Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle and certain user-defined thresholds based on data age, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is detected, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Described is a system for secure distribution of a client certificate private key to client-based services. The system implements a specialized technique to minimize exposure of a key-encryption-key (KEK) that may be used to secure the client certificate private key that is managed by a certificate manager (CM). A client-based service generates a one-time secret message that is encrypted with the symmetric key and provided to the CM as part of a request to access the private key. The CM authenticates the request originates from a trusted before decrypting the private key with the KEK that remains known only to the CM. The CM then encrypts the decrypted private key with the secret message and provides the client-based service access to private key that is encrypted with the secret message.

Abstract: Systems and methods for using certificate authority certificates inline as part of a file transfer protocol are described. A backup system may receive a request from a client system for a first secure communications channel secured with a previously-shared encryption key. The backup system may transmit a message via the first secure communications channel that indicates that the backup system is one-way CA certificate encryption capable based on the client version of the backup application of the client system. In response to a query, received via the first secure communications channel, to create a second secure communications channel, the backup system may transmit, via the first secure communications channel, the one-way CA certificate after a comparison of security settings indicates that one-way CA certificate encryption is the highest encryption level available. The second secure communications channel may then be set up to transmit encrypted client data.

Abstract: Systems and methods for using certificate authority certificates inline as part of a file transfer protocol are described. A backup system may receive a request from a client system for a first secure communications channel secured with a previously-shared encryption key. The backup system may transmit a message via the first secure communications channel that indicates that the backup system is one-way CA certificate encryption capable. In response to the message, the client system may transmit a query to create a second secure communications channel. The backup system may then transmit, via the first secure communications channel, the one-way CA certificate to the client system. Once the client system has been configured for CA certificate-based communication, the second secure communications channel may be established. The client system may then transmit, via the second secure communications channel, encrypted client data for storage on the backup server.

Abstract: A fencing service receives a cluster message based on a first service's removal from membership in a first node in a cluster, and generates an access key based on a generation identifier in the cluster message. The fencing service sends the access key to a shared storage, thereby enabling the shared storage to create signing keys based on the access key, and which are used to validate signed requests to access resources stored by the shared storage. A second service in a second node in the cluster receives the cluster message, and generates the access key based on the generation identifier. The second service accesses a resource previously accessed by the first service, by generating a signing key based on the access key and a request to access the resource stored by the shared storage, and then sending the request signed by the signing key to the shared storage.

Abstract: A cluster service receives a cluster message based on a removal of a first service from membership in a first node in a cluster, and requests a shared storage to generate and then provide a new access key, thereby enabling the shared storage to use the new access key to validate requests to access resources stored by the shared storage. The cluster service receives the new access key from the shared storage, and sends the new access key in at least some cluster messages to at least a second service in a second node in the cluster of nodes. The second service creates a key based on the new access key. The second service uses the key to create a request to access a resource stored by the shared storage, sends the request to the shared storage, and then accesses the resource, which was previously accessed by the first service.

Abstract: Embodiments for deleting encryption keys in a data storage system by storing a current encryption key in a key table, the current key encrypting at least some data in one or more data containers of a filesystem of the data storage system. A key table maintains a starting container ID and an ending container ID for each container encrypted by the current encryption key, and a deleted container count counting a number of containers of the one or more data containers deleted from the file system. The process determines if the number of containers in the deleted container count equals a number of containers having data encrypted by the encryption key as determined by the starting container ID and ending container ID, and if so, marks the key for deletion in a garbage collection operation, which then deletes the key from the key table.

Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle and certain user-defined thresholds based on data age, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is detected, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Embodiments of a cryptographic key management system for cached data that efficiently re-encrypts cached data encrypted with a compromised encryption key by receiving a request to access a cached data block encrypted with an original encryption key. Upon determining that the original encryption key is compromised or destroyed, thus resulting in the requested data block being invalid, evicting the requested data block from the cache storing the cached data. The data block is re-encrypted using a new encryption key upon receipt of a new request to access the cached data. Any remaining cached data encrypted with the original encryption key is evicted from the cache through a defined cache eviction policy.

Abstract: A method of blocking access to files encrypted with a compromised key by mapping keys and ranges of containers encrypted by the keys. Upon notification that a key is compromised, fencing a container range corresponding to data segments encrypted by the compromised key to prevent deduplication operations on the segments. The method makes a point-in-time copy of the filesystem managing the segments, wherein each file of the file system is represented as tree structure having a root level and other levels. The method iteratively inspects in a level-wise manner, each container in each level of the file trees of the files to identify containers having segments encrypted by the compromised key, and marks files corresponding to the identified containers as not readable to block the access to the files encrypted with the compromised key.

Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is seen, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Embodiments of the runtime risk assessment process monitors deliberate or potentially data destructive operations against a filter of dynamic risk assessment. A filter process recognizes the following conditions as highly indicative of increased risk factors: (1) recent creation of the security officer role, (2) changing of the system time or clock, and (3) disabling of system alerts. If all three of these events occur, the system recognizes this as indicative of a high probability of data attack. The runtime risk assessment process imposes a delay on the execution of each of these commands to provide time to alert the user and an opportunity to re-enter the commands at the end of the delay period. Thus, a potentially dangerous sequence of commands will not occur automatically or immediately, but will instead be delayed to provide an extra validation check or user action.

Abstract: Embodiments of a cryptographic key management system for cached data that abstracts key management details from the cache tier to the active tier and encryption process by encrypting data from the active tier using an encryption process employing an encryption key to generate an encrypted data block, and associating an encryption header with the encrypted data block, the encryption header including a key identifier as an index to the encryption key, where the encryption key is accessed through a key table maintained in the active tier. The system stores the encrypted data block in a cache tier, and decrypts the encrypted data block in the cache tier by providing the key identifier in the encryption header to the encryption process.

Abstract: Embodiments for rotating encryption keys in a sized-based process by defining a threshold value specifying a maximum amount of data to be encrypted by a single encryption key, determining whether or not data currently ingested by the data storage system exceeds the threshold value, and performing a key rotation operation to use a new key to encrypt incoming future data if it does exceed the threshold value. A time-based process performs key rotation from an old key to a new key in accordance with a periodic schedule, determines if the key rotation operation is successful in rotating to the new key from the old key, and if the key rotation operation is successful then performing a subsequent key rotation operation in accordance with the periodic schedule, or if not successful sending a user alert and automatically re-attempting the key rotation operation.

Abstract: One example method includes receiving clear text data at a storage system, generating, at the storage system, a clear text data encryption key, requesting a key management system to encrypt the clear text data encryption key with a master key to create an encrypted data encryption key, and the requesting is performed by the storage system, receiving, at the storage system, the encrypted data encryption key from the key management system, encrypting, at the storage system, the clear text data with the clear text data encryption key to create encrypted data, and storing, together, the encrypted data and the encrypted data encryption key.

Abstract: One example method includes receiving clear text data at a storage system, generating, at the storage system, a clear text data encryption key, requesting a key management system to encrypt the clear text data encryption key with a master key to create an encrypted data encryption key, and the requesting is performed by the storage system, receiving, at the storage system, the encrypted data encryption key from the key management system, encrypting, at the storage system, the clear text data with the clear text data encryption key to create encrypted data, and storing, together, the encrypted data and the encrypted data encryption key.