Problem
There is a wealth of sensitive information lying within your backup systems. The power of this data can be unlocked only if its unbreachable. There were nearly 200 million ransomware attacks in the third quarter of 2020 alone. Evolving ransomware attacks targeting backup files has warranted the IT managers and security teams to implement secure encryption of the backup data and the need for a comprehensive data protection platform that does not compromise on storage efficiency is ever increasing.
Solution Overview
There is a wealth of sensitive information lying within your backup systems. The power of this data can be unlocked only if its unbreachable. There were nearly 200 million ransomware attacks in the third quarter of 2020 alone. Evolving ransomware attacks targeting backup files has warranted the IT managers and security teams to implement secure encryption of the backup data and the need for a comprehensive data protection platform that does not compromise on storage efficiency is ever increasing. Fortanix DSM is the world’s first cloud solution secured with Intel® SGX. With Fortanix DSM, you can securely generate, store,and use cryptographic keys and certificates, as well as secrets, such as passwords, API keys, tokens, or any blob of data. Fortanix integrates with Rubrik Data Management Platform using KMIP to provide customers with an FIPS 140-2 level 3 certified external key management service. This provides customers within regulated industries like Finance, Healthcare and Government the highest level of data security in a cost-effective way and helps comply with specific regulations that warrant organizations to store the Key encryption keys (KEKs) outside in an external key management service.
Solution Highlights
Seamless integration with Rubrik: Fortanix integrates with Rubrik using the KMIP interface.
Highest standards of security with FIPS 140-2 level 3 certified HSM: Enterprises can store and backup private keys on-premises with Fortanix FIPS 140-2 level 3 HSM appliance to satisfy compliance requirements.
Unified data security platform: Single platform for key management and hardware security modules (HSM) to secure the Rubrik data and keys.
Enterprise key management: Fortanix secures cryptographic keys, protecting backup data whether it is in the cloud or on-premises. With an intuitive web-based interface, businesses can now manage all the data keys from a single centralized platform.
Scalable HA/DR: Scale horizontally and geographically, providing automated load-balancing, fault-tolerance, disaster recovery, and high availability.
Verifiable audit and access control for compliance: Fortanix enforces policies that protect against unauthorized access and provides secure, comprehensive, tamper proof audit logs that meet compliance requirements.
Get the power of Intel SGX: Fortanix provides Intel SGX to create Runtime Encryption Capsules* (RECs). REC is a software platform for transparently running applications with Intel SGX protection. Using Intel® SGX allows organizations to isolate the software and data from the underlying infrastructure (hardware or OS) by means of hardware-level encryption.
How the Solution works?
The joint Rubrik and Fortanix solution provide a unified data security platform that includes immutability, RBAC, and full enterprise key lifecycle management, a FIPS 140-2 level 3 HSM, encryption to protect backup data from ransomware and data breaches. The solution also helps avoid regulatory penalties from General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other privacy regulations.
The Fortanix DSM integrates seamlessly with Rubrik to secure data across multiple public clouds, hybrid, and on-premises environments. The Key Management Interoperability Protocol (KMIP) is used to facilitate communication between the Rubrik cluster and Fortanix DSM. KMIP uses Transport Layer Security (TLS) to provide a secure connection and Fortanix DSM also uses this to authenticate a KMIP client to successfully create, retrieve, and use the keys stored inside Fortanix DSM.
The X.509 certificates are used to facilitate the communication and authentication for both Fortanix DSM and the Rubrik Cluster. Fortanix DSM is deployed with a server certificate that is signed by the internal Certificate Authority (CA).
The username and password from Fortanix DSM can be used for authenticating the Rubrik cluster, or alternatively, a client certificate for the Rubrik cluster can be created using tools such as OpenSSL. The certificate may be signed externally or can be self-signed.
PROTECTION AGAINST RANSOMWARE
The Encryption keys for backup and Rubrik Credentials are always secured in Fortanix HSM, providing protection against Ransomware.