Qumulo, the breakthrough leader in radically simplifying enterprise file data management across hybrid cloud environments, announced significantly enhanced security support for network file system protocol NFSv4.1. Qumulo has also announced it has received an attestation of compliance with SOC 2 Type II, and has hired Kathy Ahuja as VP of Information Security.
“Qumulo’s security program is designed to achieve the most fundamental security requirements while giving customers the most control over their data. Qumulo is committed to protecting our customers’ data while providing transparency and trust”
Qumulo introduced Qumulo on Azure as a Service (QaaS) in July of 2021, so that multi-cloud organizations could store, manage, and curate their data with simplicity anywhere. To prove the security of its service across key criteria, Qumulo engaged A-Lign, an independent auditing firm, to review its service data controls. This attestation of compliance with SOC 2 Type II for QaaS provides customers peace of mind that the data entrusted to QaaS will be secured.
With the new enhancements to the NFSv4.1 protocol, there is additional support for authentication via Kerberos and file locking control. In NFSv3, users can impersonate any user with root access to their client machine. Kerberos solves this problem with cryptography techniques to securely authenticate users from a central identity provider, such as Microsoft Active Directory Domain Controllers or an open-source Kerberos Key Distribution Center (KDC).
The latest release includes improved lock handling for file access. When files are accessed by a client, they are locked to ensure that other clients cannot write data to the file, preventing potential corruption or version control issues. NFSv3 had known problems with orphaned sessions leaving files locked, requiring administrators to run a process to release locks from time to time. NFSv4.1 provides superior lock control and time outs to release locked files after some interval of inactivity.
Kathy Ahuja has also joined Qumulo as VP of Information Security to help customers and partners understand how Qumulo secures customer information, protects individual privacy, and complies with regulations and standards. Prior to Qumulo, Ahuja built and ran security and compliance efforts at OneLogin, DocuSign, Microsoft, Oracle and Symantec.