Umbra ShadowStream™- Case Studies

Cloud Storage Risks

Without Umbra, there are numerous risks that must be managed with using any form of storage but especially cloud storage. Last year 39% of cloud systems suffered a breach.

Threats in cloud storage

Threat
How Umbra helps...
Misconfiguration or clerical mistake

Vastly simplified set up.

No risk of loss of client side encryption keys.

Billing failure doesn't take down service.

Rogue employee

Cloud providers only have access to 1 Shadow- provably undecryptable forever.

Cloud provider breach

Shadows provably undecryptable.

No reliance on cloud providers to keep keys securely.

Ransomware

Tamper-evident Shadows- remaining Shadows still provide access.

Versioning can be configured to provide PITR if required.

Failures in cloud storage

Failure mode
How Umbra helps...
Network failure
Multiple ways that you can get enough Shadows to recreate the document; ensuring maximum resilience regardless of the source of the problem.
Cloud Cascade Failure
Having duplicate regions with a cloud provider is considered best practice- so when one region fails your data can be recovered from the alternate. However a regional failure from the provider puts immense loads on its neighbours, resulting in the potential for cascade failures. Umbra uses independent providers, in distinct data centres, so it has no such fragility.
Hack-now- crack-later
Roughly every 5 years the encryption used for web traffic becomes obsolete due to a new vulnerability or concern. We are due for the next shortly. Hackers now retain data they hacked to be able to “crack” that data later when those vulnerabilities become known. Umbra's Shadows don't rely on conventional encryption and are provably undecryptable. Not just now, but against future attacks, techniques and disclosures.

Implementation

  1. Review of current practice (optional)

    For many customers it's helpful to start with a review of their current provision. To cover the state of current security setup, current back-up provision, costs for storage and egress, use of CDN etc. We would be delighted to carry out this review for you, and if your current spend is over £1000 per month we’d be happy to provide a review for free.

  2. Selecting underlying shadow storage providers

    Umbra continuously monitors a wide range of potential storage providers for uptime, outages, latency and bandwidth, as well as keeping track of their charges. We can provide detailed information to help you select shadow storage that balances your requirements.

  3. Transition

    For most customers there's zero downtime. It's as simple as changing the application credentials to point to our proxies. Optionally we can move data across whenever its accessed, so over time allowing the data to move and avoiding any downtime. Until you are confident in the new system we can continue to every file in the legacy system, so you can revert at any time instantly.

Simplicity

No more manual back-ups of S3-type storage, no more wrestling with complicated setup or key management. Umbra is intrinsically secure.

Unneeded shadows are disregarded, keeping your connection fast.

Confidence

Every Shadow™ is mathematically provably undecryptable, reducing your risk of data loss, and Ransomware attacks on cloud buckets are detected and mitigated early.

The service tolerates seamlessly up-to 3 of the cloud providers being permanently or temporarily offline. So your application stays live.

National Critical Infrastructure projects require cloud provider resilience. Umbra provides that element for your cloud object storage.

No gap in coverage as backup is continuous, not periodic.

Early detection and isolation of ransomware.

We are so confident in ShadowStream’s security, we have a competition for anyone able to extract usable data from a shadow.[Link to competition]

Value

Best practice for conventional S3-type storage demands you set up cross region replication (on its own, doubling your storage cost), and off-cloud backup. Storing three copies of everything to provide a limited 1-fault tolerant system. This also triples your attack surface.

Once you no longer rely on a single provider and can tolerate outages, you are free to select storage from the many alternatives costing far less than the premium providers for some or all of your underlying storage providers. Lowering your average cost per TB. Depending on your application and requirements, savings in total costs of 20-40% are commonplace.

Environmental

Cloud Object Storage accounts for 830 million tonnes of CO2 per year, nearly the same as all airlines combined.

Umbra reduces the total amount of storage required, resulting in savings of around 41% in the total carbon footprint.

Get in touch

If you would like to know more about Umbra Systems Limited, please get in touch.