• Cove Security Guide
  • Introduction
  • Purpose and target audience
    • Purpose
    • Target Audience
  • Significance of Security in today’s digital era
    • Secure Software Development Lifecycle (SSDLC)
  • Cove Key Security Features
  • Cove Security Standards
    • Authorization (Access Control) and Authentication
    • Secure Communication
    • Encryption Key/Security Code or Passphrase handling
    • Cyber Resilience
      • Incident Response
      • Immutable Copies
      • Threat Modeling
      • Penetration Testing
  • Compliance and Data Sovereignty
  • Summary
  • Appendices

Cove Security Guide

Introduction

N-able’s Cove Data Protection (Cove) is a cloud-first backup and disaster recovery solution that prioritizes security to ensure the safety and integrity of critical data. The platform includes a range of security features designed to protect data from loss, corruption, and unauthorized access, making it a trusted choice for Managed Service Providers (MSPs) and IT professionals.

One of the key security features of Cove is its use of end-to-end encryption and block level encryption for all data transfers. The end-to-end encryption ensures that data is protected in transit and the block level encryption protects the data at rest, preventing unauthorized access and ensuring data confidentiality. The platform also supports Multi-Factor Authentication (MFA), adding an extra layer of security by requiring users to verify their identity through multiple methods.

Cove’s security architecture includes robust access controls and permissions. The platform also provides detailed audit logs and reporting capabilities, allowing administrators to monitor and review backup activities and user activities for compliance and security purposes.

In addition to these features, the platform also includes ransomware resilience features, such as immutable backups, which prevent data from being altered or deleted by malicious actors. With its comprehensive security features, N-able's Cove Data Protection helps MSPs and IT professionals safeguard critical data, ensuring its availability and integrity in the face of evolving cyber threats.

Purpose and target audience

Purpose

The purpose of this document is to provide a comprehensive overview of the security architecture of Cove. This document aims to inform Managed Service Providers (MSPs) and IT professionals about the security features, protocols, and best practices embedded within the Cove solution. By understanding the security architecture, stakeholders can better appreciate how the solution safeguards client data, ensures compliance with industry standards, and mitigates potential security risks.

Target Audience

This document is intended for MSPs and IT professionals who are responsible for the deployment, management, and support of data protection solutions within their organizations.

The target audience includes:

• IT Managers and Directors: Individuals overseeing IT operations and strategy, who need to understand the security capabilities and benefits of Cove Data Protection.
• System Administrators: Professionals responsible for the day-to-day management and maintenance of IT systems, who require detailed knowledge of the solution's security architecture to ensure data integrity and protection.
• Security and Compliance Analysts: Experts within MSPs focused on identifying and mitigating security threats, as well as ensuring that organizational practices meet regulatory requirements. They need to understand how Cove addresses potential vulnerabilities, ensures robust system security, and supports compliance with data protection standards.
• Technical Support Engineers: Personnel providing frontline support to end-users, who need to be familiar with the solution's security features and troubleshooting procedures.

By addressing the needs and concerns of these key stakeholders, this document aims to facilitate informed decision-making and effective implementation of Cove Data Protection's security measures within diverse IT environments.

Significance of Security in today’s digital era

Security is incredibly significant in today's digital era due to the increasing reliance on technology. A robust security framework safeguards personal information, protects against cyber threats, and protects critical infrastructure thereby ensuring business continuity to prevent financial loss and maintain reputation.

N-able offers a comprehensive array of security features across all its products for MSPs. Cove Data Protection, one of the compelling products of N-able, provides an extensive suite of security mechanisms for MSPs through its robust features and standards.

Secure Software Development Lifecycle (SSDLC)

N-able follows a Secure Software Development Lifecycle (SSDLC) to ensure that security is built into Cove Data Protection from the ground up.

The SSDLC covers:

• Code Reviews & Secure Coding Practices: Developers follow OWASP Secure Coding Guidelines to prevent SQL injection, cross-site scripting (XSS), and remote code execution (RCE) attacks. Peer code reviews and static code analysis are performed to detect vulnerabilities early.
• Threat Modeling: This framework helps identifying and mitigating potential security issues early when they are relatively easy and cost-effective to be resolved. See Threat Modeling.
• Penetration Testing & Security Audits: Independent security firms conduct penetration tests to simulate attacks and find weaknesses. See Penetration Testing.
• Vulnerability Management & Patching: Continuous vulnerability scanning and bug bounty programs help identifying risks. Frequent security patches and automated updates help fix known vulnerabilities quickly.

Cove Key Security Features

• Multi-Factor Authentication (MFA) and Single Sign-On (SSO) enhance security and user experience by reducing the risk of unauthorized access and simplifying login processes.
• Effective security logging helps maintain the integrity and security of systems thereby helping the MSPs detect and respond to threats promptly through validating any dangerous characters, logging the timestamp, and identifying security incidents.
• Data encryption ensures confidentiality, integrity, and availability of data against cyberattacks and threats.
• Role-Based Access Control (RBAC) allows MSPs to grant limited access to backups as needed, secured with mandatory Two-Factor Authentication (2FA).
• ISO-certified data centers located worldwide ensure security, reliability, and operational excellence.
• Cyber Resilience defends against ransomware, phishing, malware, and insider threats thereby reducing the risk of data breaches and ensuring business continuity.
• Communication is protected securely by CloudFlare and is encrypted in transit leveraging Transport Layer Security (TLS).
• Threat Intelligence enables monitoring and mitigating security threats, including Distributed Denial of Service (DDoS) attacks, Structured Query Language (SQL) injections, and cross-site scripting (XSS).
• Real-time Analytics provide comprehensive reporting and dashboards that allow us to monitor and respond to attacks in real-time.

Cove Security Standards

Authorization (Access Control) and Authentication

Cove Data Protection’s authorization features ensure data privacy and system integrity through granting or denying specific requests to the MSP, program, or process. All requests go through some kind of authorization verification layer and only the authorized MSPs are provisioned with unique account IDs. Access is assigned based on pre-defined roles (Admin, User, Guest) as per Role-Based Access Control (RBAC).

Cove’s authentication features prevent unauthorized access through the reduced risk of identity thefts, fraud, and cyberattacks, thereby enhancing security and MSPs trust. Multi-Factor Authentication (MFA) or mandatory Two-Factor Authentication (2FA) protects against unauthorized use of passwords thereby providing an extra layer of security beyond traditional password protection. Furthermore, the password policy covers all applicable information systems, applications, and databases and enforces best password practices. All actions performed by users are authenticated and authorized.

Secure Communication

Cove follows Zero Trust Security model that encompasses the principle of authorization/authentication and the principle of least privilege, monitoring, and micro segmentation. Backups are encrypted using AES-256 standard and transferred to Cove’s secure, worldwide cloud data centers via TLS 1.2 connections. Cove communication is protected by CloudFlare, N-able’s primary Web Application Firewall (WAF) service provided by a third party, that offers robust protection against threats like DDoS attacks and malicious bots, ensuring the security and performance of our web applications. CloudFlare offers Layer 7 Protection that protects against application-layer attacks, which are more complex and harder to detect. Thus, the applications are protected from a wide range of security threats while benefiting from enhanced performance.

Encryption Key/Security Code or Passphrase handling

While performing backups, the data is encrypted on the client side to ensure secure transfer to storage. The encryption key is generated during both self-managed and managed installations. Cove supports AES-256 method for encrypting the user data during a backup (used on Backup Manager devices with version 17.5 and later).

Additionally, to access the key to install the agent, a short-lived token, passphrase is leveraged which is generated upon request only by Security Officer and is valid for 24 hours. It is for one-time use only.

Cyber Resilience

N-able’s cyber resilience strategy is vital for business continuity as it provides the MSPs with an ability to prepare for, respond to, and recover from cyber threats with the aim to reduce the chances of financial loss and reputational damage. MSPs must be prepared to recover their operations in a rapid and efficient manner despite operational interruptions from cyber incidents.

N-able’s Cove Data Protection’s Cybersecurity framework provides a structured plan to create a comprehensive response plan tailored to the MSPs specific needs.

Incident Response

N-able’s security Incident Response Plan (IRP) helps MSPs to detect, respond to, and recover from cybersecurity incidents. The primary goal of an IRP is to minimize the impact of security incidents for any organization. Cove’s well-defined IRP helps MSPs protect their data, reduce recovery costs, minimize damage, and improve overall security posture through detection and analysis, eradication, recovery, and post-incident activity.

Immutable Copies

Cove’s Immutable Fortified Copies protect server, workstation, and Microsoft 365 data against threats without sacrificing operational efficiency. These copies are fully isolated, read-only copies of backup data that cannot be altered, deleted or accessed by users or bad actors through an interface or any external component such as API. Because they cannot be changed or deleted, immutable backups provide recoverability from ransomware and malicious deletion.

Threat Modeling

N-able’s Threat Modeling enables you to communicate about the security design of your systems and analyze the designs for potential security issues using a proven methodology, thereby recommending and managing mitigations for security issues. Threat models are completed for any major change to your system and any time a pen test is requested.

Penetration Testing

N-able’s products including Cove Data Protection undergo continuous penetration testing by a certified third party. Regular internal security audits ensure compliance with industry standards. Network penetration tests are also performed annually or after significant changes.

Compliance and Data Sovereignty

N-able’s security compliance adheres to implementing policies, controls, and best practices to protect sensitive data and meet regulatory requirements. N-able products including Cove comply with various security frameworks to prevent data breaches, mitigate risks, and sustain MSPs trust. Cove includes secure cloud storage of backups in a private, worldwide network of data centers located in 17 countries across five continents to keep the backups local. Physical security and power continuity are maintained through partnerships with leading data center providers, featuring rigorous security measures and redundant systems. Data Center certifications include the following compliances to demonstrate adherence to:

• HIPAA: Strict privacy and security standards for Data Protection.
• ISO27001: Best practices and comprehensive security controls.
• ISO9001: Framework for Quality Management System (QMS).
• NIST 800-53: Comprehensive catalogue of security and privacy controls for information systems and organizations.
• SOC 1 Type II and Soc 2 Type II: Stringent information security controls across its services.

Summary

Security is an ongoing process, a multi-layered approach combining technologies, policies, and user awareness. N-able’s Cove Data Protection Security framework outlines best standards for securing applications, infrastructure, and data against evolving cyber threats covering authentication and authorization mechanisms, encryption process, incident response planning, network security controls, cyber resilience, and compliance requirements. By implementing Cove’s strong security measures, the MSPs can protect sensitive data, prevent breaches, and maintain compliance with industry standards.

Appendices

• Security and privacy - N-able
• Cove User Guide

We'd love to hear your thoughts! If there's any additional information you'd like to see in this guide, please let us know through the feedback form below. Select No for "Did this topic help you?" and then choose Other reason not listed here to share your suggestions. Your input helps us improve. If you'd like us to follow up with an update, please provide your email address.