Search

US-12627674-B2 - Automatically managing access policies for archived objects

US12627674B2US 12627674 B2US12627674 B2US 12627674B2US-12627674-B2

Abstract

An archival storage of data backed up from a repository storage of a primary storage is maintained. Access to data stored in archival storage is limited by one or more access policies based on whether a corresponding data restore has been authorized. A request for specific data stored in the archival storage is received. The one or more access policies are automatically managed based on status and timing of one or more data restore authorizations for the specific data stored in the archival storage.

Inventors

  • Nagapramod Mandagere
  • Abhishek Sharma
  • Venkata Ranga Radhanikanth Guturi
  • Anirudh Kumar
  • Dane Van Dyck

Assignees

  • Cohesity, Inc.

Dates

Publication Date
20260512
Application Date
20220822

Claims (18)

  1. 1 . A method, comprising: receiving a request to perform a restore operation to restore data stored in an archival storage, wherein the data is not associated with an access policy that limits access to the data; determining that the request to perform the restore operation is an authorized request; determining an expected duration for performing the restore operation; automatically generating, based on the authorized request, a temporary access policy associated with the data and usable to access the data for performing the restore operation, wherein the temporary access policy is valid for the expected duration for performing the restore operation; performing, based on the temporary access policy, the restore operation; and terminating, based on the expected duration elapsing, access to the data provided by the temporary access policy.
  2. 2 . The method of claim 1 , wherein the request to perform the restore operation to restore data is for one or more objects associated with one or more archived backup snapshots.
  3. 3 . The method of claim 1 , wherein the request to perform the restore operation to restore the data includes a particular prefix associated with a storage location for the data.
  4. 4 . The method of claim 1 , further comprising: providing the temporary access policy to a cloud storage provider that uses the temporary access policy to determine whether to permit or deny access to the data.
  5. 5 . The method of claim 1 , further comprising: providing, to a user device associated with the request to perform the restore operation to restore the data, a notification that the request has been approved.
  6. 6 . The method of claim 1 , further comprising receiving a request for credentials to access the data stored in the archival storage.
  7. 7 . The method of claim 6 , further comprising validating a storage system from which the request for the credentials to access the data stored in the archival storage is received.
  8. 8 . The method of claim 7 , further comprising denying the request for the credentials to access the data stored in the archival storage in response to a determination that the storage system is not validated.
  9. 9 . The method of claim 7 , further comprising creating credentials to access the data stored in the archival storage in response to a determination that the storage system is validated.
  10. 10 . The method of claim 9 , wherein the credentials are valid for a limited period of time.
  11. 11 . The method of claim 9 , further comprising providing, to the storage system, the credentials to access the data stored in the archival storage to the storage system.
  12. 12 . The method of claim 11 , wherein the storage system utilizes the provided credentials to access the data stored in the archival storage.
  13. 13 . The method of claim 7 , wherein the storage system manages the archival storage.
  14. 14 . The method of claim 7 , wherein the storage system is a different storage system than the storage system that manages the archival storage.
  15. 15 . The method of claim 1 , wherein determining that the request to perform the restore operation is an authorized request comprises performing a quorum approval process.
  16. 16 . The method of claim 1 , wherein determining that the request to perform the restore operation is an authorized request is based on status and timing of one or more authorizations.
  17. 17 . Computer-readable storage media comprising instructions that, when executed by processing circuitry, cause the processing circuitry to: receive a request to perform a restore operation to restore data stored in an archival storage, wherein the data is not associated with an access policy that limits access to the data; determine that the request to perform the restore operation is an authorized request; determine an expected duration for performing the restore operation; automatically generate, based on authorized request, a temporary access policy associated with the data and usable to access the data for performing the restore operation, wherein the temporary access policy is valid for the expected duration for performing the restore operation; perform, based on the temporary access policy, the restore operation; and terminate, based on the expected duration elapsing, access to the data provided by the temporary access policy.
  18. 18 . A management system, comprising: one or more processors coupled to memory, the one or more processors and memory configured to: receive a request to perform a restore operation to restore data stored in an archival storage, wherein the data is not associated with an access policy that limits access to the data; determine that the request to perform the restore operation is an authorized request; determine an expected duration for performing the restore operation; automatically generate, based on the authorized request, a temporary access policy associated with the data and usable to access the data for performing the restore operation, wherein the temporary access policy is valid for the expected duration for performing the restore operation; perform, based on the temporary access policy, the restore operation; and terminate, based on the expected duration elapsing, access to the data provided by the temporary access policy.

Description

CROSS REFERENCE TO OTHER APPLICATIONS This application claims priority to U.S. Provisional Patent Application No. 63/339,264 entitled AUTOMATICALLY MANAGING ACCESS POLICIES FOR ARCHIVED OBJECTS filed May 6, 2022, which is incorporated herein by reference for all purposes. BACKGROUND OF THE INVENTION Data stored in a primary site may be protected by creating three copies of data, keeping data on at least two types of storage media, and storing one of the backups at a remote site (e.g., secure storage, cloud storage, etc.). The first copy of data is stored on a source system and the other two copies of data are backups of the source system. The primary site may include a source system that is connected to a primary site storage system. A copy of the data may be directly provided from the source system to a remote site storage system or indirectly provided from the source system to the remote site storage system via the primary site storage system. The primary site source system and/or the primary site storage system may be connected to the remote site storage system at the remote site. These connections may be persistent connections. As a result, all three copies of data may be subject to being compromised by a malicious actor. For example, the malicious actor may obtain credentials for the source system. The malicious actor may utilize the credentials to access the storage system at the primary site and/or the storage system at the remote site to take advantage of the persistent connections associated with the source system, the primary site storage system, and the remote site storage system. The malicious actor may read, write, and/or delete the data stored at the storage systems. The malicious actor may also subject the data stored at the storage systems to ransomware. After subjecting the data stored at the storage systems to ransomware, the malicious actor may delete or encrypt data stored at the source system. As a result, the source system may be unable to be recovered to a particular point in time corresponding to a backup unless an entity associated with the source system (e.g., a user, a company, an organization, an enterprise, a government, an institution, etc.) complies with the malicious actor's demands. BRIEF DESCRIPTION OF THE DRAWINGS Various embodiments of the invention are disclosed in the following detailed description and the accompanying drawings. FIG. 1 is a block diagram illustrating an embodiment of a system for automatically managing access policies for archived objects. FIG. 2 is a flow diagram illustrating an embodiment of a process for automatically managing access policies for archived objects. FIG. 3 is a process for automatically managing access policies for archived objects in accordance with some embodiments. FIG. 4A is a flow diagram illustrating a process for providing credentials for accessing one or more objects stored in an archival storage in accordance with some embodiments. FIG. 4B is a flow diagram illustrating a process for accessing one or more archived objects stored in an archival storage in accordance with some embodiments. FIG. 5 is a flow diagram illustrating a process for restoring an object in accordance with some embodiments. FIG. 6 is a flow diagram illustrating a process for generating credentials to access archived metadata associated with an archived backup snapshot in accordance with some embodiments. DETAILED DESCRIPTION One or more objects associated with a source system may be archived to a cloud storage or another type of archival storage. A cloud storage provider associated with the cloud storage may provide the ability to control access to one or more archived objects via one or more access policies (e.g., Identity and Access Management (IAM) policy). The one or more archived objects may not be accessed (e.g., read access or write access) unless there is a corresponding access policy for the one or more archived objects that grants access. A malicious actor may gain access to the one or more archived objects so long as a corresponding access policy exists for the one or more archived objects. If such a corresponding access policy does not exist, the malicious actor may gain access to the one or more archived objects upon the corresponding access policy being generated. A cloud-based management system maintains at the cloud storage an archive comprised of one or more backup snapshots of the source system that were archived to the cloud storage. In some embodiments, a storage system performed one or more backups of the source system to generate the one or more backup snapshots and archived the one or more backup snapshots from the storage system to the cloud storage. In some embodiments, the one of more backup snapshots are archived directly from the source system to the cloud storage. Each backup snapshot is comprised of data associated with one or more objects (e.g., source system metadata, storage system metadata, and/or data content). An object