Partner Case Study | Community College fortifies security with Cohesity FortKnox
In this case study
This case study was created and contributed by Cohesity.
Colleges have become popular targets for identity theft and ransomware attacks. To protect student information and keep operations running smoothly during disasters, a community college wanted a virtual air-gapped backup copy isolated from its network. The answer: Cohesity. Now the college has two immutable backup copies: on campus and on Cohesity FortKnox, a Cohesity-managed cloud vault hosted in AWS. A unified management interface features multifactor Authentication (MFA) and a quorum feature that requires a minimum of two people to approve changes. Backups complete in a fraction of the time. And the IT team has peace of mind knowing they can quickly restore backup data and virtual machines from FortKnox in the event of a cyberattack or disaster affecting backups at both data centers.
Challenges
With 5,500 students, this school is one of the largest of their state's community colleges. The IT team backs up 15TB of critical data, including student databases, virtual machines, file shares, the Ellucian Banner ERP system, and the document management system. "We've digitized records from the college's earliest days, and it's critical for learning and administration to make sure a clean copy of data is available—even if our building is taken out by a tornado or we're hit by a cyberattack," says Matt Logan, CIO. "Secure backups are the only means of recovery from attacks."
Until recently, the community college kept one backup on campus and replicated it to a disaster recovery facility around 50 miles away, using a competitor solution. But an uptick in cyberattacks on colleges, including one that hit the college, prompted IT leaders to add another backup in a third location isolated from the college network.
"If we can't restore data from our local backup or the disaster recovery facility, we need a virtual air-gapped copy in the cloud as a fallback," says Kevin Lomax, Director of Technical Services. The IT team also wanted stronger access controls, including MFA and a requirement that at least two people approve critical actions. Ease of use was essential because just one system administrator manages backups as well as servers.
Solution
The institution found its answer in Cohesity. Today the college backs up data in two locations: on Cisco UCS servers on campus, and on Cohesity FortKnox, a Cohesity-managed vault in AWS Cloud. "Cohesity FortKnox is the only fully baked virtual air-gapped cyber vaulting solution we've seen," says Logan. "The other vaulting solution lacked the comprehensive security measures that are built into FortKnox."
Cohesity's ease of use also set it apart. "Our system admin literally jumped up and down seeing she could manage on-prem and cloud backups from a single interface," Lomax says. "Adding FortKnox as a backup target was as simple as a few clicks in our protection policy. And Cohesity is 'set and forget'—though we restore 25% of the environment each quarter as a smart practice."
For tighter access controls, the community college set up Cohesity to require two people—a quorum—to modify a backup. "Cohesity FortKnox is like a safe deposit box for backups," says Lomax. "Two people need to enter their login credentials and approve any changes or recoveries. We replaced our existing data management solution with Cohesity even though more than a year remained on the maintenance and support contract. Cohesity's stronger security protections are so valuable to the college that we couldn't justify waiting. That's confidence."
Results
Switching to Cohesity strengthened security, made the college more cyber resilient, and simplified IT operations. "Even if both of our network-connected backups are unavailable, we rest easy knowing we can restore a clean copy from Cohesity FortKnox," Logan says. And when a potential ransomware attack does strike, the IT team discovers it sooner because Cohesity integrates with Cisco SecureX. "There's no way we could investigate all the malicious hits on our network happening every hour, and any potential data compromise," says Logan. "The integration between Cohesity and Cisco SecureX makes security operations much simpler. If Cohesity spots anomalies from one backup to the next, it automatically sends a ransomware alert to Cisco SecureX, which opens a security ticket just like it does for other threats. With all security alerts in one place we're now faster at detecting, investigating, and responding to attacks," says Lomax.
The Cohesity solution even helped the college get cybersecurity insurance. "With Cohesity, we can answer 'yes' to new requirements for cybersecurity insurance – yes, we have immutable backups, keep a copy in the cloud, use MFA, and require multiple administrators to approve changes to backups," Logan says. "Without those capabilities our insurance premiums would be much higher, if we could get insurance at all."
Backups and restores are also faster with Cohesity running on Cisco UCS. The time to make a full backup of 15TB dropped from seven days to 15 hours. Time to recover 25% of the environment from the Cohesity clusters dropped from 120 minutes with the previous solution to seven minutes. "Faster backups give us more flexibility for when we schedule other tasks and processes," Lomax notes.
Finally, the Cohesity solution helps learning and administration continue even when virtual machines fail. "If the building hosting the virtual server farm is damaged or loses power, we can nearly instantly restore all virtual machines at once, running them right from Cohesity," Lomax says. "By helping us keep student information secure and not let disasters interrupt learning, Cohesity is an investment in student satisfaction." Key benefits include:
- 91% faster backups – 1TB/hour
- 94% faster full file share restores – Backing up ¼ of the environment now takes 7 minutes, down from 120 minutes
- Better visibility of security threats with Cisco SecureX integration
- Improved business continuity: virtual machines can run on backup servers