StorCycle Protect your data image header

StorCycle Data Protection

Data Lifecycle management for protection square imageCyberattack, ransomware, natural disaster or simple human error – any of these can destroy an organization’s most valuable asset – its data — in an instant. StorCycle software protects data through end-to-end checksums; encrypting on all storage targets; and with the ability to store multiple copies on multiple storage mediums, enabling genetic diversity of storage mediums. With its Attack-Hardened features, StorCycle has the ability to store data on tape for offsite or vaulted storage, creating an impenetrable air gap that guarantees data security. StorCycle is fully ADFS compliant – file permission will remain intact regardless of where data is stored. StorCycle will even analyze the protection level of user-defined migration policies and assign a Perpetual Score indicating the level of protection each migration policy creates.

StorCycle now offers “ransomware snapshots.” StorCycle Integrates directly with Spectra’s BlackPearl triggered snapshot feature. When enabled, StorCycle initiates snapshots of BlackPearl volumes at the end of migration jobs. If the migration job is the only data written to a given volume, StorCycle will optionally turn that volume into read-only status so that files can’t be overwritten or encrypted.

When StorCycle is used to move data again, a pre-API command will trigger BlackPearl to make the volume writable so that StorCycle can migrate the next set of files after which the volume will be turned to read-only status once again.

StorCycle naturally reduces the ransomware attack radius by moving less active data off of primary storage and into archive. But in addition to ransomware encryption, users must protect data from breach and theft. This is an area that StorCycle’s attack-hardened approach can help with as well.

Archived corporate data can be sensitive and create liability if leaked. Likewise, archives may contain organizational intellectual property which could have devastating consequences if stolen.

StorCycle offers AES-256 encryption. Data migrated by StorCycle to other locations may be encrypted, then automatically decrypted when brought back for usage. This feature provides a simple and secure way to assure that data cannot be read by external threat actors. Highly confidential information can be kept accessible but not available to steal.

Active Directory Integration

StorCycle is installed on a Windows server and includes integration with Active Directory (AD). Active Directory integration provides for several benefits:

  • AD users can be granted various permissions for access to the StorCycle web management interface (see section above).
  • When files are migrated by StorCycle, their AD-based access permissions are recorded. When the files are restored, those access permissions are reapplied.
  • All AD users can optionally be given permission to be able to restore files migrated by StorCycle.

Data Integrity and Protection

Spectra StorCycle includes a number of Attack-Hardened features to ensure that migrated data is safe and secure, both when initially migrated and in the future.

  • Ransomware Snapshots: Integrates directly with Spectra’s BlackPearl snapshot feature. When enabled, StorCycle initiates snapshots of BlackPearl volumes at the end of migrate jobs, and optionally maintains immutable read-only status of volumes, providing Attack-Hardened protection from network intrusions, such as ransomware attacks, by reducing accessible attack vectors.
  • BlackPearl Bucket Adoption: Allows users to configure an existing BlackPearl object storage system as a storage location, and automatically adopt the contents of the bucket into the StorCycle database. The objects remain in the bucket, but are available for StorCycle restorations. Bucket adoption enables existing BlackPearl customers to integrate StorCycle into their workflows for easy access to object or tape archive.

File Checksum

When a file is read by StorCycle to be migrated, it creates the checksum of the entire file as it is written to the target storage. The checksum acts as a thumbprint of the file that can be reproduced to ensure that the file has not changed. StorCycle stores each file’s checksum in its database, and this value can be accessed and exported as part of a migration job’s manifest.When StorCycle restores a file, it will again validate the checksum to ensure that the file has not changed. If StorCycle detects a change in checksum value, it will report an error. Files with reported errors can still be accessed and restored.

StorCycle uses the SHA-256 checksum method. This modern checksum method is commonly used, works well with Intel and AMD processors, and minimizes risks of collisions and attacks. A basic level of checksum verification is also included in the TCP/IP communication used by StorCycle. For StorCycle storage targets supporting HTTPS/SSL (BlackPearl, S3), the HTTPS protocol also includes basic checksum verification.

Some data will continue to be stored forever, but not all data needs to be kept forever. Leveraging StorCycle’s scheduled delete feature, users can now configure automatic deletions of data migrated/stored by a project after StorCycle retains it for a specified number of days. Users will get email notifications about pending deletions five days before data is deleted.

X
Spectra Logic
Follow Us