In the nearly 15 years that Scality has been part of the enterprise data storage ecosystem, we’ve seen how the market is shaped by macro trends, the rapid pace of technology advancements and changing customer requirements. In the enterprise data center, object storage has come a long way since early adopter phases circa 2010.
Early customers immediately recognized the massive cloud-scale advantages object storage delivers. From an application vendor perspective, object storage was initially characterized as a reliable, “cheap and deep” way to store very large volumes of data for long-term retention, archiving and compliance. That perception has expanded — and rightfully so due to the multitude of benefits that object storage offers for an expanding variety of use cases, including enhancements that bring high performance.
In the data protection space, it took a truly innovative and forward-thinking vendor to bring an enterprise application to the market that embraces object as a first-class solution for data storage. That’s exactly what Veeam Software has done with their groundbreaking Veeam Data Platform announcement.
The integration of application and immutable object storage delivers incredible power to solve the daunting cyber-security challenges that organizations face. The combined Veeam + Scality solution now provides a comprehensive approach to unbreakable ransomware protection and advanced cyber resiliency for our customers. It is a huge win in the fight against ransomware.
Prioritizing cyber resiliency in the face of cyber threats
Cyber resiliency is top-of-mind for most business and public sector managers — and it’s a top priority for CIOs and CISOs. Most of these decision-makers are now planning for the inevitability of a ransomware attack. To protect their data, they’re preparing multiple levels of security — from firewalls to applications and data storage.
They’re also planning recovery strategies for when the inevitable occurs — with the goal of getting business operations restored and recovered as soon as possible after an attack. Chief among these strategies is data recovery because data underpins almost every business operation today.
Data storage — specifically, immutable data storage — is key to data recovery strategies.
Immutable data storage delivers the ability to store data, once written, in a way that can’t be modified, deleted or tampered with in any fashion. This capability protects against ransomware, malware and also inadvertent or malicious human actions.
Immutability is widely recognized as a must-have in the fight against ransomware because it effectively safeguards data from any deletion or modification, as would be common in a ransomware attack that attempts to encrypt critical data. We also have to consider ransomware attacks that threaten to read and remove (exfiltrate) data and publish it to expose sensitive or secret data to the outside world (think about Wikileaks, for example).
Scality has spent the bulk of the last 15+ years focused on protecting our customers’ data. We’ve embraced the term unbreakable cloud storage to convey our efforts to protect data against the widest possible range of data loss, security and tampering threats. Our product implementations go to great lengths to ensure that data is protected and secure against a wide range of attacks.
Scality’s five-pronged approach to cyber resiliency
To provide our customers with the absolute maximum protection against current and future threats, Scality solutions have been thoughtfully designed to provide five distinct levels of unbreakable cyber resiliency. These capabilities are engineered into the inherent immutability of our object storage architectures.
From the top to the bottom of the software stack:
- Amazon S3 API-level immutability
The Amazon S3 API has evolved immeasurably since its introduction as a public cloud storage API in 2006. A key aspect of its popularity is the fact that it’s now been embraced by application developers and solution providers for important enterprise applications such as Veeam Data Platform. The newest version of that software now supports “direct-to-object storage” backups as well as an extended Smart Object Storage API (SOSAPI). API-level immutability aids us in protecting against intentional or inadvertent attempts to overwrite data by a user or application issuing S3 commands against a data set (as might be the case in a ransomware attack).
A major enhancement to S3 emerged a few years ago with the introduction of API-level immutability through S3 Object Locking APIs. Configurable data retention policies ensure immutability is preserved for a specific time duration as needed to support business rules — or to provide differing policies for various data sets.
Scality supports all of these APIs and, furthermore, supports a compliance mode that ensures once the object locks and data retention policies are set, they cannot be overridden, even by the system super admin. This strong API-level immutability has also enabled Scality’s solution to pass the vaunted SEC 17a-4 rule for financial industry compliance within banks.
In addition to object locking, S3 also supports optional bucket versioning policies that ensure older states of object data are preserved in the event an application attempts to overwrite or delete an existing object. Scality solutions all implement comprehensive AWS-compatible authentication (Signature v4 HMAC-based authentication based on private and secret keys, to be precise) and AWS-style IAM (Identity and Access Management) policies for ultrafine-grained access control to S3 buckets and object data. As a result, a ransomware actor without a valid set of S3 keys and without a valid user identity wouldn’t get very far in their attempts to access data stored on a Scality solution.
So, in short, this “top level” of immutability in the S3 API aids us in protecting against intentional or inadvertent attempts to overwrite data by a user or application issuing S3 commands against a data set (as might be the case in a ransomware attack).
- Wire-level and data-at-rest encryption, with off-system key management
While API-level immutability is an important element in cyber resiliency for data, it can’t prevent an authenticated user from reading and accessing data, such as publishing (exfiltrating) the data with malicious intent. Here, Scality relies on and implements today’s state-of-the-art encryption schemes to ensure that data has an additional layer of protection:
HTTPS/TLS termination of S3 endpoints ensure that data transmitted over-the-wire can’t be meaningfully snooped by unwanted parties.
AES 256-bit encryption of data-at-rest in the Scality storage system: S3 object data is encrypted at the S3 endpoint when written into the storage system and decrypted upon read access, but only where the user has authorized access to the encryption keys.
We go further by separating the storage of the encrypted keys themselves into a dedicated and purpose-built key management system (KMS), so that keys are stored in their own security domain. Here, we support the well-known KMIP protocol to provide support for a wide range of the most popular third-party KMS solutions.
These encryption mechanisms supplement the S3 API layer’s immutability with another important line of defense in our overall ransomware protection solution.
- Distributed erasure coding to make data indecipherable to low-level attacks
Ransomware attackers may gain the sophistication to understand that the S3 API layer is harder to penetrate, given the S3 Object Lock capabilities described earlier, along with S3 IAM-level authentication and access control policies. What if they’re able to penetrate the system below the API layer and actually read or write data on the physical disk drives?
This is where Scality’s advanced approach to data protection comes in, through the use of distributed erasure coding. This is typically used for data objects larger than 64 kilobytes, which is to say, it’s used for a lot of data stored on an object store.
How does distributed erasure coding work? It involves breaking data into fragments (or “chunks”), expanding and encoding it with redundant data (parity chunks), and then intelligently dispersing all of these chunks across all drives in the system. The catalog of the chunks’ locations is stored in a secure, hardened repository, with its own separate (non-shared) authentication and access control, so it’s highly protected. Without this “map,” it would be impossible to make sense of where the pieces and parts of a file are stored throughout the distributed system.
This approach makes the success of a typical attack, whereby user data is encrypted for ransom, extremely improbable as the cybercriminal would need to know where the thousands of chunks for a given data object are stored.
- Geographic distribution and replication to eliminate the “all data in one place” problem
Because a ransomware attack may penetrate the defenses of a single data center, we need to remove this as an attack vector.
Scality solutions can store data across multiple sites, availability zones or physical data centers. The effect is multiple “security domains” that a ransomware attack would have to cross in order to access all instances of the data. As long as one copy of data remains intact (healthy and unaffected by ransomware), an organization has the ability to restore and recover their data — and refuse ransom demands.
Scality solutions are capable of multi-site replication (mirroring) to remote Scality targets in other data centers or to cloud storage targets in AWS, Azure, Google and an increasing number of our regional service providers. To make access to remote sites more difficult for actors with access to the first site, remote sites can have their own IAM/security domains. By eliminating vulnerabilities that come with having all data stored in one place, ransomware attacks are thwarted.
- Inherently immutable object storage architecture to protect data at the core storage layer
A large majority (estimates suggest 90+%) of ransomware attacks target applications and data hosted on Microsoft Windows. Because it’s the most widely used operating system in the world, Windows provides a large attack surface for cybercriminals to exploit. But, of course, non-Windows assaults do happen, as illustrated by the recent massive attack on VMware hypervisor environments.
While the sophistication of ransomware gangs has been increasing, it’s still the case that ransomware code is more adept at exploiting common platform weaknesses specifically affecting data stored on Windows. It’s not yet as advanced at exploiting platforms accessed over RESTful storage APIs, such as S3, for data stored on an object store. With that said, we should anticipate this won’t always be the case.
Object storage is ideal for ransomware protection because of its immutability. Scality’s object storage solutions are inherently immutable at the core architecture level, meaning the system implements the proper protocols to preserve data in its original form once it is written.
Applications may, of course, call object API commands that delete or write data, but the underlying architecture implements an overwrite (a PUT request to an existing object key) as a write of a new object versus an overwrite of the original object, while maintaining a record and location of the original data. Similarly, DELETE API requests create a logical marker for the event versus a physical deletion of the original object.
Through this architectural enforcement, we stop many of the usual ransomware attack methods that attempt to modify (mainly by encrypting) user data as a way of extorting a ransom payment from the customer.