Recently, Druva presented their Data Resiliency Cloud solution and strategy to the delegates as part of Security Field Day 10 (#XFD10). The Druva team took us through an overview of their platform as a whole, capable of protecting everything from on-prem workloads to SaaS and multicloud data sources, and then stepped into the various elements of their cyber security capabilities for autonomous protection, rapid response, and guaranteed recovery.
Figure 1: The Druva Platform and Workload Coverage at a Glance
In this blog we will quickly cover off the Druva Resiliency Cloud, but focus mainly on their unique approach to security. As always, I strongly suggest you tune into the full replay of the Druva presentations and DEMO of their platform capabilities available below:
Security Field Day 10 Replay:
Introducing the Druva Data Resiliency Cloud
Druva was first...
Founded in 2008, Druva was the first backup solution to be 100% cloud-based. Yes, they are the "OG" for Backup-as-a-Service (BaaS). Where every other backup vendor like Commvault, Veritas, Veeam, Dell, and even more recent entrants like Rubrik and Cohesity all started with traditional datacenter roots and then had to port their technology to the cloud, Druva was already there. They started in the cloud and from their AWS-based infrastructure they extended their backup services out to the datacenter, endpoints, and cloud-native workloads. Over time this coverage grew to include SaaS applications like Salesforce and M365, Google Workspace, Kubernetes, and most recently true multicloud capabilities with backup support now for both Azure and AWS.
While technically these features are delivered via separately consumable products (Phoenix, InSync, and CloudRanger), Druva has done an excellent job of seamlessly integrating them into a single holistic user experience (UX). Druva provides a unified control plane that spans across their entire portfolio so that customers and administrators can manage their data protection operations from a single common user interface (UI). No need to jump between consoles as all workloads can be managed from one place!
Figure 2: One dashboard to rule them all
Secure by Design: Zero Trust, Zero Knowledge, Always On Defenses
There's a big difference between "secure by implementation" solutions and "secure by design" ones. "Secure by implementation" means that the customer needs to know how to properly deploy and configure the solution in order to enable and take advantage of any of the security features available in the offering. Stuff like immutability, anomaly detection, and other zero trust elements might be a part of the product, but not necessarily turned on by default -- Druva is NOT one of those types of solutions...
Figure 3: Druva's Key Security Features - Always On by default
Druva is secure by design -- which means that all of their security features (highlighted in the above image) are in place and at the ready from the moment you sign up for their services. Immutability is built in. Anomaly detection and curated restores enabled from the get-go. This streamlined approach to data security and recovery is a refreshing approach to ensuring data security.
Figure 4: Druva's approach to Zero-Trust
As mentioned just now, the Druva security features are baked-in and not something that an administrator needs to worry about setting up, thus reducing the day-to-day operational overhead of having to maintain your security posture. This is not to say there isn't work to be done, but since Druva's security dashboard will alert/advise if there are any infrastructure configurations recommended for further hardening - there's just less of it.
Digging Deeper into Key Druva Security Features
I'm not going to spend time on all of the features listed out by Druva for security as many of these are what I consider table stakes. That's not to say that these features are not important or even critical for your environment (as they all are), but these are things that EVERY backup vendor who's serious about cyber resilience should be providing in their offerings. Thankfully, they come included with Druva:
Table Stakes (ie: any serious backup vendor should have these capabilities)
Immutability and air-gapped backup copies
Multi-factor authentication (MFA)
Encryption
Security posture monitoring and recommendations
Automated workflows for orchestrating recovery + playbooks
Anomaly detection
Malware Scanning
SIEM/SOAR integrations for unified alerting
Phew, that's quite the list of things that SHOULD come with any backup solution in 2023 (and do with Druva), but what about some of the things unique to Druva? Let's take a look
Deletion Prevention
This feature was introduced over a year ago (perhaps longer), but still stands as a very unique concept among the data protection solutions in the market. This essentially acts as another recovery copy that can be leveraged in an emergency - even if the data was deleted by an administrator.
To over simplify it, this acts similar to the Recycle Bin does in Windows whereby deleted files are not immediately deleted, but kept in the bin for a period of time "just in case". Druva's deletion prevention holds onto deleted data for a set window of time prior to purging it from the back-end storage infrastructure. Customers can engage with Druva support to recover from this data copy in the event of an emergency - which is pretty unique as most with backup vendors the data would be gone completely or incredibly difficult to recover in a similar situation.
Figure 5: It's an emergency...who you gonna call?
Curated Recovery
I think I can fairly chalk this up as another instance of a critical data security feature that Druva was first to bring to the market. The concept of needing a clean recovery copy isn't new, but the task of actually creating one automagically wasn't something you could easily do prior to this feature being available.
Unlike other disasters, ransomware and malware related incidents don't necessarily have a single point in time you can earmark and recover your environment to just prior. These attacks are drawn out and pervasive - attacking different systems and data sets at different times over a prolonged period of time. There is no discrete point in time to roll back to that guarantees your environment will be free from threats.
This is where Druva's Curated Snapshot changed the game. The Curated Snapshot is synthetically generated across all backup copies within the respective time window. This scans for corrupted copies of the data and singles out the "last known good" or "gold" copies of all of the files and data within the identified blast radius. Rather than backup administrators having to tediously check through multiple backup images to find the good data themselves, the Druva solution does it for them and creates that single recovery copy that you can leverage to recovery the environment.
1 copy of the clean data spanning all affected backups = faster recovery with less headaches.
Figure 6: Druva's Ransomware Recovery Dashboard
Following on the walkthrough of the various security features, Druva provided a series of demos to showcase these features "live". I also appreciated the stories they shared regarding real customers and their experiences recovering from malware with Druva. Lastly, Druva tied the whole event together by bringing things back to what's important: where Druva's technology can plug into the broader security story for a customer.
The below graphic was an excellent visual to highlight how all the pieces fit together and where Druva can provide value at each step along the way.
Prevention > Detection > Response > Recovery
Figure 7: Mapping the Druva capabilities to these stages and processes of cyber security
Wrapping up
Druva's presentation at XFD10 was a perfect example of why I, as an IT professional, have frequently turned to the Tech Field Day team to learn more about different solutions and vendors in the market - and I'm honoured to now be a part of that group from time to time.
Druva provided a solid overview of their platform, why they took the approaches they did, and then mapped that to how they are using that platform to solve today's IT challenges and even some of tomorrow's. On top of that, the demos let you actually see the product in action and get a good idea of how it works "in real life".
I've been in the data protection industry for over 15 years and am very familiar with Druva's technology, so there wasn't much new for me to see other than the latest demos. However, if you're curious about Druva, their cyber resilience features, and how they might be a fit for your needs, these presentations are perfect for you :)
You can catch up with replays of all of the presentations from XFD10 via the Tech Field Day site:
Written by Matt Tyrer. These posts reflect my own opinion and are not necessarily the opinion of my employer.