Functionality

Umbra ShadowStream™ sits between your applications and cloud storage, seamlessly and continuously distributing it into quantum-safe “Shadows” stored with multiple providers and under your complete control.

As only 4 of those Shadows are required to reconstruct the original, the system can guarantee maximum uptime and provide an effective barrier against data loss or corruption.

The special maths we use to calculate those Shadows means they are provably undecryptable. Not just with today's attacks, but with those that may arise. Your data won't be disclosed if a vulnerability is uncovered in any encryption, nor if there are advances in decryption such as from quantum computing.

Seamless transition

As Umbra ShadowStream implements the standard S3 API, your current applications are already fully compatible. Simply changing the stored credentials is enough to start using the service.

To make things even easier, it's not necessary to convert your historical data or suffer any downtime during the change-over, as we can convert files whenever you access them dynamically.

Finally, if you prefer, we can run your legacy storage in parallel for a transition period, allowing you to revert to the single provider option later.

What is a “Shadow”?

A “Shadow” is a mathematical representation of some aspects of the whole file you are storing. It isn't a piece of the original, in fact it contains no bytes from the original at all. We calculate each Shadow from every byte of the original file. Changing a single byte of the original changes every Shadow.

You can have as many Shadows as you like, each will be unique.

In addition, we apply a conventional encryption before the Shadows are cast, making it even harder for anyone analysing the Shadow to glean hints about the shape of the original file.

Where are the Shadows stored?

Umbra monitors dozens of S3 compatible storage providers, so we can help you pick your seven providers.

You can mix in on-premises storage too, for low latency and cost, whilst retaining resilient cloud backup.

Pick 7, depend on any 4

What happens if a storage provider fails?

Immediately nothing, you simply get a notification, everything keeps working as normal.

If the storage is just temporarily offline, the system will catch up retrospectively.

Alternatively, if the provider has suffered some corruption of the data that's immediately clear from the checks in the stored data and in addition to the notification we can isolate that storage until the situation has been resolved.

Finally, if the files are permanently deleted from the provider we also get to see that immediately so remedial action can be taken.

Compatibility

If your application currently uses AWS S3 or its equivalents it can work with Umbra ShadowStream today. No changes are required to the application code.

Storage of Shadows can be on any service or software that implements the S3 API. Customers can select the mixture of providers and on-prem/off-site that matches their requirements and budget.

Today there are over 30 S3-compatible services available instantly, and products like Minio make it easy to implement your own on bare-metal servers, VPS, or on-premises.

Monitoring

Umbra monitors every underlying storage provider every 10 minutes, resulting in a great deal of accumulated data around the performance of each of the cloud providers. Umbra can provide a recommendation to customers, based on that accumulated data, that provides the right balance of latency, bandwidth, reliability and cost to suit a customer’s requirements.