SafetyDetectives spoke with Russ Kennedy, Chief Product Officer at Nasuni, about a range of topics, including risks and challenges associated with migrating files to the cloud, the importance of encryption, and some of the common misconceptions in cloud-based security
Can you talk about your background and your current role at Nasuni?
As Nasuni’s chief product officer, I drive the company’s product management, planning, and roadmap efforts. In a nutshell, it’s my job to make sure our platform delivers maximum benefit to our customers.
I’ve been in the data storage and management industry for more than 25 years. Before joining Nasuni in 2017, I directed product strategy at private cloud object storage pioneer Cleversafe and stayed on following its $1.3 billion acquisition by IBM to help with the transition to IBM Cloud Object Storage (COS). It was there that I began working with Nasuni, which was an IBM partner, and became convinced Nasuni’s cloud-native global file system was the only data management technology that truly exploited the full potential of object storage.
What are the main features and services offered by Nasuni?
Nasuni provides cloud-native file data services that replace traditional on-premises file infrastructure. With a design that accommodates cloud, hybrid cloud, and on-premises deployments, Nasuni replaces multiple data silos and toolsets with a single global file system that offers a 360-degree view of file data, and it’s easy to deploy and manage. Plus, Nasuni provides 40-60% savings over traditional architectures. And by fully leveraging cost-effective cloud object storage instead of just tiering to the cloud, Nasuni costs significantly less than other file data platforms. Hundreds of enterprises rely on Nasuni to consolidate data silos and provide the flexibility needed to adapt to a changing business climate.
Nasuni also provides built-in, automatic backup and near-instant recovery of individual files or the entire file share in the case of disaster. Files are often the primary target for ransomware attacks. Because we leverage extremely efficient immutable snapshots in read-only storage, the gold copy of the file share in the cloud cannot be encrypted by ransomware. Our customers who have experienced a successful attack have been able to rapidly and fully recover all their file data in just a few clicks, so the attack ends up being an inconvenience, not a crisis.
Nasuni customers also no longer have to worry about running out of capacity or reaching the limits of file sharing across the globe. Organizations can easily collaborate on very large files across continents, and our global file lock prevents data conflicts or corruption. Enterprises get the benefit of storing and accessing an unlimited number of files across any number of locations without experiencing cloud latency or suffering high data egress fees.
Finally, Nasuni makes it easy for people to securely access files without a VPN when working on a remote or hybrid model, even when connectivity is poor.
What are some common challenges and risks associated with migrating file infrastructure from on-premises to cloud-based solutions?
It’s challenging to move large amounts of data to the cloud within a reasonable timeframe and without compromising the ability of the business to interact with it. We’ve onboarded several hundred large enterprises, so this isn’t our first rodeo. Nasuni understands these challenges, and our professional services team knows how to overcome them.
Here’s a broad-brush overview of the process. Professional services will walk the customer through the preparation of their Nasuni infrastructure, which can include deploying Nasuni Edge appliances, the Nasuni Management Console, creating volumes, and crafting the series of migration actions. Next, we will kick off the initial copy of the data onto Nasuni. The source data is only read and not moved or deleted until the customer decides to do so. During this phase, we work with the customer’s technical team to review copy logs, performance data, and making any adjustments needed. Once data is seeded, it is a good time to conduct User Acceptance Testing. This verifies that users can work as expected on day one, post-cutover. Data is kept up to date until the final delta copy executes. Finally, the production cutover is completed. These steps may happen many times over the course of the project or in tandem.
In the vast majority of cases, end-users never notice that the migration even occurred. They just keep accessing their files as normal.
Can you discuss the role of encryption and data protection mechanisms in ensuring the security and privacy of files stored in the cloud?
Sure. We encrypt all data in the service, and only the customer controls the keys. Neither Nasuni nor the cloud object storage provider can see customer data. Likewise, as I noted earlier, we store file data in immutable, read-only object storage, so ransomware can’t touch it.
We keep customer files totally locked down so that only they can access them.
How does Nasuni handle data redundancy and disaster recovery to ensure high availability and business continuity for customers?
The public cloud is naturally resilient, with multiple layers of redundancy, and object storage is very resilient. Customers can establish recovery point versions of the entire file system as often as every few minutes in the cloud object store, so if there’s a malware infection, a ransomware attack or a disaster that takes out an office location, all that IT needs to do is roll back to the most recent, clean version of the file share. It takes just a few minutes. And if a disaster occurs at a given location, deploying a new virtual filer is simple, and they can even be deployed to the cloud for very fast and inexpensive business continuity.
What are some common misconceptions about cloud-based security?
Five years ago, the main misconception was that the cloud is inherently insecure. That’s now flipped, and I think that people think the cloud is more secure than it really is. Certainly, the infrastructure itself is very secure, but if you’re doing it yourself, it’s easy to misconfigure a storage bucket or a compute instance so that malevolent actors can successfully attack or compromise them.
Security is our top priority, and it was built into the platform from the very beginning with pervasive encryption, read-only object storage and other protections that make Nasuni a secure, safe place for enterprise file data. We also guide customers with best practices and help from our Professional Services teams to deploy a very secure hybrid file data platform.