PROTECTING THE FINANCIAL SECTOR FROM CONSTANT ATTACKS cont. Beyond just keeping encryption keys safe, financial When the FlashArray needs to access data, it first samples organizations also have to worry about some pretty impressive all the drives to ensure their secret passwords are in place, data theft schemes. A full-scale breach can net millions of and uses them to reconstruct the overall password. There dollars for hackers just using the captured passwords and has to be a quorum consisting of slightly more than half of the information, and much more when selling data like credit card drives sharing the secret password present for any of them numbers on the black market. As such, thieves will try just to unlock. Otherwise, the array can’t build the secret key about anything to get their hands on that data, including trying required for use. Should someone steal one of the drives, the to defeat physical security or getting an inside man to steal whole system would still work because a quorum would still entire drives. be present, though its loss would be noted even if a drive was used to replace the missing one, since the new drive wouldn’t have part of the overall password. The stolen drive would never be able to unlock however, because it would never be a The protection is built- part of the original quorum again. A new overall secret password and individual passwords for in and automatic. each drive are randomly generated every day as an added precaution. So a thief couldn’t slip a drive away every day, Companies start making hoping to eventually build a quorum of their own because each drive would have one part of an entirely different secret use of it as soon as they key. This extra layer of security is unique to Pure Storage FlashArrays and thus makes it extra attractive to financial institutions trying to maintain an edge over attackers. And it activate their FlashArray. requires no user or administrator intervention. The protection is built-in and automatic. Companies start making use of it as soon as they activate their FlashArray. Last but far from least, the same robust automatic audit chain But stolen drives won’t do much good for hackers, even if an attacker is able to plug them into a new FlashArray enclosure. generation that makes FlashArray devices so useful in health First off, all data on all drives is AES-256 encrypted, so a single care is also automatically active for the financial industry. drive separated from an array is going to be worthless. But Nobody, even IT administrators, can make changes to system even if that drive is plugged into a new array, it won’t work and configurations without a trail being created. Auditors can won’t unlock because of the way Pure Storage runs their Purity instantly see changes as they are being made, and still have Operating System. Using the Purity OS, each drive is given a access to them if needed for an investigation months or even unique password that is randomly generated and never leaves years later. the Purity environment. That password is used to lock down each drive when not in use. Once generated, the codes are then uniquely scrambled and shared among all the drives in the array. © Pure Storage 2014 | 6