “In an age of crippling ransomware attacks, the number-one concern many IT leaders have is maintaining business continuity if they get hit. DRaaS can help organisations recover quickly and cost effectively. … customers can manage everything through the Cohesity Helios multi-cloud platform.” He finished with a verbal flourish: “It’s simplicity redefined.”
Cohesity says customers can avoid paying for a secondary datacentre to act as a DR site. Instead they can use the on-demand pay-as-you-go cloud infrastructure from AWS, including Amazon’s Elastic Compute Cloud (EC2) in the event of a disaster. Customers can spin up a disaster recovery strategy without having to procure additional hardware or physical datacentres.
It’s unlikely that customers would consider setting up a secondary DR datacentre just for the applications that use the data that their Cohesity products manage and protect, but you get the picture.
Francois Lepage, cybersecurity and architecture manager at Cohesity customer The Master Group, provided a telling comment: “The Cohesity DRaaS offering provides multiple benefits … Application uptime and the ability to recover in the cloud top the list. But, we also like the pay-as-you-go cloud infrastructure model from AWS, which can help reduce costs. And, we like the simplicity of it all. We can manage this offering along with our on-premises Cohesity deployment through one platform on one UI.”
If and when Cohesity customers pursue as-a-Service IT strategies then Cohesity is there, ready and willing to help them on their way.
Cohesity has said that it has an overall Data Management-as-a-Service strategy, transitioning its on-premises products to functions delivered as a a service from the public cloud. First there was BaaS, now we have DRaaS, DataGovern and Project Fort Knox. This DRaaS capability is generally available.
This early access preview service uses AI/ML to automate discovery of sensitive data and detect anomalous access and usage patterns which could indicate ransomware activity or an attempt to exfiltrate data. DataGovern:
- Identifies sensitive items, such as personally identifiable information (PII), in backup and production data and determines who has access to it, so helping to harden environments before attacks occur;
- Automates and simplifies data classification with predefined policies for common regulations like GDPR, CCPA, and HIPAA to meet compliance and governance mandates;
- Detects behavioural anomalies in near real time, such as when a user suddenly accesses large volumes of sensitive data — an activity that could be a precursor to a data exfiltration exercise.
A future release will trigger remediation workflows as determined by policy through integration with third-party security orchestration, automation, and response (SOAR) platforms.
Project Fort Knox
This planned SaaS offering will enable customers to maintain an isolated public cloud-based copy of their data in a Cohesity-managed, immutable and online vault to improve data resiliency in the face of ransomware and other attacks. The features should include:
- Connect, vault, and recover with no need, Cohesity says, to shuttle tapes around, attempt to construct a do-it-yourself (DIY) cloud-based data vault, build out additional storage infrastructure, or devise bespoke recovery processes to adhere to well-known “3-2-1” best practices;
- If and when a ransomware attack takes place, identify a clean copy of data at online access speed and recover to a safe desired target location, either on-premises or in the public cloud;
- Run drills to test attack preparedness.
And, of course, there is the now take-for-granted move from a Capex to an Opex expenditure business model.
We note that tapes are physically air-gapped which, as tape aficionados will assert, is more secure in principle than online, virtual air-gaps like the Project Fort Knox repository.
A Cohesity blog discusses the company’s DMaaS roadmap.