Quantum Safe Data Protection for Backup and Recovery Solutions
The data resiliency solution combining the Nutanix AHV hypervisor and Certes Quantum Safe delivers a robust, zero-trust approach to data protection, ransomware resilience, and regulatory compliance for backup and recovery software solutions.
When IT decision makers look to choose backup and recovery solution options running in a Nutanix AHV environment, they need to ask themselves the following:
▪ Can I trust the data that is being sent to and received from the solution?
▪ Can I protect the data in the worst-case scenario when backup data is exfiltrated to an external system?
▪ How does the solution mitigate risks associated with the quantum computing threat, as part of my overall quantum strategy?
It’s only as good as the data you receive, “Garbage In, Garbage Out”
Backup and storage solutions are offering businesses extremely powerful tools to ensure the integrity of their backups. However, immutable backups are only as good as the data that is received, and when this data is recovered back to a system, it’s only as good as what is backed up.
Never has the old IT adage “Garbage In, Garbage Out’ ever been as important when looking to provide data protection systems based on backup and recovery solutions.
The Quantum Computing Threat Angle
If your business is still relying on TLS, RSA, or traditional PKI, your encryption is on a countdown clock. And when quantum machines mature, that protection will become obsolete overnight. Algorithms like RSA and ECC depend on the difficulty of factoring large numbers or solving discrete logarithm problems. Quantum computers, with Shor’s algorithm, are expected to overcome these defenses.
Increasing Scrutiny by Regulators for Data Breaches (including Ransomware)
Under modern data protection laws, organizations have a responsibility to safeguard data against foreseeable threats. That includes quantum computing.
Regulations like:
▪ GDPR refers to “state-of-the-art” technical measures to protect personal data, based on risk and other factors.
▪ DORA regulates ICT risk management and operational resilience in financial institutions.
▪ NIS2 provides for risk-based encryption and technical safeguards for critical infrastructure.
▪ CJIS enforces full encryption key ownership for agencies handling criminal justice data.
These frameworks tie data protection to ongoing risk awareness. And quantum computing is a known threat.
Quantum Safe Data Protection and Resiliency Solution Overview
Benefits
Regulatory and risk management
Audit-ready controls – Customer is in control of the policy and keys to data, designed so that, even in the worst-case scenario, one can provide proof of protection of critical data flows to auditors.
Branch-to-private-to-cloud
End-to-end protection – From edge devices to cloud environments, critical data is securely backed up, transported and recovered.
Simplicity of implementation – The Certes vCEP on Nutanix AHV is implemented as a bump-in-the-wire to promote easy deployment and quick time to value.
Undetectable to cyberattackers – The Certs vCEP is designed to be undetectable by threat actors therefore, there is nothing to try and attack.
Quantum-safe DPRM
Data security when open – Certes’ patented advanced post-quantum cryptography (PQC) key management and Layer 4 quantum safe encryption (NIST AES-256-GCM) protects data during backup and recovery. Data that uses the legacy TLS protocol is safeguarded against man-in-the-middle and harvest now/decrypt later threat techniques in post-quantum environments.
Backup software solutions for data protection at rest
Fast backup and recovery – Leverage storage-level snapshots for fast, efficient and scalable backups. Quickly restore critical workloads from backup in case of ransomware attacks or system failures.
Virtual air-gap control logic
Dynamic vault access – Cyber vaults stay closed by default and designed only to be opened per security operations center schedules or specific SIEM event triggers.
Controlled data flow – This minimizes exposure to threats and helps reduce the risk of unauthorized access.