Druva’s cool …and we’re not just bragging. Gartner Inc. has made it official, naming Druva a “Cool Vendor” in its just-released report, Cool Vendors in Storage Technologies, 2012, which highlights interesting, new and innovative vendors, products and services.
Gartner notes that its research details emerging private companies “that provide innovative storage capabilities and/or contain the costs associated with storage and storage management” and “can assist organizations in meeting their IT modernization and cost-containment initiatives.” We’re proud to be one of the five companies singled out in the report, and the only one to offer endpoint data protection and DLP.
So what makes Druva cool? Gartner defines a cool company as one that offers solutions that are innovative, enable users to do new things, have a business impact and are intriguing – and Druva inSync is all these. The report noted that our solutions offer a number of unique features, particularly in the areas of security and scalability, such as the ability to support up to 10,000 users per server and up to 10 servers per installation, SAML integration two-factor authentication, and DLP capabilities. Gartner also reported that customers like our product’s manageability and mass-deployment capabilities, as well as its ability to manage CPU utilization and bandwidth.
We’re off to a great start in 2012. This is our fourth industry award thus far. We’re honored to receive such widespread recognition for our products and services. Stay tuned for more news in the coming months. We have some exciting announcements lined up.
You can get your complimentary copy of the Gartner research report here.
At Druva, we are placing our bets on two interesting enterprise trends:
1. Data backup will become a platform and the main focus will be doing more with stored data
2. The user is bringing more devices to work and IT is transitioning to a ‘manage the user’ vs. a ‘manage the device’ model.
Over the past year, we have placed our bets on doing more with data. inSync was the first enterprise solution to offer mobile access, and then we moved beyond data loss and focused on leakage and discovery/analytics. The result – Safepoint and inSights, both inSync add-ons.
And now with the newly announced inSync 5.0 we are shifting our focus to help IT protect and manage the user’s data vs individual devices. With 5.0 all the features and add-ons have been extended to offer full support for iOS and Android based devices.
The Lean Startup approach has taught us to innovate early and often. While enterprises may not be ready to adopt immediately, we’re confident they will be soon.
Recently, I was in a meeting with the CIO of a leading bay area company, when he interrupted my cloud security presentation and said “Encryption, Global Deduplication and Making Sense. You can only choose two of them.” This statement is probably true for 99% of the vendors out there, but it did give me pause for a moment. But then I got a wicked smile on my face, as I began to explain how Druva is different.
A global deduplication algorithm needs not just the hash for the new block but also the information about the existing blocks in their original (non-encrypted) format. Unless the cloud stores the encryption keys it’s simply impossible to deduplicate the data. When other vendors claim deduplication in software or cloud, they most likely either have a common encryption key for all the users stored in the cloud or simply fake deduplication.
At Druva, we took a different approach, developing an innovative concept called “two-factor encryption” which in simple terms works like a bank locker system. Both the user and the cloud have their own parts of the key, and only when the user authenticates, can cloud (in that very session) perform encryption and in-line but global deduplication.
This is how it works :
For users, the key is his own password and for each user, the cloud stores a respective unique token further encrypted by the user’s password. So at no point, does the cloud have the full encryption key and is locked out of accessing the data. But when the user tries to authenticate, the password is used to decrypt the token which in turn authenticates him as well. The decrypted token (with some additional details), is then used as encryption key and also used to perform in-line global deduplication.
It works great for enterprises, as no single user or the cloud provider store the encryption key, and yet we are able to achieve secure backup, global deduplication and data retrieval.
This morning I saw an update in salesforce for the same customer. So I think we managed to convince Mr. CIO and the security team in that meeting.
At Druva, we’re currently going through an ISAE 3402 Type-I/II audit. It caused me to step back to understand what the findings of this audit have taught us. It reinforces that safeguarding our customers data is critical.
Cloud security can be broken down into the following categories :
- Network access and security
- Authentication and access control
- Data storage security
- Cloud administrator access
- Physical infrastructure security
Network Access
As for the outermost layer, it’s fairly straight forward. We applied three simple rules, ennabling security robust enough for any network intrusion :
- Strong (preferably 256 bit) SSL v3 network encryption
- One-way firewall port forwarding
- Limiting the IP addresses or PCs which have priviledged access to the infrastructure
Authentication and Access Control
With cloud security, the key is to control authorized access. This is one of the most critical steps in ensuring security of your infrastructure. Druva deployed the following steps to prevent any unauthorized access :
- Two-factor authentication
- Strong password policies
- SAML integration
- Strong metadata encryption
- Choosing a non-intuitive database schema
- Data masking and scrambling
- Audit trail on access or changes
The two-factor authentication for administrators and password control for users ensure the cloud is protected from any identity thefts. SAML integration further helps single sign-on and centralizing the authorization. Strong encryption, non-intuitive schema and data scrambling helps mitigate any identity theft in case of intrusion.
Data Storage Security
The innermost part of the infrastructure is the data storage. At this stage, unauthorized access is the biggest risk. A good security policy will enable the following :
- Two-factor encryption – A bank locker system to avoid unauthorized access from either parties
- Data splitting – Splitting the structured data across different files and servers
- Bucketing and sandboxing data – Making sure the extent of data compromised can be contained
Druva was the first to develop and use two-factor encryption for securing stored data. The encryption works like a bank locker system, where both the user and the cloud hold part of the key. For the user it’s his own password and for the cloud, its a token unique to every user.
Data splitting helps both in load-balancing and physical security of data. Any attempt to mask the knowledge of any direct access to data is always useful. And data sandboxing ensures that each enterprise customers data is sandboxed (physically, logically and through encryption) to avoid the security thread spilling over.
Cloud Administrative Access
We learned that security infrastructure is incomplete without a solid security policy. The rules around who owns policies and who implements them should be clearly defined. Druva applied the following processes:
- Clear separation of roles: In other words, the security team, the engineering team, and the operations teams should be defined and exclusively independent.
- Multi-level authorization to gain access to cloud servers
- Audit trails for access and control
Physical Infrastructure
And lastly, the physical security of servers is critical. For this, we trust our cloud partner, AWS, and regularly check their internal processes and audit reports to ensure physical security of servers.
Overall security has been our cloud teams area of focus, and we learn something new every day. Hopefully these recommendations will help you in your cloud strategy planning and implementation.