At VAST Data, we’ve built a data platform designed to meet the strict security standards of regulated industries like the public sector, healthcare, and finance. As the person responsible for security and compliance at VAST Data, I’m proud of our commitment to providing a robust, secure, and compliant data platform for our customers.
Our approach to compliance involves implementing a combination of security and management strategies, such as a Zero Trust model. And with every release, we introduce new features and improvements that enhance the security of the product and make it easier for security teams to manage.
The key security highlights released in VAST 4.6 / 4.7 include:
KMIP-compliant key exchange
FIPS 140-3 Level 1 validation for encryption at rest, in-flight, and mgmt traffic
VAST OS upgrade to Rocky Linux maintained by CIQ
DISA STIG for Rocky 8.6 – Profile MAC 1 – Mission Critical Classified
Auditing for S3 API (NFS, SMB protocols, and admin actions also fully audited)
The move to Rocky Linux for the basis of VAST OS is a core component of our support for system hardening with NIST STIG (security technical implementation guide) as required by customers in regulated environments. Rocky Linux is supported by partnering with CIQ.co for a maintained operating system and supporting authenticated protocols for data access.
Our platform aligns with several NIST SP 800-53 Revision 5 control families, including Access Control, Configuration Management, Identification and Authentication, System and Communications Protection, Cryptographic Protection, Audit and Accountability, Awareness and Training, Incident Response, Maintenance, and Risk Assessment. Integration with existing Security Information and Event Management (SIEM) systems, Identity and Access Management (IAM) solutions, and other security tools enables a seamless and unified approach to manage security and compliance across an organization’s entire IT infrastructure. By addressing these control families, the VAST Data Platform enables organizations to manage and reduce cybersecurity risks and achieve various regulatory compliance goals.
Security is a continuous process, and to this end, we regularly perform security assessments, penetration testing, and vulnerability management to ensure our platform remains up-to-date with the latest security patches, configurations, and best practices. This proactive approach to security helps protect the platform from emerging threats and potential vulnerabilities, further enhancing its security posture.
At VAST we partner with our customers and keeping them well informed is a top priority. We provide comprehensive documentation and support to ensure customers fully understand the platform’s security features and can configure and deploy them effectively. This includes guidance on meeting specific regulatory requirements, best practices for implementing security controls, and recommendations for maintaining a strong security posture.
By providing a robust, secure, and compliant data platform, VAST enables organizations in regulated industries to focus on their core business objectives while ensuring that their sensitive data remains protected. By leveraging the VAST Data Platform and adopting a proactive, risk-based approach to security, organizations can stay ahead of ever-evolving cyber threats and maintain compliance with the strictest industry standards.
In summary, the security enhancements in versions 4.6 and 4.7 of the VAST Data Platform offer a comprehensive and effective approach to data management and security, allowing organizations to leverage one platform to deploy their Data Pillar within the Zero Trust framework. With its unique features and capabilities, including support for STIG, KMIP, Zero Trust, and NIST controls, VAST provides superior scalability, performance, and security for AI/ML and analytics workloads within a regulated industry. By incorporating VAST as part of a holistic compliance strategy, organizations can achieve regulatory compliance and maintain the security of their sensitive data.
Learn more about Zero Trust Architecture: Universal Storage And The Zero-Trust Data Pillar