Functionality

Umbra Virtual-on-prem™ appears like network storage, but offers much more security and reliability.

It seamlessly provides shared access to your storage as an SMB share, just like on-prem storage, and supports all standard line-of-business applications.

However, data is stored off-site, across 7 or more commodity cloud providers, using our unique alogrithms, as undecryptable Shadows.

Shadows contain none of the original data, but providing you can access 4 of those providers, you can access all your data.

However, an attacker must penetrate 4 providers before they can start an effort to decrypt your data.

What is a “Shadow”?

A “Shadow” is a mathematical representation of some aspects of the whole file you are storing. It isn't a piece of the original, in fact it contains no bytes from the original at all. We calculate each Shadow from every byte of the original file. Changing a single byte of the original changes every Shadow.

You can have as many Shadows as you like, each will be unique.

In addition, we apply a conventional encryption before the Shadows are cast, making it even harder for anyone analysing the Shadow to glean hints about the shape of the original file.

Where are the Shadows stored?

Umbra monitors dozens of S3 compatible storage providers, so we can help you pick your seven providers.

You can mix in on-premises storage too, for low latency and cost, whilst retaining resilient cloud backup.

Pick 7, depend on any 4

What happens if a storage provider fails?

Immediately nothing, you simply get a notification, everything keeps working as normal.

If the storage is just temporarily offline, the system will catch up retrospectively.

Alternatively, if the provider has suffered some corruption of the data that's immediately clear from the checks in the stored data and in addition to the notification we can isolate that storage until the situation has been resolved.

Finally, if the files are permanently deleted from the provider we also get to see that immediately so remedial action can be taken.

Compatibility

If your application currently uses AWS S3 or its equivalents it can work with Umbra ShadowStream today. No changes are required to the application code.

Storage of Shadows can be on any service or software that implements the S3 API. Customers can select the mixture of providers and on-prem/off-site that matches their requirements and budget.

Today there are over 30 S3-compatible services available instantly, and products like Minio make it easy to implement your own on bare-metal servers, VPS, or on-premises.

Monitoring

Umbra monitors every underlying storage provider every 10 minutes, resulting in a great deal of accumulated data around the performance of each of the cloud providers. Umbra can provide a recommendation to customers, based on that accumulated data, that provides the right balance of latency, bandwidth, reliability and cost to suit a customer’s requirements.

Umbra Virtual On-Prem™

Umbra Virtual On-Prem is a new solution for organisations with the highest security requirements. It uses the Umbra Shadowing technology to generate un-decryptable Shadows of the data, but it works on-site as a hosted docker image.

This means the only data that moves across the company firewall is undecryptable Shadows, so an organisation can get the benefits of scalability, resilience and flexibility of cloud storage, but without relying on anyone else's security posture.

• Scalability and efficiency of commodity cloud storage
• 3-fault tolerance with no single point of failure
• Freedom to purchase best-value storage
• Fully versioned for ransomware protection
• Zero trust required
• Stressless key management
• VPN-free multi-site data sharing

Umbra Virtal On-Prem is currently in Beta, please contact us to learn more.