Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle and certain user-defined thresholds based on data age, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is detected, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Embodiments for deleting encryption keys in a data storage system by storing a current encryption key in a key table, the current key encrypting at least some data in one or more data containers of a filesystem of the data storage system. A key table maintains a starting container ID and an ending container ID for each container encrypted by the current encryption key, and a deleted container count counting a number of containers of the one or more data containers deleted from the file system. The process determines if the number of containers in the deleted container count equals a number of containers having data encrypted by the encryption key as determined by the starting container ID and ending container ID, and if so, marks the key for deletion in a garbage collection operation, which then deletes the key from the key table.

Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle and certain user-defined thresholds based on data age, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is detected, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Embodiments of a cryptographic key management system for cached data that efficiently re-encrypts cached data encrypted with a compromised encryption key by receiving a request to access a cached data block encrypted with an original encryption key. Upon determining that the original encryption key is compromised or destroyed, thus resulting in the requested data block being invalid, evicting the requested data block from the cache storing the cached data. The data block is re-encrypted using a new encryption key upon receipt of a new request to access the cached data. Any remaining cached data encrypted with the original encryption key is evicted from the cache through a defined cache eviction policy.

Abstract: A method of blocking access to files encrypted with a compromised key by mapping keys and ranges of containers encrypted by the keys. Upon notification that a key is compromised, fencing a container range corresponding to data segments encrypted by the compromised key to prevent deduplication operations on the segments. The method makes a point-in-time copy of the filesystem managing the segments, wherein each file of the file system is represented as tree structure having a root level and other levels. The method iteratively inspects in a level-wise manner, each container in each level of the file trees of the files to identify containers having segments encrypted by the compromised key, and marks files corresponding to the identified containers as not readable to block the access to the files encrypted with the compromised key.

Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is seen, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Embodiments of the runtime risk assessment process monitors deliberate or potentially data destructive operations against a filter of dynamic risk assessment. A filter process recognizes the following conditions as highly indicative of increased risk factors: (1) recent creation of the security officer role, (2) changing of the system time or clock, and (3) disabling of system alerts. If all three of these events occur, the system recognizes this as indicative of a high probability of data attack. The runtime risk assessment process imposes a delay on the execution of each of these commands to provide time to alert the user and an opportunity to re-enter the commands at the end of the delay period. Thus, a potentially dangerous sequence of commands will not occur automatically or immediately, but will instead be delayed to provide an extra validation check or user action.

Abstract: Embodiments for rotating encryption keys in a sized-based process by defining a threshold value specifying a maximum amount of data to be encrypted by a single encryption key, determining whether or not data currently ingested by the data storage system exceeds the threshold value, and performing a key rotation operation to use a new key to encrypt incoming future data if it does exceed the threshold value. A time-based process performs key rotation from an old key to a new key in accordance with a periodic schedule, determines if the key rotation operation is successful in rotating to the new key from the old key, and if the key rotation operation is successful then performing a subsequent key rotation operation in accordance with the periodic schedule, or if not successful sending a user alert and automatically re-attempting the key rotation operation.

Abstract: Embodiments of a cryptographic key management system for cached data that abstracts key management details from the cache tier to the active tier and encryption process by encrypting data from the active tier using an encryption process employing an encryption key to generate an encrypted data block, and associating an encryption header with the encrypted data block, the encryption header including a key identifier as an index to the encryption key, where the encryption key is accessed through a key table maintained in the active tier. The system stores the encrypted data block in a cache tier, and decrypts the encrypted data block in the cache tier by providing the key identifier in the encryption header to the encryption process.