Immutable Data Protection Fortress: Veritas Alta™ Recovery Vault

Protection November 06, 2024
BlogHeroImage

Data serves as the essential heartbeat of every organization; its loss or corruption can lead to severe and devastating consequences. Traditional data storage solutions, while effective, often need to catch up when it comes to ensuring data security and recoverability. What if I were to tell you there is an easy solution with Veritas Alta™ Recovery Vault, a Cyber-Vault-as-a-Service (CVaaS) that allows you to protect your data in a secure Veritas tenant hosted by several cloud service providers (CSPs).

What is Veritas Alta™ Recovery Vault?

Veritas Alta™ Recovery Vault is more than just a cloud-based data storage solution; because let’s face it, Veritas is not in the cloud storage business. It's a robust platform designed to provide unparalleled data security and immutability, so your data is stored securely and protected against accidental deletion, tampering, and unauthorized access.

Key Features of Veritas Recovery Vault

  1. Immutable Isolation: One of the most compelling features of Veritas Recovery Vault is its immutable isolation. Once data is stored, it cannot be modified or deleted, providing a level of protection unmatched by traditional storage solutions. In the event of a threat actor/malware compromise, immutability prevents the threat actor from expiring your backup images in Veritas Alta™ Recovery Vault or manipulating the data in any way. You remain in control, all the way down to selecting the cloud data center locations/regions where the immutable and isolated backup data is hosted, enabling you to meet regulatory requirements.
  2. Short-lived, Token-Based Authentication: Veritas Recovery Vault employs token-based authentication to safeguard your data from unauthorized access. The enhanced security of token-based credentials reduces the risk during user or device authentication in the NetBackup Zero Trust model. Instead of standard credentials, Recovery Vault uses short-lived tokens managed through a credential mechanism. This new SAS mechanism uses refresh tokens to generate new access token frequently before the existing tokens expire, providing ongoing protection.
  3. Data Encryption—In Transit and at Rest: The security of your data is paramount to Veritas. Both, Veritas NetBackup and Recovery Vault encrypt your data at rest, providing an extra layer of protection. Veritas categorizes your data as Highly Confidential and always, through NetBackup, is encrypted during transmissions using TLSv1.2. It is then stored in Azure blob or AWS storage using AES 256 cipher modules. Credentials within the NetBackup database are hashed and can also be stored using FIPS 140-2 cryptographic modules.

When you store data in Veritas Alta™ Recovery Vault, a combination of encryption keys, protected by key management keys is applied.  These are managed either through NetBackup's built-in key management service (KMS) or an external KMS supporting the Key Management Interoperability Protocol (KMIP).

Another benefit of using Veritas Alta™ Recovery Vault is your data is encrypted TWICE; both by Veritas and your chosen CSP. For instance, data stored in Azure is encrypted using with Microsoft-managed keys, while AWS data at rest is encrypted with Amazon S3-managed keys (SSE-S3). While Veritas manages the storage infrastructure, you have sole responsibility for managing encryption keys for the data, meaning that Veritas cannot read any data stored within Recovery Vault. That also means the CSP cannot read any data stored within Recovery Vault, but most importantly, neither can an attacker!

In an era where data breaches and ransomware attacks are becoming increasingly common, it's imperative to have a robust data protection strategy in place. Veritas Alta™ Recovery Vault offers a single, flexible, and secure offsite repository for all your data sources. Through its seamless integration with NetBackup, Veritas Alta Recovery Vault simplifies cloud CVaaS, delivering limitless scale without compromising security or compliance. Veritas Alta Recovery Vault and the Intelligent Cloud Policy Engine ensure no data gets left behind, with the flexibility to send any backup data directly to the cloud, without a local copy. Air-gapped, multi-cloud

isolation provides complete protection from ransomware and other threats. Veritas Alta™ Recovery Vault offers a single, flexible repository for all your data sources—from on-premises to your public cloud workloads—with client-side compression and deduplication that reduces the amount of data sent, stored and retrieved from the cloud to improve SLAs.

By choosing Veritas Alta™ Recovery Vault, you can ensure that your data is protected for the long term with simple provisioning, management, and monitoring of cloud storage resources

and retention policies. Don’t just take my word that Veritas Alta™ Recovery Vault is your cloud-based data retention and vaulting solution. In a recent survey of Veritas Alta™ Recovery Vault customers, more than three-fourths (77%) said they would recommend the service to a friend!

Learn more about Veritas Alta™ Recovery Vault and start protecting your data today. And read more about Veritas Alta™ Recovery Vault SOC2 Type2 certification.

blogAuthorImage
Tim Burlowski
Global Lead Cyber Resilience and Data Protection Strategy