Hello everyone, my name is Mike Nelson and I'm a principal technologist on the technical advocacy team here at Cohesity. And I'm Nikita Omkar, I'm a senior product marketing manager here at Cohesity. Today we're going to be talking about the differences between Cohesity Cohesity Fort Knox and Cohesity Cloud Archive.
Two solutions from Cohesity that help create an off-site copy of data, but for different purposes. Now, before we get into the details, let's go through the architectural diagram of these two. solutions which will help us understand how they work and why we may pick one solution over the other. So Mike can you start off with talking about how we can archive to the cloud with Cohesity?
Sure can. This is our primary data center here which has DataProtect installed and what we're doing is we're creating the first backup copy of data in this in this area. Now, on-premises, we take that copy and we create a replica into a cloud. Now, that cloud can be any cloud, really. It can be AWS, it can be Azure, it can be Google Cloud, or it could be a managed service provider.
Once we are in that cloud, you can actually pick what type of storage tier you'd like to move to if it was hot, cold, or cool, which gives you a real advantage when you're talking about costs for long-term retention and compliance. So in this particular case, the customer is actually responsible for managing and securing this in their own cloud account. Now, just like Cloud Archive, Fort Knox also requires an on-prem Cohesity cluster to be built.
be installed to create an off-site copy of data. However, in Fort Knox, all of this is managed as a service by Cohesity and exclusively in AWS. It also has a host of security features inbuilt into the solution, which becomes really important when trying to create an immutable, secure copy of data to protect against ransomware and other internal threats, such as disgruntling. employees, rogue admins, etc. So in such situations where there's a security breach, we can recover a clean copy of data from Fort Knox back to the original location or an alternate location, which could be a public or a private cloud, so that we can protect against any security threats.
So you see how both these solutions create an off-site copy of data, but for different purposes. Now, depending on the situation, we can also use the same method to recover a clean copy of data. Depending on your use case, you could use Cloud Archive for compliance or long-term retention use cases, or Fort Knox if you're trying to protect critical data against ransomware and other security threats.
So you mentioned security before. Can you kind of outline how Fort Knox uses different types of security to enable that securing of data? Sure, Mike.
At the core of Fort Knox is a... multi-layered defense in depth strategy that goes beyond zero trust to make sure that the vaulted copy of data is the gold standard with which customers can safely recover the data as and when needed. Now we achieve this through physical network and operational isolation to ensure that the vault data and policies are inaccessible to bad actors external or internal and this limits any data exfiltration vectors.
Now let's go through those security features in detail. Now the first one is basically creating a virtual air gap With the on-prem cluster through a secure and intermittent network connection that is cut off immediately after the vaulting has occurred. This way, any unauthorized access to the vault data and policies is prevented.
And that's actually different with Cloud Archive because in Cloud Archive, we require a persistent connection to be established for our replicas. So the next security feature is the management isolation that we built into Fort Knox, with which we are able to prevent any authorized users who have access to the on-prem cluster to be able to access Fort Knox data. And we do this through Cohesity Managed Key Management System, or KMS.
And with Cloud Archive, KMS is actually managed by the customer. And it... what happens is that you could have a rogue internal user that actually has authorization that can go in and delete or change your data or policies.
Now Fort Knox helps you avoid that situation. That's right, Mike. You'll be surprised how often this actually occurs in real life.
So to prevent exactly that, Fort Knox has some inbuilt tamper resistance through features such as immutability, worm, encryption, AWS object lock to prevent any retention policy changes, but also separate paths for vaulting and recovering data. And also, additionally, we have access control features which are default in Fort Knox, such as multi-factor authentication, role-based access control, short-term token-based authentication, but most importantly and unique to Cohesity Fort Knox is quorum that requires at least two or more authorized users to be able to approve any critical actions such as recoveries. Now with Cloud Archive it also can take advantage of some of those platform security features such as MFA, RBAC, immutability and encryption but you have to remember that that all has to be configured manually because with Fort Knox it's mandatory that these are enabled and configured. Where with Cloud Archive, it's up to the customer to do that.
That's right. And additionally, there's another capability through Fortnox where we are able to view any anomalous snapshots on the backup cluster directly through the Fortnox UI without having to log in separately to the on-prem cluster as is in the case of Cloud Archive. So let's take a look at this from the operational aspect, okay?
If we want complete control... of the environment and do not want third parties getting access to the data which is really evident in some industries today like banking and finance and healthcare okay then a long-term and secure data protection theme like cloud archive is probably the best solution that's right and in the case of fortnox a customer doesn't want to have to do it all themselves They can outsource this responsibility of vaulting and securing the data to Cohesity through Fort Knox. And they don't have to worry about the operational aspects of it, such as do-it-yourself approaches, such as shipping tape off-site or managing parallel infrastructure for data vaulting.
Let's take a look at how these are actually deployed in the cloud. What are the differences in the two solutions from a cost and ease of use? Now if we take a look at Cloud Archive, the customer is responsible for the cost involved in the management and deploying of their cloud storage buckets. That incurs costs on both a storage and an egress standpoint that the customer has to be made aware of.
That's the best part about Fort Knox. Customers can completely avoid the storage and egress costs because it's all built into Fort Knox SaaS subscription. So they save some money there. Yes, they absolutely do. It's a big expenditure when you take a look at that.
And in summary, no right or no wrong solution for data isolation. It really depends on your individual use case. Now, when you take a look at it for LTR and compliance, Cloud Archive may be the right solution that gives the customer the complete control, but with that control comes the responsibility of maintaining the cloud storage and as all data security. Fort Knox is that simple, easy to use, connect, vault and recover solution with which customers can not have to deal with the cost and complexity of do-it-yourself approaches. That's right.
Now you could pick one of these, you could even do both. Okay and what I mean by that is we've already taken this initial backup with the DataProtect in the on-premises data center. That was our first step. We went and replicated to the cloud and that would be our second replica, our second copy of the data.
We could then make a third copy of the data in Fort Knox. And by doing that, we have come up with the great approach. of 3, 2, 1 for the data protection.
Now what this does is it actually gives you that data protection that you can have and not be afraid of any type of ransomware or attack that happens because you have multiple copies of your data to recover. Thank you for watching and we hope this video helped you pick the right solution for you. Either way you can't go wrong with Cohesity.