ExaGrid released software Version 6.3, which started shipping in June 2023.
With each software update in Version 6, ExaGrid has been adding additional layers of security to its Tiered Backup Storage, which already guards against external threats by utilizing a non-network-facing repository tier (tiered air gap) with delayed deletes and immutable data objects where backup data is stored for longer-term retention that cannot be accessed by threat actors and cannot be modified by malicious attacks.
In Version 6.3, ExaGrid strengthens security for protection against internal threats such as rogue admins, with a greater emphasis and more control and visibility via existing role-based access control (RBAC) functionality, which is comprised of Backup Operator(s), who have limitations such as any deletions of shares; the Admin(s), who are allowed to do any administrative operation; and Security Officer(s) who cannot do the day-to-day operations, but are the only users that can approve changes that would affect retained backups.
Key updates in ExaGrid Version 6.3 release:
Admin and Security Officer roles are fully compartmentalize
- Admins cannot complete sensitive data management action (such as deleting data/shares) without the Security Officer’s approval
- Adding these roles to users can only be done by a user that already has the role – so a rogue admin cannot bypass Security Officer approval of sensitive data management actions
Key operations require Security Officer approval to protect against internal threats, such as:
- Share deletes
- De-replication (when a rogue admin turns off replication to remote site)
- Changes to the Retention-Time Lock delayed delete time
Root access tightened – changes or viewing requires Security Officer approval
As of Version 6.3, only Admins can delete a share, and in addition, all share deletes require a separate Security Officer’s approval, giving the Security Officer the ability to approve, deny or specify a delay period for the delete of a share.
In addition, RBAC roles are more secure as users with the Admin role can only create/change/delete users and roles other than the Security Officer, users with the Admin and Security Officer roles cannot create/modify each other, and only those with the Security Officer role can delete other Security Officers (and there must always be at least one Security Officer identified). For added security, two-factor authentication (2FA) is turned on by default. It can be turned off; however, a log is kept that 2FA was turned off.
“We know that security is top of mind for everyone in IT,” said Bill Andrews, CEO of ExaGrid. “ExaGrid continues to evaluate and update the security features offered for our Tiered Backup Storage solution, as we know that data is not truly protected by backups if the backup solution itself is vulnerable to threat actors. We are committed to provide the industry’s most comprehensive security and best ransomware recovery, so that our customers’ data remains protected and available for recovery in any situation.”