SOLUTION BRIEF

Secure, Manage, and Recover all Agency Secondary Data and AppsFederal agencies maintain and process a wide variety of target-rich

electronic information—from tax payments to sensitive strategic plans—

with some data now collected and stored by U.S. intelligence agencies

for up to 75 years or more.1 In today’s increasingly digital world, the

security, availability, and management of ever-increasing data is more

important than ever. That’s why there’s Cohesity.

Cohesity is mission-ready for the federal government. Cohesity

modernizes secondary data and application management with one

software-defined, hyperconverged, security-certified solution for

backup and recovery, archiving, files, objects, test/dev, and analytics.

Unlike existing solution silos that are inefficient, unaware, and widen

threat surfaces for cyberattacks, Cohesity empowers agencies to cost-

efficiently manage and secure all data and workload types from core

data centers to FedRAMP clouds to the edge.

DataProtection

Files &Objects

Archiving/LTR

Data Centers

Test &Development

Search &Analytics

DataProtection

Files &Objects

Archiving/LTR

Test &Development

Search &Analytics

DataPlatform DataPlatformCloud Edition

REDUCE TARGET-RICH ENVIRONMENT ATTACK SURFACES

Thirty-five percent of Federal CIOs recently reported a rising trend in

cybersecurity threats.2 In response to personal experience and the

Presidential Executive Order on Strengthening the Cybersecurity of

Federal Networks and Critical Infrastructure,3 agency CIOs have an

opportunity with Cohesity to both reduce agency costs and mitigate

risks because Cohesity centralizes data assets, reducing the attack

surface of target-rich environments while ensuring data is secure and

compliant throughout its lifecycle.

KEY BENEFITS

• Eliminates legacy secondary data

and application management and

protection silos

• Addresses stringent government

security certification requirements\

• Native integration with leading

FedRAMP certified government

clouds—AWS GovCloud,

• Microsoft Azure GovCloud, and

Google Cloud Platform

• FIPS 140-2 Level 2 Validated

• Always–on encryption, based on

strong AES-256

• TAA compliant

• Federal Information Security

Management Act (FISMA)

Compliance | Authorities to

Operate (ATOs) on DoD networks

• WORM Compliant – SEC 17a-4f

certification

• Strong multi-factor, certificate (PIV/

CAC)-based authentication

• Common Criteria: EAL 2+ (in

process)

• Internal key management service

(KMS) support and integration with

external KMS for key management

• SafeNet integration

SOLUTION BRIEF

Secure, Manage, and Recover all

Agency Secondary Data and Apps

The U.S. Departments of Justice, Homeland Security, and Energy, as well as government integrators, for

example, are strengthening cybersecurity postures and enhancing agility with Cohesity. While a typical agency

might maintain 10 to 12 copies of information—contributing to 80 percent of all of their secondary data

and apps—Cohesity’s consolidated platform features data optimization capabilities such as advanced global

deduplication and compression that reduce complexity, eliminate data copy redundancy, and are data-aware so

agencies can quickly glean insights from analytics.

GAIN DEFENSE-IN-DEPTH PROTECTION

No agency can secure data it does not know it has nor protect data that’s been stored and forgotten. Cohesity

consolidates secondary data and workflows with web-scale simplicity. Security is baked into the Cohesity

platform—rather than it being bolted on as an afterthought—so agencies can govern data using automated,

central security policies.

Cohesity’s defense-in-depth approach allows government IT teams to spend less time managing data security

and operations and more time innovating. Confident data is protected, they can focus on other mission-critical

transformational digital initiatives such as public cloud adoption and mobility that improve constituent access to

government services while streamlining compliance with requirements such as the E-Government Act of 2002

and the Data Center Optimization Initiative (DCOI).

Government agencies and contractors build Cohesity into their budgets because Cohesity DataProtect and

Cohesity DataPlatform protect, detect, and remediate threats. The platform’s key features and capabilities include:

Backup and recovery – From virtual machines (VMs) to applications to storage devices,

agencies protect all their data with Cohesity. The platform supports VMware vSphere,

Microsoft Hyper-V, Nutanix AHV, and KVM for VMs. It also protects SQL and Oracle databases,

and supports the provisioning of test/dev environments directly on the platform. Cohesity

natively protects leading storage devices, including Pure Storage FlashArray, Pure Storage

FlashBlade, NetApp, Dell EMC Isilon, and any generic NAS device.

Disaster recovery and replication – Cohesity guarantees fast recovery points. With patented

SnapTree® technology, Cohesity stores each backup as a fully hydrated snap, enabling instant

mass restore of any number of applications to any point in time, and can restore hundreds of

VMs without any performance degradation.

Long-term retention and archival – Cohesity supports a myriad of long-term data protection

options, including off-site disaster recovery, archive to tape, and integration with all public

cloud providers.

Cohesity is a Trusted Government IT Solution

SOLUTION BRIEF

Secure, Manage, and Recover all

Agency Secondary Data and Apps

Granular global search and recovery makes it easy for agency staff to instantly locate VMs and files with

Google-like wild-card search. With Cohesity, agencies can recover individual VMs, restore files to source VMs,

and recover individual application objects for Exchange, SQL, and SharePoint.

COMPREHENSIVE SECURITY CERTIFICATIONS

Cybercriminals are inventive. Cohesity helps agencies stay ahead of them with the comprehensive technical

controls federal agencies expect of enterprise solutions, including the following:

• FIPS 140-2 Level 2 Validated

• Always–On Encryption, based on strong AES-256

• TAA compliant

• Native cloud integrations with leading FedRAMP clouds: AWS GovCloud, Microsoft Azure Government, and

Google Cloud Platform Compute Engine and Storage

• Federal Information Security Management Act (FISMA) Compliance | Authorities to Operate (ATOs) on

DoD networks

• WORM Compliant – SEC 17a-4f certification

• Strong multi-factor, certificate (PIV/CAC)-based authentication

• Common Criteria: EAL 2+ (in process)

• Internal key management service (KMS) support and integration with external KMS for key management

• Integration with SafeNet

ENCRYPTION

Hardware-only encryption works but Cohesity’s FIPS-certified encryption architecture is more secure. The

Cohesity file system (SpanFSTM) provides full at-rest encryption based on the strong AES-256 standard.

Beyond that, Cohesity’s encryption architecture delivers high security while giving agencies the flexibility to

optimally leverage available hardware and software resources. Cohesity encryption can be set to run under

FIPS-certified mode.

Cohesity’s full software-based encryption is hardware-accelerated through the latest Intel processors. With

hardware acceleration, the software-based encryption has become faster (in the order of several GB/s),

minimally impacting performance. Because Cohesity uses a crypto module with encryption algorithms that

are FIPS 140-2 Level 2 certified and designed an option for software-only encryption that removes hardware

component dependency during FIPS certification, the platform maintains FIPS certification and provides

agencies the freedom to upgrade to faster drives as they become available.

SOLUTION BRIEF

Secure, Manage, and Recover all

Agency Secondary Data and Apps

KEY MANAGEMENT

Cohesity also simplifies key management, ensuring encryption keys are automatically rotated with a cadence

set by customers (see Figure 1). The solution provides the flexibility to use an external key manager, if available,

or the Cohesity cluster can manage it on its own. For efficiency, the data is not re-encrypted every time the key

is changed.

Figure 1. Cohesity simplifies key management.

In addition to encryption and technical controls compliance, three additional Cohesity platform-related features

directly enhance security and significantly differentiate the platform. They are data isolation, native FedRAMP

cloud integration, and frequent backups.

DATA ISOLATION

Virtual and physical data isolation can minimize agency breaches while providing multi-tenancy. Cohesity

is architected to provide physical and virtual data isolation through Partitions and View Boxes (see Figure 2).

Partitions are complete physical isolations of compute and storage resources in a cluster so agencies can force

given workloads, if needed, to run only on particular hardware within the cluster. A View Box is a logical division

of a partition, that contains one or more filesystems. Each View Box encrypts data stored within it using its own

independent keys. This allows for robust data isolation. For example, if IT data and financial data are on different

View Boxes, a breach on the IT data will not automatically risk financial data.

SOLUTION BRIEF

Secure, Manage, and Recover all

Agency Secondary Data and Apps

Figure 2. Cohesity ensures data isolation.

As the data flows into the Cohesity cluster through secure channels or from a secure private network, it is

encrypted based on the View Box it belongs to, and stored securely on SSDs, HDDs or a cloud tier.

NATIVE CLOUD INTEGRATION WITH FEDRAMP CLOUDS

Federal agencies choosing Cohesity can extend to multiple FedRAMP clouds to leverage the cost, efficiency,

and agility of cloud infrastructure. Cohesity’s unified, intelligent secondary data and application platform

integrates seamlessly with public and private cloud services to advance a variety of use cases, such as long-

term data retention and disaster recovery. Because Cohesity was purpose-built with security at its core, the

same security, for example the full at-rest and in-flight encryption that ensures data is protected end-to-end,

is applied to cloud data as to on-premises data. AWS GovCloud customers can further get the benefits of our

entire DataPlatform to expand use cases to EC2 backups, analytics, and more comprehensive backup and

recovery options.

3000029-004-ENCohesity.com 1-855-926-4374 300 Park Ave., Suite 1700, San Jose, CA 95110

©Cohesity, Inc. 2019. All Rights Reserved. This document is for informational purposes only and Cohesity, Inc. assumes no responsibility for any inaccuracies. Cohesity, Inc. reserves the right to modify this publication without notice. See complete legal notices here.

SOLUTION BRIEF

Secure, Manage, and Recover all

Agency Secondary Data and Apps

FREQUENT BACKUPS AND RANSOMWARE RECOVERY

Although no organization is immune from cybercriminals’ attempts to take control of its data, agencies can do

more to mitigate the threat. Cohesity provides detection and protection against ransomware. In alignment with

the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center

(NCCIC) recommendation as a best practice when dealing with ransomware,4 Cohesity performs frequent

backups of systems and important files and verifies those backups regularly. If ransomware affects an agency

system, Cohesity can restore the system to its previous state with any files unaffected by ransomware.

Cohesity’s unified platform ensures always protected backups are available, on-premises or in the cloud, and

that organizations can instantly go back to any point in time with near-instant recovery time objectives (RTO)—all

with zero data loss and no ransomware payment. Cohesity writes time-based snapshots into internal views that

are never exposed. During data restoration, Cohesity clones the snapshots and only mounts the clones. Should

cybercriminals attack the Cohesity platform directly, the ransomware could only change data in a clone or delete

files in the user-created view, never reaching the internal view nor touching a true copy of the snapshot.

In the unlikely event ransomware burrows into the backup repository, Cohesity’s patented technology, which

includes capabilities leading to extremely high space efficiency, provides an additional layer of protection in

the form of Redirect-on-Write. This unique prevention approach stops ransomware should it begin to encrypt

and write data back on Cohesity in an attempt to lock it. Cohesity, in response, directs the new write to a new

location without modifying the last immutable backup. Ransomware payout never happens because the true

copy of data is still available, ensuring an administrator can easily restore the latest healthy snapshot and obtain

forensic evidence of the cybercrime.

FOCUS ON YOUR MISSION, NOT SECURING DATA

Federal agencies are working harder than ever to achieve mission objectives because securing and managing

growing amounts of data is becoming increasingly challenging. Data protection is Cohesity’s top priority.

Cohesity satisfies security needs while streamlining compliance for some of the most risk-sensitive agencies

across the government.

The ground-breaking Cohesity platform is supported by a world-class company and community. Cohesity

CEO, Dr. Mohit Aron, previously a lead developer on the Google File System and co-founder/CTO of Nutanix,

together with a team of innovators from enterprise leaders such as VMware, Google, and Cisco, are forging

partnerships with leading public cloud providers Amazon Web Services (AWS), Microsoft, and Google, as well as

data center market leaders including HPE, Nutanix, and Pure Storage to accelerate feature delivery. Cohesity has

been recognized by analysts and IT influencers with accolades that include Gartner Peer-Insights Customer’s

Choice 2018, Gartner Cool Vendor 2017, and WEF Tech Pioneer 2018.

If your federal agency or government integration business is looking to better safeguard secondary data and

apps, contact Cohesity for defense-in-depth security that consolidates workflows, leverages FIPS-certified at-

rest encryption, ensures multi-cloud mobility, and deploys other multi-layered security capabilities to stop data

breaches and minimize risk.

Learn more at https://www.cohesity.com/solution/government/.

1 Brennan Center for Justice. “What the Government Does with Americans’ Data,” Rachel Levinson-Waldman, October 2013.2 Professional Services Council. “The 2017 Federal CIO Survey,” September 2017.3 U.S. Federal Government. “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” May 11, 2017.4 US-Cert. https://www.us-cert.gov/security-publications/Ransomware, April 9, 2018.