No one wants to believe that their organization will be the target of compliance auditors and potential fines and penalties for non-compliance, but that threat is real and increasing. Some organizations believe that they cannot afford the necessary precautions to meet heightened compliance standards. However, a recent study conducted by the Ponemon Institute and Globalscape discovered that it’s surprisingly 2.71 times more expensive for an organization to fail to comply with these mandates. The average cost of compliance is $5.47 million, which may give these organizations sticker shock until compared with the average cost for non-compliance at $14.82 million.
Nexsan has a long history of helping organizations comply with the growing number of regulatory mandates:
Nexsan’s Assureon has a unique solution that offers organizations three different deployment options for protecting data and compliance with regulations. Assureon with Cloud Edition provides flexibility in implementation as a cloud, hybrid cloud, or on-premises solution. It adapts to your organization’s infrastructure and enhances efficiency and performance. No matter what solution you choose to deploy, Assureon will give you a peace of mind for compliance.
Besides the threat of ransomware, here is why integrating solutions like Assureon® becomes so essential. There are all kinds of evolving industry regulations that demand compliance, not just for legal reasons, but to secure your specific data types from potential industry-specific cyberthreats.
Assureon by design exceeds the strictest requirements for data integrity, protection, privacy, and security, with complete audit trails which can simplify an organization’s ability to automatically adhere to internal data management guidelines for operations like data retention, deletion, privacy, protection, and risk mitigation.
Compliance requirements vary from one industry to the next. For example, any organization that handles healthcare data (including insurance providers, telemedicine companies, and call centers) must have immediate access to complete, accurate audit trails, as well as data authenticity and identification of unauthorized charges.
In California, the California Consumer Privacy Act not only outlines what kind of information organizations can collect from consumers, but also which precautions organizations must enable to keep this data secure.
Assureon provides secure, immutable storage for all types of data stored within an enterprise. Assureon utilizes unique combinations of file fingerprints, serial numbers, secure time stamps, data verification, and private blockchain to protect data for compliance but also from potential errors or cyberattacks. The use of private blockchain is still a relatively new concept in data management but one that differentiates Assureon from other systems.
You may already know about blockchain-type databases. Assureon uses this technology to store data in an immutable data structure. Blockchain databases differ from other databases in how they store information.
These databases store data in blocks, which are then chained together—thus the name. New data is entered into fresh blocks; then as blocks are filled with data, they are chained to the previous blocks, so it is connected in chronological order. Decentralized blockchains are immutable. In other words, the data entered is irreversible.
Assureon Private Blockchain gives organizations the ability to protect and secure their digital assets without the risk of data loss. Using cryptography to secure transitions, as well as automated integrity audits and site redundancy, Assureon maintains data integrity, storing digital assets for long-term data protection, retention, and compliance.
Amidst all these varying kinds of compliance regulations, Nexsan Assureon helps organizations exceed regulatory compliance standards. Initially designed to meet the strict requirements of health and financial industries, Assureon adheres to changing regulations and evolving cybersecurity threats since its inception over 15 years ago.
Secure your data with the leading regulatory compliant storage solution that is affordable, easy to use, and exceeds guidelines. Prepare your organization for anything with Nexsan’s compliant data storage solutions. Learn more about Assureon by contacting us today!
The Nexsan E-Series and BEAST enterprise class storage systems are capable of being configured with multiple simultaneous RAID levels. The traditional RAID levels of 0, 1, 1+0, 4, 5 and 6 are supported, as well as the Nexsan unique levels Accelerated RAID 5S and 6S where parity is stored on dedicated SSD(s) to improve random write IOP performance. Also, different drive types can be intermixed within a system. Supported drive types are 7,200 rpm and 10,000 rpm SAS hard disks and 1WPD and 3WPD TLC Solid State Disks (SSD) as well as QLC SSD for highly affordable solid state performance. These drives are also offered as SED (self-encrypting drives). This enables the storage array to be tailored to meet multiple application and budget requirements.
For example, applications where the data is constantly being read and updated such as a CRM systems, online transactional databases, and applications such as payroll and HR, the storage needs to perform well for random small block writes. Whereas for backup applications or web pages that are static nature and can be viewed but not altered, the storage system must perform well in a sequential and caching modes. A single storage system that concurrently supports multiple RAID levels and different drive types allows the investment to be maximized, as well as simplifying the management of the storage environment.
Regardless of the RAID level or drive type, all writes are cached, the write acknowledgement sent to the server and the data aggregated for efficient writing to disk. The battery-protected write cache is mirrored between the two controllers to protect the writes in the event of a controller failure. Writes are also automatically flushed to disk in event of a power failure. Read cache is used to pre-fetch data from the drives during sequential read operations to make read requests faster.
RAID level 0 provides data striping. Blocks of data from each file are spread out across multiple disk drives. This improves the speed of both read and write operations, but does not provide fault tolerance. The advantage of using the E-Series or BEAST in RAID 0 vs a traditional JBOD device is that cache in the controllers can be utilized to improve the read and write performance. RAID 0 is ideal for temporary or scratch space and should not be used for critical data.
RAID level 1 is a 2 drive RAID group where data is written identically data to each drive. If one drive fails, the other drive still contains the data. RAID 1 provides fast read performance with fault tolerance, but write performance may be degraded as each write require two writes to complete. Data such as static web pages, data mining, operating system or data that is non alterable or minimally altered are good candidates for RAID 1.
RAID level 10 is a combination of RAID levels 0 and 1. Data is both striped and mirrored. RAID level 10 is used whenever an even number of drives (minimum of four) is selected for a RAID 1 array. RAID 10 is ideal for applications with transactional small random IO workloads such as database servers, as data is both mirrored and striped providing excellent redundancy and performance.
RAID level 5 provides data striping at the byte level and also stripe error correction information. Parity data, instead of being stored on only one disk, is distributed among all disks in the array. RAID 5 is best suited for general purpose workloads or those requiring high transactional IO such as CRM application or databases.
RAID level 6 provides block level data striping with parity data distributed across all disks. For additional redundancy, each block of parity data exists on two disks in the array instead of only one. Sequential applications such as video streaming, video capture and backups that are sequential in nature are ideal candidates for RAID 6.
RAID levels RAID5S and RAID 6S are similar to RAID5 and RAID 6 providing the equivalent level of parity protection but utilize SSDs for storing the parity vs striping the parity across the spinning disk drives within the RAID array. This significantly improves the random write performance of the RAID array compared to traditional disk drives.
RAID5S/RAID6S have consistent performance over time and regardless of the working data set size, as compared to caching/tiering solutions where performance may be severely impacted during data reorganization or when the high-performance buffers become full.
RAID level 5S provides the same level of protection as RAID 5 but uses a solid-state disk to store parity with all data is striped across the hard disk drives within the RAID array.
RAID level 6S provides the same level of protection as RAID 6 but uses two solid state disks to store parity and all data is striped across the hard disk drives within the RAID array.
Video surveillance has advanced rapidly since CCTV was invented in 1942. However, the ongoing growth in the use of video surveillance brings with it new challenges for data storage, and as the role of CCTV grows ever more important, it is critical that it is managed and protected in the correct way.
In particular, it’s vital to consider data storage and security, ensuring it abides by local and international laws and regulations. For digital evidence, it’s important to be able to offer seamless scalability to accommodate rapid growth, along with a comprehensive suite of data security features that meet strict requirements for file integrity, privacy, chain of custody, and compliance.
Key Issues: Capacity, Retention and Chain of Custody
In terms of capacity, video and digital images are exceptionally heavy users of storage space and the guidelines around managing evidentiary data are key to it being recognized as a valid source by the criminal justice system.
Many organizations require higher-resolution video to ensure compliance with insurance providers, maximize loss recovery and strengthen criminal cases in court, for example. It is therefore essential that data is stored in a solution that is scalable and cost-effective, allowing them to add capacity as needed, since running out of storage space is not an option.
Storage solutions that incorporate policy-based rules for data retention can help police departments to significantly boost their storage efficiency by automatically keeping all surveillance videos only for their legally mandated retention period. Similarly, a solution that can enable a digital chain of custody, including an audit trail, will help prove that any digital evidence is correct and has not been deleted or altered in any way and who accessed that information.
By implementing high quality storage solutions, the owner of the surveillance data – whether that’s local government or a business with its own CCTV – can be sure that it can be utilized as evidence. And when it comes to catching and prosecuting criminals, it’s better to be safe than sorry.
The Nexsan Approach
Nexsan Assureon and Unity Assureon Archive (UAA) protect your information better than any other archive solution on the market, enabling organizations to meet regulatory demands while ensuring data does not become corrupted or worse yet, deleted before its time. If Assureon or UAA discovers lost or corrupted data during regular background maintenance sweeps, it will fix it first then let you know that a problem has been handled.
Surveillance videos require Chain of Custody and immutability tools to keep them admissible as evidence in legal proceedings. Unlike competing solutions, Assureon guarantees the integrity of archived data through the use of file serialization, file fingerprinting, audit trails, self-auditing, and self-healing capabilities. Because the Assureon secure archive is designed to work transparently with existing applications, no APIs are needed to deliver these benefits for the physical security network.
In order to ensure optimum storage for high-value surveillance solutions should encompass:
File Integrity – Each time a file is saved, a unique fingerprint is generated using both an MD5 and SHA1 hash of its contents and metadata, so history and contents cannot be altered after the fact (WORM storage).
Data Availability – Each file is assigned a unique serial number to ensure no files are missing or inappropriately added. Every file is checked every 90 days to make sure it’s still in the archive.
Secure Time – Tampering with the system time clock is prevented by using a global, redundant, secure time source.
File Redundancy – Each file and its fingerprint are stored twice in the Assureon. The second copy is either stored in a separate RAID disk set in the same Assureon or on a remote Assureon.
Data Verification – Files are continually verified against their fingerprints, repaired using their copies and safeguarded by RAID.
No Backups Needed – Redundant file copies within the secure archive system eliminate the need for costly backup and restore operations quickly by utilizing shortcuts.
To find out how Nexsan can help you or request a demo, please visit: https://www.nexsan.com/request-demo/