Umbra ShadowStream™

Functionality

Umbra ShadowStream™ sits between your applications and cloud storage, seamlessly and continuously distributing it into quantum-safe “Shadows” stored with multiple providers and under your complete control.

As only 4 of those Shadows are required to reconstruct the original, the system can guarantee maximum uptime and provide an effective barrier against data loss or corruption.

The special maths we use to calculate those Shadows means they are provably undecryptable. Not just with today's attacks, but with those that may arise. Your data won't be disclosed if a vulnerability is uncovered in any encryption, nor if there are advances in decryption such as from quantum computing.

Seamless transition

As Umbra ShadowStream implements the standard S3 API, your current applications are already fully compatible. Simply changing the stored credentials is enough to start using the service.

To make things even easier, it's not necessary to convert your historical data or suffer any downtime during the change-over, as we can convert files whenever you access them dynamically.

Finally, if you prefer, we can run your legacy storage in parallel for a transition period, allowing you to revert to the single provider option later.

What is a “Shadow”?

A “Shadow” is a mathematical representation of some aspects of the whole file you are storing. It isn't a piece of the original, in fact it contains no bytes from the original at all. We calculate each Shadow from every byte of the original file. Changing a single byte of the original changes every Shadow.

You can have as many Shadows as you like, each will be unique.

In addition, we apply a conventional encryption before the Shadows are cast, making it even harder for anyone analysing the Shadow to glean hints about the shape of the original file.

Where are the Shadows stored?

Umbra monitors dozens of S3 compatible storage providers, so we can help you pick your seven providers.

You can mix in on-premises storage too, for low latency and cost, whilst retaining resilient cloud backup.

Pick 7, depend on any 4

What happens if a storage provider fails?

Immediately nothing, you simply get a notification, everything keeps working as normal.

If the storage is just temporarily offline, the system will catch up retrospectively.

Alternatively, if the provider has suffered some corruption of the data that's immediately clear from the checks in the stored data and in addition to the notification we can isolate that storage until the situation has been resolved.

Finally, if the files are permanently deleted from the provider we also get to see that immediately so remedial action can be taken.

Compatibility

If your application currently uses AWS S3 or its equivalents it can work with Umbra ShadowStream today. No changes are required to the application code.

Storage of Shadows can be on any service or software that implements the S3 API. Customers can select the mixture of providers and on-prem/off-site that matches their requirements and budget.

Today there are over 30 S3-compatible services available instantly, and products like Minio make it easy to implement your own on bare-metal servers, VPS, or on-premises.

Monitoring

Umbra monitors every underlying storage provider every 10 minutes, resulting in a great deal of accumulated data around the performance of each of the cloud providers. Umbra can provide a recommendation to customers, based on that accumulated data, that provides the right balance of latency, bandwidth, reliability and cost to suit a customer’s requirements.

Simplicity

No more manual back-ups of S3-type storage, no more wrestling with complicated setup or key management. Umbra is intrinsically secure.

Confidence

Every Shadow™ is mathematically provably undecryptable, reducing your risk of data loss. Ransomware attacks on cloud buckets are detected and mitigated early.

The service tolerates seamlessly up-to 3 of the cloud providers being permanently or temporarily offline, so your application stays live.

National Critical Infrastructure projects require cloud provider resiliences, Umbra provides that element for your cloud object storage.

No gap in coverage as backup is continuous, not periodic.

Early detection and isolation of ransomware.

Backing up your data to other services in a conventional way inevitably increases your attack surface.

We are so confident in our security we're about to announced an open competition to challenge all-comers to extract usable data from a Shadow.

Value

Best practice for conventional S3-type storage demands you set up cross region replication (on its own, doubling your storage cost), and off-cloud backup. Storing three copies of everything to provide a limited 1-fault tolerant system. This also triples your attack surface.

Once you no longer rely on a single cloud and can tolerate outages, you are free to select storage from the many alternatives costing far less than the premium providers for some or all of your underlying Shadow storage. Lowering your average cost per TB. Depending on your application and requirements, savings in total costs of 20-40% are commonplace.

Environmental

Cloud Object Storage accounts for 830 million tonnes of CO2 per year, nearly the same as all airlines combined.

Umbra reduces the total amount of storage required, resulting in savings of around 41% in the total carbon footprint.

Get in touch

If you would like to know more about Umbra Systems Limited, please get in touch.