How to Use Qumulo’s Built-in Security Controls for Data Protection
This article by Dr. Stefan Radtke, Field CTO EMEA, is the first of a four-part series published earlier this year, to bring awareness of the security controls and data services built into the Qumulo File Data Platform, as well as security best practices against malware.
Introduction to Qumulo“s Security Architecture and Security Controls
Malware attacks are on the rise in quality and quantity, creating large impacts on businesses around the world. Recent attacks such as WannaCry, CryptoLocker.F, TorrentLockerhave and Petya (to name a few) infected hundreds of thousands of computers and other IT systems and caused millions, if not billions of dollars of damage to all kinds of businesses. Having a well thought through security architecture is critical for all IT infrastructure environments on premises and on the cloud.
The Qumulo File Data Platform includes a broad spectrum of modern technologies and data services to support holistic security architectures. This blog series covers Qumulo“s security architecture and best practices to counter malware, in four parts:
Introduction to Qumulo’s Software Architecture:
Preventive Security Controls
Detective Security Controls
Corrective Security Controls
The Qumulo Software Architecture
The Qumulo File Data Platform is a scale out, software-only, NAS (Network Attached Storage) architecture. As such, Qumulo presents standard network protocols such as the Windows Server Message Block (SMB) protocol and the Unix/Linux Network File System (NFS) protocol to clients over a standard IPv4 or IPv6 connection. Qumulo provides several data services such as snapshots, replication, quotas, auditing, and role-based access control to protect your data.
As clients connect to the Qumulo cluster they issue requests to specific files for common read/write/modify/delete operations. The file system fulfills the requests and serves the files back to the customer over the protocol used by the client issuing the request (SMB/NFS).
Multiple „nodes“ running Qumulo Core are combined to create a scale-out NAS cluster and a single volume (a single name-space). Connections are distributed between nodes to optimize performance and capacity.
Files written into Qumulo are broken into smaller blocks of data, automatically encrypted and distributed across the nodes in the cluster using a modern erasure coding algorithm.
Qumulo Core runs on various industry-standard hardware and cloud infrastructure platforms including AWS, Azure and Google Cloud. On all these platforms, Qumulo runs the very same code and follows the same management practices which makes it easy to use the security features and apply best practices everywhere. There are more security domains such as compliance, governance and process covered in Qumulo Software Architecture Overview. In, this blog series, we“ll focus on the technical features of the relevant IT systems.
Shared nothing architecture, seamlessly scale compute and storage
Qumulo File Data Platform: a scale out NAS architecture that includes data awareness, protection, and security.
Types of Information Security Controls
For IT systems, the technical security controls fall into three categories. For a complete description of these controls, see: Qumulo Security Architecture and Best Practices to Counter Malware.
Preventive controls are designed to prevent cybersecurity incidents
Detective controls detect a cybersecurity breach attempt („event“) or successful breach („incident“) while it is in progress, and alert cybersecurity personnel
Corrective controls are used after a cybersecurity incident to minimize data loss and damage to information systems and restore systems as quickly as possible
IT Systems Security Controls
Qumulo supports all three of these security controls with different techniques, which are described in the next three articles of this series linked below.
Dr. Stefan Radtke, Field CTO EMEA, has spent his career working in technology and is the principal evangelist of universal-scale storage for Qumulo. He started as employee #1 in EMEA in 2017 as Technical Director where he built a fantastic multi-national technical team. Recently he took over the role of the Field CTO and he is now focusing on building a strong technical team for Cloud Q. He“s a certified AWS Solution Architect Professional and Azure Solution Architect Expert.
Über Qumulo, Inc.
Qumulo ist marktführender Anbieter eines radikal einfachen Enterprise Filedaten-Managements in hybriden Umgebungen. Die hochleistungsfähige Filedaten Plattform von Qumulo wurde entwickelt, um Daten in ihrem nativen Format zu speichern, zu managen sowie Workflows und Anwendungen zu erstellen – auf Massive-Scale Niveau, On-Premises sowie in der Public Cloud. Qumulo hat das Vertrauen von Fortune-500-Unternehmen, von großen Film- und Animationsstudios bis hin zu einigen der größten Forschungseinrichtungen der Welt, um den gesamten Datenlebenszyklus mit grösster Einfachheit zu managen (Daten-Ingestion, Transformation, Daten-Publishing, Archivierung, dynamische Skalierbarkeit, automatische Verschlüsselung, Real-Time Daten-Transparenz, kosteneffiziente Kapazität). Eine fortschrittliche API versetzt Kunden in die Lage, Qumulo ganz einfach in ihr Ökosystem und ihre Workflows zu integrieren. qumulo.com.