Today, more than ever, securely backing up your information / data / files is critical to maintain your business or organization. With ransomware attacks popping up daily, our team wanted to create an elegant solution that would be resistant to ransomware attacks. The one-way strategy ensures that if your primary system was attacked or compromised, the attacker or attacking malware would not be able to manipulate your backups. Similarly, for personal use, regular people are under identity theft and ransomware attacks on a daily basis and therefore you could benefit from a secure backup strategy.
Data is deposited into one of many configured "dropoff" S3 Buckets for the vault, originating from the multitude of AWS services, on-premises servers, or even from an entirely separate cloud like Microsoft Azure, Google Cloud, etc.
The creation or alteration of files in the "dropoff" bucket results in the dispatch of an ObjectCreated event in S3, which is sent to the Ingest function to begin processing and ingest into the Vault account.
The Ingest function is triggered by the AWS S3 notification, which provides several key pieces of information such as the S3 bucket name, object key, object size, tags, and more. This is used to determine which AWS SQS queue to send the object details to. In the event of a processing failure, the event details are sent to the configured Dead Letter Queue (DLQ) via AWS SQS.
The Duplicator function (or AWS Batch processing queue for larger requests) receives an invocation from the AWS SQS queue containing the key pieces of the original S3 event, then proceeds to issue AWS S3 CopyObject commands to duplicate the new or updated file into the Vault bucket. In the event of a duplication failure, the event details are sent to the configured Dead Letter Queue (DLQ) via AWS SQS.
Please note that AWS Batch processing functionality is a future planned functionality and is currently unavailable.
AWS S3 copies the file into the Vault bucket, re-encrypting it with a Vault-specific AWS KMS Customer Managed Key to ensure security and privacy of the file's contents, protecting the file against deletion or tampering through AWS S3 Object Lock configuration and ensuring Write-Once-Read-Many (WORM) compliance of the Vault's storage. Cost is managed using configurable AWS S3 Object Lifecycle policies once the data no longer needs to be retained.
Our team was inspired by the Cheyenne Mountain Complex located in Colorado. This complex is a secure defensive bunker used currently by the US Space Force and US Air Force. The bunker was built to deflect a 30 megaton nuclear explosion with 25-ton blast doors and a network of unique filters to capture airborne contaminents. Similar to a nuclear blast, ransomware damage to your business or personal data can be catastrophic. Our team was driven to develop a secure, blast-proof option for people to use to ride out the shockwaves and return to normal operation.Learn More About Cheyenne Mountain Complex
Project Cheyenne is ransomware-resistant backup storage solution. In non-engineer speak, this is a series of instructions combined with code to deploy a one-way, cloud-enabled, secure backup solution for your personal or business use. This serverless application of technology is lightweight and cost-effective.
Project Cheyenne is available for download at UNCOMN’s Open-Source page.