Beef Up Security Against Physical and Cyber Attacks with Purity//FA 6.4.3

New Rapid Data Locking (RDL) key helps safeguard data in high-risk environments.

Purity//FA 6.4.3

3 minutes

Security is never a one-size-fits-all solution. The many types of organizations need different tactics to prevent unwanted data access or loss based on the unique risks to their environment. With Purity//FA 6.4.3, we continue to deliver on our promise of secure-by-default, adding new tools and tactics to your security arsenal.

Protecting data has primarily focused on stopping hackers and ransomware, but what about attacks on the actual physical array? Like sensitive defense data located in high-threat combat areas or data that may be under threat through other unintended physical access. Rapid Data Locking (RDL), a capability to help the physical protection of sensitive data, was developed for that exact scenario—the ability to quickly stop data decryption if an array is ever under physical threat. Today, RDL just got even easier with the release of a new physical encryption key in conjunction with Yubico. In case of physical threat, you can now simply remove the small YubiKey 5 FIPS from the back of the FlashArray™, and data decryption is fully disabled. So even if the bad actors have access to your physical drives, you can ensure your data is safeguarded.

Rapidly Lock Your Sensitive Data with Physical Encryption from Yubico

Built at the request of corporations and defense departments for storing highly-confidential and sensitive data, RDL delivers an extra level of security for situations where you cannot control physical access to your FlashArray. Such a case would be for military or defense situations, where arrays may be deployed in forward positions, and data protection is absolutely crucial or as a security option for disaster situations where data center staff is forced to evacuate and leave gear unattended.

In collaboration with Yubico, we’ve integrated a custom-programmed YubiKey 5 FIPS as a physical encryption key for Rapid Data Locking. Once enabled, you simply insert it into the FlashArray’s USB port at boot-up for data to be accessible. When removed, the decryption process is blocked. And unlike some USB-based keys, this YubiKey cannot be duplicated.

Physical encryption with YubiKey 5 FIPS is available from Pure Storage for all FlashArray systems with Purity//FA 6.4.3.

For more information, read our technical blog post on our Yubico integration for RDL.

Restore Operations with Greater Precision with 4x More Snapshots

With Purity//FA 6.4.3, we’ve also quadrupled the number of local snapshots that can be stored on FlashArray. Snapshots store the critical data that ensure fast and complete data recovery after a ransomware attack or data loss occurs. Having even more snapshots available allows you to return to more point-in-time options than ever, whether you need them from minutes, days, or weeks ago. You can also take snapshots more frequently and retain them even longer, from days to weeks.

Finally, because these SafeMode™ snapshots are stored locally on the source machine, you get the fast restore speeds you need to return to normal business operations after the attack. 

To learn more about the power of snapshots for scaling applications, cloning for DevOps, and complying with regulations in addition to ransomware recovery, read Snapshots for Dummies.

To get this and more in Purity//FA 6.4.3, upgrade your FlashArray fleet on your schedule through the self-service upgrade in Pure1®.