610 likes | 794 Views
Industry Accolades. Security Product of the Year 2006. What is Assureon?. What is Assureon ?. Complete Solution!. Compliance CAS ILM & retention policies 3 rd Party Witness Time Stamping Version Control Single Instance Store File Access Control Encryption & compression.
E N D
Industry Accolades Security Product of the Year 2006
What is Assureon ? Complete Solution! • Compliance • CAS • ILM & retention policies • 3rd Party Witness • Time Stamping • Version Control • Single Instance Store • File Access Control • Encryption & compression • Electronic Discovery • Disposition control • Constant file Integrity check • Disaster Recovery • Replication • File Access History (log) • Best Business Practices • Admissibility of Evidence • Real Time Data movements The tools you need to Secure, Access Control, Manage and Organize your business assets
What is Assureon ? • Software • CAS • AD Based • Compliance • Servers • From single • Upto 400+ nodes • Storage • Nexsan SATA • Hardened • RAID6 • Plasmon UDO option • Solution • Comes pre-configured • Quick & Easy to install • Plugs into current AD • Scalable • Nodes & storage are independently scaleable Software Servers Storage Solution Scaleable
What is Assureon ? Content Addressable Storage for Fixed Content/Reference Data Scans & Medical Advanced MS Exchange Archiving using 3rd Party Ie. ZipLip & Messaging Architects
What is Assureon ? SATAboy • 14TB • SATAblade • 8TB • SATAbeast • 42TB Hardened RAID – RAID6 Dual Store disk storage
Compliance : Who needs it? Public Companies (SOX, Privacy Regs) Government (DOD, NARA) Pharmaceutical (FDA 21 CFR part 11) Legal (Best Practices and Evidentiary Weight) Medical (HIPAA) Auditors (SOX) Financial Services (SEC 17 a-4) Manufacturing (SOX) Insurance (HIPAA, State Regs)
Assureon & CAS • Takes a file’s 0’s & 1’s & processes it to create a unique fingerprint Example…SHA-1 produces a 160 bit output… • SHA-1("The quick brown fox jumps over the lazy dog") == "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" • SHA-1("The quick brown fox jumps over the lazy cog") == "de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3" • BUT single Hash could potentially give same fingerprint for two different files • Assureon’s Failsafe CAS Technology uses Dual Cryptographic Algorithms SHA-1 & MDA-5 • This gives a totally unique digital “fingerprint” of file contents… SHA-1 & MDA-5 Totally Unique Fixed Content
How Does Assureon Work? Corporate Network • File System Watcher • Multiple O/S Support • Windows (2003, XP, 2K) • Linux (SuSe, Redhat, Fedora) • Data Moving Agent • No API (works at block level) • Server Managed • 3 rules for data retention in FSW folder • Move file & Leave original • Move file & Delete original • Move file & Leave a Short Cut • Offline Journaling • Customizable by file type • Filter Driver • Makes an OS think a short cut is a file • Allows files to be opened by the OS in the correct format • Allows seamless application integration • File System Sync • Allows Scheduled Movement of Data • File Transfer Status Report Linux SuSe Windows XP Linux Red Hat Windows 2003 Linux Fedora
How Does Assureon Work? All files saved to C:/Watched by FSW/ are sent to Assureon FSW scans To Assureon Can be sent once released by application
Securing your assets • Encryption – • AES 256 encryption at rest • IP-Sec for transit files • Https option for management • Access Control • Based on your current Active Directory • File level access control • Company owned file not user owned • Self healing • All assets serialized in chain • No file stored in plain format • Tamper proof storage • 3rd Party Witness
Securing your assets • Files are safeguarded against: • Accidental Deletion • Deliberate Deletion (Even by Administrators!) • Viruses / Worms • Software Errors • Tampering • Inserting Bogus Files • Date / Time Falsification • Hardware Failure (disks, servers, etc) • Disaster (fire, flood, etc) • Information for LIFE
How Does Assureon Work? Single Point of Management • The GUI… • Simple & intuitive • HTML based • Platform independent • The GUI… • simple & intuitive • HTML based • Platform independent
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Which Clients Which Folders Asset Classifications Retention Policies Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose FSW monitors folders for new or changed files Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose FSW captures new and changed files immediately FSW-Sync captures on a schedule Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose 288 bit fingerprint (SHA-1 + MD5) calculated Follows asset though entire life Integrity + CAS Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Supervised by FSW on clients Error-free Fault-tolerant Guaranteed transactions Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Each instance gets serial number Used to track and audit files Just like any other valuable company asset Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Multiple cross-checked time sources (Stratum) Digitally signed Tamper resistant Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose CAS used internally to de-dupe CAS assists with integrity Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Fully automatic AES-256 encryption Replicated keys Key per file for crypto-delete Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Written to two separate storage managers Can be RAID-6 HDD-WORM Anti-tamper Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Embedded Replication Auto-repair of corrupted files Won’t replicate corruption!! 2x2xRAID-6 Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Manifest of s/n, fingerprints, time-stamps, and retention date sent to Key Server Enables 3rd party validate Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose WORM-CAS Immutable Audit / Repair Access control RAID Lockdown Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Shortcuts Assureon Explorer Admin Search Restore Restore shortcuts Assureon in Brief
Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write2 Replicate Manifest Protect Retrieve Dispose Retention date with hold and confirm Max versions DoD scrub Key scrub Assureon in Brief
Best Business Practices & Regulations • USA Government Compliance Regulations • HIPPA • US - SEC 17a-4 • Basel II • Data Protection Acts EU • CA SB 1386 • Sarbanes Oxley • PIPEDA • Euro Government Compliance Regulations • UK BSI BIP008 (British Legal Admissibility Std) • Basel2 (Euro banking Standard) • EU Data privacy act • GDPdU (Germany’s Data Access & Auditing of digital docs) • Best business Practices & Legal Considerations • Retain files • Authenticate files • Secure files • Access files • Delete files
Best Business Practices & Regulations • Retention Policies - Assureon can assign and enforce retention policies • How long for a file to be saved • Flexiblity is also an option with Assureon • Hard set to 3 yrs (law min.) then flexible for 1yr after • File Authentication (Immutability) • Assureon’s CAS fingerprint can guarantee whether a file’s content has been tampered with • Stratum1 time server stamp (3rd Party Witness) • Audit trails of file changes, access & disposition • Any file changes are recorded (Versioning) - only the changes are saved! • Constant integrity checking between two stores (self healing) • Serialization cryptographic chain of all files, if chain broken = missing file • Electronic Discovery (Speed & Performance) • Rich Metadata Layer for Searching • Access the information in sub-second response versus traditional tape or optical • SATA Disk Arrays – external hardened RAID6 – MAJOR advantage over competitors
Data Protection Security Breaches: • Jan '06 - Providence Home Services (OR): Backup tapes and disks are stolen • Cost from $7 million to $9 million • Nov '05 – ChoicePoint breach affects 162,000 customers • The FTC imposes with highest-ever civil penalty: $15 million • June '05 – BJ'S Wholesale Club penalized by FTC for many reasons, including "failing to encrypt consumer information." • Fines plus audit requirements for 20 years Additional Security Breaches: April 18, 2005 DSW/ Retail Hacking 1,300,000 May 2, 2005 Time Warner Lost backup tapes 600,000 May 11, 2005 Stanford Univ. Hacker 9,900 June 6, 2005 CitiFinancial Lost backup tapes 3,900,000 June 25, 2005 Univ. of CT Hacker 72,000
Data Protection Web Images Groups News Froogle Local more » Lost Backup tapes Advanced Search Preferences Web Results 1 – 10 of about 2,700,000 for Lost Backup tapes. (0.04 seconds) News results for Lost Backup tapes - View today’s top storiesUSA Today- 15 hours ago
Data Protection • Access Control • Assureon is the policy enforcement point that controls access to information • Fully integrated your current Microsoft Active Directory infrastructure • Alternatively can work with Security Certificates on differing infrastructures • Encryption of Data at Rest • Assureon uses AES 256-bit Encryption • Selective Encrypting at the File Level • For offline media (tapes) just delete key forget the Crypto file on the tape (Crypto-Shredding) • Secure Key Management • Designed to meet the standards of the Enterprise but be cost-effective for the SME market • Provides redundancy in three locations worldwide • Absolute Disposition • Assureon scrubs all online files at the end of their retention period • Assureon virtually deletes all offline files (optical, tape, WORM media) by scrubbing the files encryption key • Disposition (on & off line) is performed at the file level
Case Study Initial Project: Email Archiving Business Challenge • Data growth • Compliance & legal considerations • Replication for disaster recovery Decision Criteria • Scaleable: No limit on number of objects • Content authenticity for legal & regulations • Low maintenance & ease of implementation • Cost Assureon Value • No application impact • Reduced storage requirements by 40% • Replaced high maintenance & vulnerable tape • Meets SEC and Sarbanes-Oxley requirements Opposition • EMC • Offered Centera for FREE • Brought in big guns to do deal • THEY STILL PURCHASED Assureon! Morgan Keegan: Division of Regions Bank Financial Services Company with 300 offices & 3500 Employees MORGAN KEEGAN