Pure Storage Security
Pure Storage Security - Page 2

PURE STORAGE SECURITY Modern Digital Fortresses Require Solid Foundations

Pure Storage Security - Page 3

MODERN DIGITAL FORTRESSES REQUIRE SOLID FOUNDATIONS Protecting vital information from accidents and theft is the key to success for any organization. But in some sectors it goes far beyond just good practice. When working in healthcare, the financial industry or government, having robust security also becomes an ironclad legal responsibility. Data theft and even accidental breaches won’t just kill a contract. It can lead to heavy fines, a loss of reputation, and in extreme cases even endanger lives. Because of that, organizations working in those fields spend a lot of time, money and energy bolting on security enhancements to their systems in an effort to try and keep data safe from hackers and snoopers who are always targeting them. But where those efforts end up often depends on where they start. Supplementary security can always be applied, more or less effectively, to any existing system. But there’s a better way to protect critical infrastructure. Smart organizations have learned that automatically securing the most basic component of any system, the storage medium itself, is the best protection to keep vital data from slipping into the wrong hands. That’s why building a digital fortress on top of a FlashArray from Pure Storage is a perfect choice for organizations working in healthcare, government or the financial industry. Robust security and lightning fast performance are built-in, automatic and unbreakable before the system even powers up. © Pure Storage 2014 | 2

Pure Storage Security - Page 4

PROTECTING PERSONAL INFORMATION IN HEALTHCARE Almost nowhere else is the need to protect information more percent of all data comes with no tradeoffs in performance legality mandated than in the healthcare field. The Health using the Pure Storage solution. The FlashArray uses a Insurance Portability and Accountability Act of 1996 (HIPAA) combination of both software-based encryption and an states that all personal information from patients needs to be application specific integrated circuit (ASIC) to provide the protected by firms that provide care. And it casts a wide net muscle for the encrypting and decrypting process. When used over what constitutes working in healthcare. Any provider in conjunction with the naturally speedy read and write times of medical or other health services that bills or is paid for offered by the flash drives, the FlashArray is able to perform healthcare in the normal course of business falls under HIPPA. much more efficiently with quicker input/output (IO) operations HIPPA was enacted with the hope that paper records would than even less-advanced storage solutions operating be transitioned over into an electronic format, which was unencrypted. The FlashArray offers compliance considered more secure at the time. The portability part with HIPPA regulations and protects organizations from of the law spells that out by requiring data to move with the heavy fines associated with HITECH violations with no patients to other facilities, doctors and even insurance plans. tradeoffs in performance. Organizations are required to keep all personally identifiable information private and secure regardless of its portability. The Health Information Technology for Economic and A full scale breach Clinical Health (HITECH) act gave HIPPA some more teeth in 2009, notably increasing fines on organizations that allow with the theft of personal patient information slip into the wrong hands. Under HITECH, fines can be as high as $1.5 million for each and hundreds or thousands every violation. Even a tiny breach of security, something as simple as not encrypting a single patient’s information, can of patient records would lead to millions of dollars in fines. A full scale breach with the theft of hundreds or thousands of patient records would be catastrophic for any organization. be catastrophic for But neither an accidental slipup nor a major, coordinated any organization. intrusion will happen with a FlashArray from Pure Storage acting as a digital sentry. Everything that goes onto the array is protected automatically using the Advanced Encryption Standard algorithm and 256-bit keys. Nothing But just encrypting information, even a hundred percent can be stored there, not a patient record or a name, not a of it, won’t give organizations total compliance with HIPPA phone or social security number, or anything else protected regulations. The data itself has to be managed intelligently under HIPPA without it being locked down with AES-256 so that users are only allowed to see the information they encryption. There won’t be any oversights that lead to data are authorized to access. Technically, even if a system is being left unprotected. The FlashArray simply won’t allow that completely protected, having an unauthorized person within to happen. an organization able to access restricted information could be Encrypting every bit of data that goes onto any drive in the considered a violation of the HITECH guidelines. FlashArray might seem like a protection method that could slow down operations. And with a less-advanced storage array, it would. But the process of protecting one hundred © Pure Storage 2014 | 3

PROTECTING PERSONAL INFORMATION IN HEALTHCARE cont. Implementing a Pure Storage FlashArray can both improve performance and lock down any HIPPA or HITECH vulnerabilities right from the start. To protect data internally as well as from external snooping, saved and protected just like anything else stored with the the Pure Storage FlashArray uses robust role-based access FlashArray, this can either be done immediately or at a later control (RBAC), which brings it into compliance with HIPPA. All time as part of an investigation. RBAC accounts are tied to system administrators, so that only Implementing a Pure Storage FlashArray for organizations users with storage administration rights can give access to any application or host. No regular user can modify permissions to working within the healthcare field can both improve gain access to content they should not be able to see under performance and lock down any HIPPA or HITECH HIPPA regulations. vulnerabilities right from the start. This won’t preclude additional security being added to the system, but full But even administrators, with their ability to control access, are AES-256-bit encryption, role-based access control and the not completely unregulated. Administrators of the FlashArray generation of a complete audit trail means that personal can also be set up according to their roles, so that just because information will be kept secure from any unauthorized eyes. someone has administrator privileges doesn’t mean they have full access to everything protected by the system. They might be able to configure the system or troubleshoot issues, but can be denied the ability to read or capture protected information stored inside. The FlashArray also automatically produces a complete audit trail of everything that goes on within the system, satisfying another HIPPA mandate. All configurations are logged into the system as well as any changes that are made. That way anyone attempting to change access permissions, even an IT administrator, has that action logged and time stamped. Security officials monitoring the system can then choose to examine suspicious activity. And because the information is © Pure Storage 2014 | 4

Pure Storage Security - Page 6

PROTECTING THE FINANCIAL SECTOR FROM CONSTANT ATTACKS The financial industry has only slightly less regulations The same full encryption that protects the health care industry imposed on it than healthcare. Although laws like the is also employed to lock down financial data. Nothing written Sarbanes–Oxley Act of 2002, which requires audit trails and to a FlashArray is unencrypted, so there are no back doors or verifiable financial reporting, don’t specifically speak to the loopholes that a hacker can exploit. Every byte is protected need to secure data, the industry generally tries to follow plans with AES-256 encryption on every drive in the entire array. like the Payment Card Industry Data Security Standard to keep information safe. Within the financial sector, the biggest problem isn’t government fines if personal data should slip out, but more so Companies working in the fact that companies working in finance are generally the most attacked group in the world. Not only is the information finance are generally the they protect valuable, but it also can lead to actual money for hackers who are able to penetrate a company’s data at rest. most attacked group in Stealing credit card information, bank account passwords and user-logins can be a highly profitable business in its own right for professional thieves, so the financial sector is always trying the world. to keep one step ahead of the constant attacks. And even though there aren’t a lot of laws in place to punish companies that fall prey to hacks, in most cases the company is going to be held liable if they allow their customer’s money to be In addition to not slowing down performance, the Pure Storage stolen. Even beyond that, the loss of reputation following a FlashArray does not require any external key management breach, especially a large and well-publicized one, could lead for encryption. The FlashArray uses a unique internal key to disaster. management mechanism that keeps the burden off of both the As such, even though it’s not as tightly regulated as the administrators and users. No longer do administrators have to healthcare industry, the financial sector generally tries to be purchase expensive third-party key management programs as secure as possible, even going so far as to lock down and then spend weeks in training seminars learning how to systems with draconian schemes and highly redundant make it all work within their organization. The patent-pending protections. The problem with that approach is that too much internal key management system on every FlashArray comes security can become a wall blocking authorized users from as part of the storage medium itself. Beyond getting a huge getting to the information they need. And that is where the benefit included when simply buying a new FlashArray, Pure Pure Storage FlashArray can step up and solve two problems Storage’s unique key management solution also doesn’t at the same time. require user intervention because the keys are generated securely and automatically. From a user’s perspective, it’s like having key management without the actual keys. © Pure Storage 2014 | 5

PROTECTING THE FINANCIAL SECTOR FROM CONSTANT ATTACKS cont. Beyond just keeping encryption keys safe, financial When the FlashArray needs to access data, it first samples organizations also have to worry about some pretty impressive all the drives to ensure their secret passwords are in place, data theft schemes. A full-scale breach can net millions of and uses them to reconstruct the overall password. There dollars for hackers just using the captured passwords and has to be a quorum consisting of slightly more than half of the information, and much more when selling data like credit card drives sharing the secret password present for any of them numbers on the black market. As such, thieves will try just to unlock. Otherwise, the array can’t build the secret key about anything to get their hands on that data, including trying required for use. Should someone steal one of the drives, the to defeat physical security or getting an inside man to steal whole system would still work because a quorum would still entire drives. be present, though its loss would be noted even if a drive was used to replace the missing one, since the new drive wouldn’t have part of the overall password. The stolen drive would never be able to unlock however, because it would never be a The protection is built- part of the original quorum again. A new overall secret password and individual passwords for in and automatic. each drive are randomly generated every day as an added precaution. So a thief couldn’t slip a drive away every day, Companies start making hoping to eventually build a quorum of their own because each drive would have one part of an entirely different secret use of it as soon as they key. This extra layer of security is unique to Pure Storage FlashArrays and thus makes it extra attractive to financial institutions trying to maintain an edge over attackers. And it activate their FlashArray. requires no user or administrator intervention. The protection is built-in and automatic. Companies start making use of it as soon as they activate their FlashArray. Last but far from least, the same robust automatic audit chain But stolen drives won’t do much good for hackers, even if an attacker is able to plug them into a new FlashArray enclosure. generation that makes FlashArray devices so useful in health First off, all data on all drives is AES-256 encrypted, so a single care is also automatically active for the financial industry. drive separated from an array is going to be worthless. But Nobody, even IT administrators, can make changes to system even if that drive is plugged into a new array, it won’t work and configurations without a trail being created. Auditors can won’t unlock because of the way Pure Storage runs their Purity instantly see changes as they are being made, and still have Operating System. Using the Purity OS, each drive is given a access to them if needed for an investigation months or even unique password that is randomly generated and never leaves years later. the Purity environment. That password is used to lock down each drive when not in use. Once generated, the codes are then uniquely scrambled and shared among all the drives in the array. © Pure Storage 2014 | 6

Pure Storage Security - Page 8

BUILDING SECURE AND REDUNDANT STORAGE FOR FEDERAL, STATE AND LOCAL GOVERNMENTS Government doesn’t just require other entities to operate the FlashArray’s drives are separated and redundant. There securely, they also impose quite a few regulations and is never a need to power down to swap drives. Even in the mandatory best practices on themselves. And while those unlikely event of a flash drive failure, system operations are regulations can vary by state or even by department, in not disrupted. The failed drive can easily be swapped out for a general, government at any level can only work with new one while the FlashArray is still running and serving up all secure systems. its data to authorized users. There are so many different regulations in government that it would be difficult if not impossible for one system out of the box to work with all of them. There are so many different regulations in government that it Having no single point of failure extends to every aspect of would be difficult if not impossible for one system out of the the FlashArray, even the controllers, which are completely box to work with all of them. However, using a FlashArray is stateless. Should a controller fail, all operations can be good place to start for any of those requirements. With full maintained by the backup controller with no loss of operations AES-256 encryption, role-based access control and automatic or downtime. Pure Storage can deliver a new controller onsite generation of audit trail information, it can provide a stable within four hours of the failure too. Once the replacement base for any agency to build upon, and likely would be all that controller arrives, the old one is simply unplugged and the new some organizations need. one is cabled into place. Users won’t even know that a major Where government is unique compared to other sectors is component has failed, and operations can continue normally. their requirement for continuous operations. Some agency Because the clustered FlashArray controllers don’t store programs are so important or deal with real-time any persistent information, they can also be upgraded with applications such as air traffic control that they simply can’t new software and features without disrupting operations. have any downtime. Even at the state and local level, The FlashArray is active from every port on two controllers, programs designed to serve the public can’t crash or be even though performance-wise, the array is only using one made unavailable. When that happens too often or for a long controller at a time. Should one controller fail, the second period of time, the issue becomes a political as well as a automatically takes over, keeping performance at 100 percent technical liability. with no negative effects on any of the FlashArray’s users. Pure Storage understands the need for continuous availably But that non-disruptive architecture is not just limited to and as such, the FlashArray is built on a unique non-disruptive hardware redundancy. Pure Storage has designed their Purity everything model with no single point of failure. Unlike other Operating System to ensure that the software driving the flash arrays that lump all of their storage into the same space, FlashArray can also compensate and eliminate any single © Pure Storage 2014 | 7

BUILDING SECURE AND REDUNDANT STORAGE FOR FEDERAL, STATE AND LOCAL GOVERNMENTS cont. point of failure. The array is able to do this because the OS is no place in government service that requires one hundred built specifically as a way to use RAID with flash. This solution percent accuracy. RAID-3D uses a series of independent fixes the three major problems that happen when trying to checksums along with dedicated parity to eliminate this shoehorn flash drives into a RAID configuration that they were problem. Any bit errors are instantly detected, healed and not originally designed to run. written around. That same system of parity also eliminates the variable performance some organizations experience with solid state drives. The peaks and valleys in performance are associated By enlisting a Pure with the standard RAID garbage collection mechanisms which tend to get clogged and reduce throughput. RAID-3D looks Storage FlashArray, at this problem like any other point of failure and uses parity to work around all potential bottlenecks. The end result is organizations across consistently fast performance all the time. And last but not least, although flash is much more reliable government can employ than traditional drives due to having no moving parts, drives can still fail for a variety of reasons. Most RAID controllers high security, fast don’t handle flash drive failure very well, but RAID-3D ensures that no two pared drives can fail at the same time. If any drive performance and reliable in the array goes down for any reason, its data is served from a backup location while the OS re-builds and writes around continuous operations. the failing component within minutes. Users never see any performance hit and don’t ever lose data. By enlisting a Pure Storage FlashArray, organizations across government can employ high security, fast performance Called RAID-3D, it’s RAID for pure flash drives. The first thing and reliable continuous operations. Regardless of the RAID-3D does is to eliminate problems associated with bit circumstances, government agencies will know that their errors, device failure and variable performance levels. Starting mission data is protected, efficient and always available. with bit errors, they are the most annoying problem for most organizations trying to use flash with RAID. Flash drives are more vulnerable to returning incorrect data other than what was stored. Normally minor in nature, it nonetheless has © Pure Storage 2014 | 8

Pure Storage Security - Page 10

Pure Storage, Inc. Twitter: @purestorage 650 Castro Street, Suite #400 Mountain View, CA 94041 T: 650-290-6088 F: 650-625-9667 Sales: [email protected] Support: [email protected] Media: [email protected] General: [email protected]

Pure Storage Security - Page 11