ioFABRIC software solves 2 labor-intensive and costly IT problems. The extremely difficult problems ioFABRIC software solves include:
Ensuring PII regulatory compliance for GDPR, PDPA, CCPA, APPI, and the new compliance regulations being enacted in 9 US states, and dozens of countries. More precisely:
- Right to Access information
- Right of Erasure (i.e. Right-to-be-Forgotten) in image-based backups and archives
- Documentation of erasures
- Retention locks while doing all the above
- Making sure erased PII does not make its way into devops, test dev, search, and analytics
Preventing ransomware, malware, and/or malicious actors from deleting backups especially those with PII. Compliance regulations specifically call out protecting PII.
Ensuring PII Regulatory Compliance
ioFABRIC software was architected for the new privacy regulations such as GDPR (EU General Data Protection Regulation), CCPA (California Consumer Privacy Act), APPI (Act on the Protection of Personal Information), PDPA (Singapore Personal Data Protection Act), and similar regulations being enacted across the US and the globe. ioFABRIC simplifies finding PII within image-based backups by indexing both within file contents and file meta. This makes it possible to find PII information in unstructured data. Where ioFABRIC software truly shines is in enabling fast, secure, and documented Right of Erasure requests in image-based backups.
Image-based backups are the most popular backups for their instant recovery capabilities. But they are putting the organization at risk of PII non-compliance. ioFABRIC allows PII to be found and deleted from image-based backups and have it propagated to all backups without corrupting those backups.
Prevention of Unplanned Backup Deletion
ioFABRIC Software prevents ransomware, malicious actors, disgruntled employees, or even human error from deleting backups. It does this by placing a retention lock on the backups that prevents the backups from being deleted until the retention lock time period has expired. Thus, making the backups immutable. The retention lock cannot be shortened although it can be lengthened. One more thing ioFABRIC software accomplishes is even when backup data is made immutable, users can still find and erase PII. Once again, ioFABRIC software makes the impossible simple.
How ioFABRIC Keeps You Protected and Compliant
ioFABRIC’s Automated Workflow provides search, erasure and protection for your backups, ensuring compliance with any data privacy regulation. It easily fits into your current backup processes, meaning no disruptions.
ioFABRIC can replace your existing backup Target or augment it. When choosing to augment, you maintain your existing backup target and configure ioFABRIC to be a secondary target. In either option, data written to ioFABRIC will be retention locked (immutable) and so can always be depended upon when disaster strikes.
Most backup software creates an image-based backup by writing their images to a proprietary format. ioFABRIC takes this proprietary backup format, makes it immutable and then converts it into an industry standard open image-based format. The open format allows the software to index, verify and then encrypts the backup. The open format will be PII compliant for long term retention, restores, and reuse inside test/dev/devops. The policy for retention lock of long-term data storage is set separately from short term retention. To comply with laws, the proprietary backup format needs to be reduced to less than 30 days, which statistically should cover 99.9% of all restore needs because it is the ease of restore that has driven the decision to buy the backup software in the first place.
ioFABRIC indexes content inside files contained in image-based backup for ultra-fast searching across all backups. Searching for PII both within file contents and file metadata, allows the data compliance officer to provide a comprehensive response to both search and erasure requests.
Search requests provide a list of files and backups they are found in. Erasure requests are not applicable to data the business has a legitimate purpose to keep such as a contract or medical record. It is only applicable to certain information and therefore fine-grained controls allow the selection of necessary occurrences to redact. A single erasure of PII data propagates across all image-based backups, delivering efficient and complete compliance. To ensure this process is secure and transparent, ioFABRIC provides an audit log of each search and erasure: in which files, in which backups, by whom, for whom, why, and when.