Cloudian, VMware, and Veeam have joined forces to offer Object Lock-based ransomware protection, which the tech giants say can combat any sort of vulnerability to ransomware in government bodies.
Object Lock is an Amazon Web Services (AWS) S3 feature that blocks object version deletion during a customer-defined retention period so customers can enforce retention policies as an added layer of data protection or for regulatory compliance.
Usually, protection is at the bucket layer, but the solution offered by the companies tackles protection at the file layer.
According to Cloudian and Veeam, the solution provides a unique capability to protect data so it cannot be encrypted by ransomware.
See also: Why organizations shouldn’t automatically give in to ransomware demands (TechRepublic)
It is powered by Cloudian HyperStore object storage and Veeam Availability Suite V10, and can be managed from VMware Cloud Director.
The partnership was inked a few months ago, but it’s now made its way to Australia, with AUCloud offering it as a “sovereign capability”.
AUCloud, managing director Phil Dawson said, is exclusively focused on serving Australian federal, state, and local governments and Critical National Industry (CNI) communities. He said with such a client base, the company must therefore adhere to strict regulatory requirements.
The new Object Lock-based feature has been verified in international certification testing as meeting highly stringent requirements for non-rewritable and non-erasable storage media.
“We’re enabling Australia and New Zealand organisations to provide the same services … especially for the service providers like AUCloud, we’re enabling them to compete and to have that ability to add value and show value to organisations in Australia for Australian clients,” Cloudian Australia and New Zealand regional director James Wright told ZDNet.
“I think it’s important that we’re enabling Australian owned and operated — provide them with that competitive nature that they need to compete with the larger providers.”
As governments face increasing threats from cyberattacks, Dawson said immutable backups are needed so government departments can recover quickly from IT failures and remain protected against ransomware attacks.
See also: MacGov says Australian government is becoming stifled by cloud vendor lock-in
Given approximately 80% of AUCloud’s customers use VMware, AUCloud also needed to enable seamless integration into the VMware environment.
Unlike traditional malware defences, Wright explained Object Lock-based ransomware protection stores objects using a write-once-read-many (WORM) model, preventing backup data modification or deletion during a user-defined retention period.
According to Wright, governments at all levels in Australia have started to embrace the understanding that just because something is in the cloud, it doesn’t mean no further security investment is required.
Dawson said with consideration within government given to the Essential Eight to ensure backup and recovery, security is front of mind. Wrapping it up as an Australian offering gives government clients the local focus required to protect sensitive data.
AUCloud is based out of the Canberra Data Centres’ facility in the ACT, with the backup based in Eastern Creek in Sydney’s west.
“This not only provides another sovereign data storage facility, it means federal government entities can store their data outside Canberra,” the companies said. “The importance of safe, offsite storage became highly visible during the recent bushfire crisis, which had the potential to impact facilities in Canberra. As Canberra is the primary location for public sector data storage, it highlighted the need for additional sovereign data storage sites to be made available.”
Wright expects more local cloud providers to offer the solution across Australia and New Zealand, with announcements to be made in the near future.
Cybersecurity the responsibility of agencies, not us, AGD and ASD say
Despite being responsible for setting cybersecurity policy and monitoring its adherence across the board, the Attorney-General’s Department and the Department of Defence have said it’s the responsibility of Commonwealth entities themselves and any questions should be directed as such.
Labor wants to name and shame poor Commonwealth entity cyber posture
But there’s no mechanism allowing the federal opposition to do that, with the Australian National Audit Office only able to go so far with its probe.
Potential data breaches make up 14% of Commonwealth incidents reported to ACSC
ACSC responded to 427 cyber incidents against Commonwealth entities in 2019, with 65% of them being self-reported.