ELASTIO PLATFORM

Cloud-Native Data Protection

The core of Elastio’s modern cloud-native data protection platform is a secure, scale-out and cost optimized secondary storage architecture with built-in data services and cyber resiliency. 

Benefits:

Elastio storage service is entirely resident in the customer’s AWS accounts.

Elastio secures all data in your AWS account and data is never transferred to or accessible by Elastio. The data is encrypted at-rest using Amazon KMS keys and in-flight and can be air-gapped in a separate account for additional isolation. Elastio is easily deployed as a CloudFormation Stack in your account.

Cloud Connector Secured Communication.

We enable S3 server-side-encryption (SSE) as an additional layer of protection. All backup data is encrypted with a unique AES key per asset, on the client side, before being uploaded to S3. These keys are in turn protected by a per-vault KMS key, so only IAM roles with permission to access the KMS key are able to decrypt data in the vault.

Because we use a unique AES key per asset, even a malicious client cannot use knowledge of one of these encryption keys to access backup data from another asset, because the other asset uses a different key.

Secure control path.

Elastio uses a lightweight command-and-control pathway between our SaaS and customer AWS accounts, built on SQS queues and Lambda functions. The service requires access to certain AWS APIs, but this can be accomplished via PrivateLink if the VPC is isolated from the Internet. As part of our service deployment, the customer grants an Elastio-controlled tenant-specific IAM role the permissions Elastio needs to deploy the service, read from these queues and invoke these lambdas. Customers can monitor the activity on these resources, and can be assured that only the specific operations granted to our IAM role will be performed. There is never an IP network link between Elastio and the customer’s VPCs; all communication is via SQS messages and Lambda invocations.

The Elastio storage service can operate in complete network isolation.

Our service is self-sufficient and does not depend on the tenant in that it performs its own backup scheduling, and customers can use our CLI run within a Elastio service account to list local recovery points and initiate restores. This means an Elastio SaaS outage doesn’t stop scheduled backups from taking place, and doesn’t prevent customers from restoring from backups.

Global Deduplication

Elastio stores data in a deduplicated and compressed form and tracks everything under protection: files, databases, tables, partitions and block devices. Multiple workflows can access the data concurrently. Our backups are incremental forever for performance and space efficiency.

Cost optimized compute

The Elastio storage service utilizes serverless technologies like Lambda and DynamoDB as much as possible, and our storage service, ScaleZ(™), is carefully engineered to run on ephemeral Spot instances for the lowest cost. We pass our cost savings on to our customers.

Scale out, scale Up, scale to Zero

Scales out based on workload size, scales up on demand for concurrent data access and scales to zero automatically when the job is complete.

Encryption in-flight and at-rest

We enable S3 server-side-encryption (SSE) as an additional layer of protection. All backup data is encrypted with a unique AES key per asset, on the client side, before being uploaded to S3. These keys are in turn protected by a per-vault KMS key, so only IAM roles with permission to access the KMS key are able to decrypt data in the vault.

Because we use a unique AES key per asset, even a malicious client cannot use knowledge of one of these encryption keys to access backup data from another asset, because the other asset uses a different key.

Vaults

Backup data are organized into vaults. Each vault exists in a separate S3 bucket, has a dedicated KMS key which encrypts all data, and operates in a specific VPC. Because each vault is a separate deduplication domain and has a dedicated key, sensitive data can be completely compartmentalized within a vault, making it easy to secure and easy to account for storage costs.

Flexible stream, file and block backup and recoveries

With a simple CLI command in a terminal or a script, streams, files, block devices, databases and tables can be protected and restored on demand. Integrates with serverless compute, containers, VM’s and any Windows or Linux machine.

Application consistent, agentless EC2 and EBS backup and recoveries

For maximum convenience and ease of deployment, Elastio can agentlessly protect and restore entire EC2 instances or specific EBS volumes. For Windows EC2 instances, VSS is supported.

Scale out, scale Up, scale to Zero

Scales out based on workload size, scales up on demand for concurrent data access and scales to zero automatically when the job is complete.

Faster RTO

For faster RTOs or more flexibility in backup and restore options, we also provide host-based change block tracking backup and recovery capability for Windows, Linux, and macOS. Elastio can even back up the high-speed ephemeral direct-attached NVMe storage on AWS i3, m5d, m6d, and other Nitro instance types with local storage options.

Retention

Recovery points can be retained for as long as you need them and can be customized for any compliance use case.

Live mounts

Agentless and host based EC2, EBS and block backups can be mounted in seconds surfacing the underlying file system for fast file and database recoveries or to provide an application direct access to the data. You can even mount an EBS backup on your local workstation to access individual files and folders!

Region replication ( Coming shortly )

Automatically replicates backups between regions for disaster recovery protection.

Cloud Inventory and Orchestration

Because Elastio is built leveraging AWS native services, automated detection and protection are orchestrated into the platform so no asset goes unprotected. This ensures compliance and recoverability for all of your assets without manual configurations and management.

AppDefense™ Active Ransomware Protection

Artificial intelligence powered ransomware detection complemented with signature analysis, deterministic analysis and malware scanning is applied to each backup. Elastio alerts and quarantines backups that are suspicious so you can recover rapidly to a last known cleanup backup and make sure your applications and data are always recoverable.

Secure Immutable Vaults and Protected API’s

The Elastio ScaleZ™ Vault service is secured in the customer AWS account. SafetyLock™ protects the perimeter of the vault using AWS ObjectLock to protect the objects from deletion. SafetyLock integrates ObjectLock into Elastio’s retention algorithms to protect against deletion from malicious actors and human error.

The Tenant API’s are protected with SoftDelete and it works the same way as KMS key deletion works. The SoftDelete will not delete the vault for 30 days and alerts are sent that a deletion was completed.

Centralized management from a single pane of glass

Manage protection of all of your assets across accounts from one place, with one set of policies, consistent tooling, and Elastio integrations into CI/CD pipelines.

Role Based Access Control

Assign permissions to users based on their roles within a Tenant. This creates a simple, manageable approach to tenant access management that is less prone to error than assigning permissions to users individually.

Centralized deployment of Elastio service

Deploy the Elastio service securely into your AWS account in a few minutes.

API control ( Coming soon )

Fully leverage the API with its data protection capabilities for protecting, restoring and accessing copies of data from deployment scripts or from within an application.

Proactive Management Included

Our cloud operations team continuously monitors the health of all customers and proactively resolves issues and alerts customers to operating issues. Platform updates are automatically deployed including ransomware and malware databases.

Scroll to Top