PowerProtect DD Zero Trust
Data Protection is a Key Component to Zero Trust and Cybersecurity
Data protection has become one of the key attack points for cyber criminals today. It is critical to ensure your business is protected from all attack points in your organization by hardening your backup infrastructure to combat today’s cyber criminals. Dell has a Zero Trust architecture that can be implemented on your existing PowerProtect DD’s today to eliminate a majority of the known threat vectors. To provide further protection, the PowerProtect Cyber Recovery Vault can create an isolated, immutable, intelligent copy of your most mission critical data that is not accessible from the production network and not exposed to any advanced hacking techniques.
PowerProtect DD Retention Lock provides the ability to make backup files written to the PowerProtect DD immutable. Retention Lock comes in two editions (Governance and Compliance) and is set at a logical storage unit (Mtree) level. Governance Mode can be set for any Mtree on an existing system, but Compliance Mode will not be an option until it has been enabled for the entire PowerProtect DD. Enabling Compliance Mode on a system will lock the system down, require the creation of a Security Officer for dual authentication, harden the system clock against tampering, remove many of the destructive commands, hardening the iDRAC interface, and requires a reboot to implement. There is no way to override, even with the help of Dell support, the Retention Lock period for a file with Compliance Mode enabled. When enabling Retention Lock on an Mtree, you have the option to set it use to Manual mode, which will give control to the backup application to set the Retention Lock period, or Automatic mode, which will set the Retention Lock period after a cool down period has expired. Guard Rails are placed on each Mtree to set a minimum and maximum Retention Lock period, if a request is outside of those parameters, the lock request is failed. As Retention Locks are set at an Mtree level, it is possible for different data sets in different Mtrees to: • Have no locking • Governance Mode locking • Compliance Mode locking all on the same system.
Proprietary Transport Protocol (DDBOOST)
While PowerProtect DD will continue to support the CIFS and NFS protocols, many of the leading backup applications have integrated with the PowerProtect DD Bandwidth Optimized Open Storage (DDBOOST) API. This proprietary secure protocol prevents access to the backup data in the underlying filesystem and makes it undiscoverable to a crypto virus. This protocol also enables client-side deduplication and compression for better backup and restore performance, and encryption in flight from the client to the PowerProtect DD.