Skip to content

Increase Your Cyber Resiliency Posture with Pure Storage

Photo by Nathan Dumlao on Unsplash

Pure Storage sponsors this blog post. To find out more about Pure Storage, visit www.purestorage.com.

Introduction

Resiliency and business continuity continue to be a hot topic among organizations. The effects of climate change are increasing in frequency and impact, affecting communities and organizations with devastating consequences. In addition, cyber threats are on the rise: in addition to Ransomware-as-a-Service offerings that make it easier than ever to extort ransoms, nation-state threat actors are on the hunt to either steal or destroy data in an increasingly polarized and geopolitically unstable world.

To continue thriving in this challenging environment, organizations have not only understood the impact of those risks, but many are also embedding business continuity (BC) and disaster recovery (DR) at the heart of their operating models. However, building resilient operations, services, processes, and infrastructures is not an easy endeavor.

Multi-layered strategy and Foundational Storage Capabilities

Many elements must be considered when designing resilient infrastructures, and a multi-layered approach is essential. When doing so, organizations should evaluate the built-in foundational capabilities of the infrastructure stack they are building upon.

This is particularly true for production storage systems where live production data resides: protecting this data and preventing downtime is essential for the continuity of business operations. Immutable snapshots are a key foundational capability for any multi-layered DR and cyber resiliency strategy, but that implies that everything is accurately configured.

In addition, enhanced immutability capabilities are now becoming unavoidable. The solution must provide anti-tampering capabilities and quorum-based validation for sensitive operations (such as retention policy changes) to prevent external attackers or insider threats, such as rogue administrators, from causing irreparable damage.

Figure 1 – A pyramid-based visual representation of a multi-layered data resiliency strategy, starting with base foundational capabilities and moving all the way up to trusted operations, recovery capabilities, and resilience against cyber threats – Source: Pure Storage

Building a Multi-Layered Data Resiliency Strategy with Pure Storage

Pure Storage implements intrinsic data resiliency capabilities into PurityOS with three elements embedded in its Evergreen architecture:

  • SafeMode Snapshots: compared to regular immutable snapshots, Pure Storage SafeMode Snapshots (now enabled by default on FlashBlade and FlashArray) are locked and protected against deletion. Instead of the standard deletion process, SafeMode snapshots that have lapsed their retention period are moved to a special staging area where they will be retained for an incompressible, customer-definable timeframe (up to 30 days) and cannot be eradicated manually.
  • Enhanced SafeMode Management: this capability implements additional controls to snapshot retention policy changes by requiring multiple-party authentication and effectively prevents administrator credential compromission or rogue insider attacks.

Pure Storage also offers ActiveCluster and ActiveDR. The former enables the creation of a cluster of up to 5 storage arrays to increase data availability and mobility. At the same time, the latter delivers continuously active replication, simple disaster recovery capabilities, and a near-zero recovery point objective (RPO).

Those capabilities have now been enhanced with two new announcements made on 10-Oct-23 at the Pure //Accelerate London event:

  • Data Resilience Score: this feature builds upon Pure1 Data Protection Assessment to analyze the customer’s fleet of Pure Storage arrays and determine if they follow Pure Storage’s recommended security practices, including whether SafeMode snapshots are enabled or not and beyond. It can also identify whether data is accurately protected by Pure Storage’s backup partner technologies.
  • Zero Data Loss Guarantee: to ensure customers are comfortable with Pure Storage technology, the company guarantees that no data will be lost due to hardware or software issues. In the rare case of a data corruption event, Pure Storage will assure data protection with advanced data recovery services at no cost to the customer.

Finally, it’s worth reminding that Pure introduced a Ransomware Recovery SLA for its Evergreen//One earlier in June 2023 at Pure //Accelerate Las Vegas. This add-on service provides additional peace of mind by providing a clean storage environment shipped the next business day after a ransomware attack has hit a customer. The Ransomware Recovery SLA comes with comfortable guarantees and timelines to ensure full recovery of operations. In contrast, recovery steps are jointly designed at sign-up between the customer and Pure Storage.

Pure Protect //DRaaS: Elevating Value in Disaster Recovery

Implementing a disaster recovery solution is usually a complex, costly, and sometimes disruptive endeavor.

Pure Protect //DRaaS proposes instead a consumption-based Disaster Recovery-as-a-Service solution that focuses on simplicity and cost efficiency. The solution currently protects VMware-based environments and allows organizations to build clean cloud-based recovery environments with multiple restore points to recover clean copies of their on-premises vSphere data to native AWS EC2 instances.

Pure Protect //DRaaS is an infrastructure-agnostic DRaaS solution that protects vSphere environments on top of any underlying storage infrastructure, not just Pure Storage’s technology.

With Pure Protect //DRaaS, organizations can drastically simplify recovery time and speed up operational recovery while significantly reducing complexity and costs. The solution adopts Pure Storage’s proven expertise in delivering capabilities as a service; it offers a compelling management interface integrated into Pure1 and shines through its ease of use.

Figure 2 – A visual representation of Pure Protect //DRaaS, showing both DR Failover and DR Failback scenarios – Source: Pure Storage

It can be expected that Pure Storage will continue expanding Pure Protect //DRaaS to support additional workloads as well as other target clouds than AWS.

TECHunplugged’s Opinion

Business continuity continues to be in the spotlight and a key concern across all organizations, which must not only deal with natural disasters but also rampant and increasingly complex cyber threats. The need for deep, layered threat protection strategies isn’t new. Still, the ability to execute this strategy primarily consisted of implementing multiple solutions, thus increasing operational complexity and related cost & labor.

The strategy laid out by Pure Storage is exciting and coherent: starting with foundational capabilities such as immutable snapshots, Pure Storage has consistently improved its posture and feature set by regularly adding new data resiliency capabilities to its platform. The combination of foundational capabilities with anomaly detection and now a DRaaS offering proves that Pure Storage is committed to the security and resiliency of its customers.

By offering Pure Protect //DRaaS as a platform-agnostic DR solution with a cloud-like consumption model, the company opens itself to a broader set of use cases while also providing an innovative experience to its customers. While remaining true to its engineering roots and its ability to design world-class storage architectures, Pure also demonstrates an unwavering commitment to empowering customers, simplifying operations, and delivering a faster time to value.