All ARTESCA customers now enjoy a $100,000 cyber guarantee.
Jérôme Lecat, founder and president of Scality, presents it this way, with the text rendered in English.
In practice, this guarantee does not apply to every customer. It targets holders of commercial licenses—hardware, perpetual, or indefinite-term—who have a storage capacity of at least 50 TB.
Scality commits to paying the $100,000 in question (or the equivalent in other currencies) if an “admissible cyber incident” occurs. Specifically, “the encryption or demonstrable deletion of data residing on a storage volume managed by the software, the direct and sole consequence of an external unauthorized cyberattack.”
Data exfiltration is excluded. The incident must not arise, wholly or partly, from:
- Compromise of access credentials stored, transmitted, or managed outside the software
- Access credentials obtained by third parties through social engineering, phishing, malware, or theft
- Malicious and improper acts committed by authorized users
- Any indemnification liabilities of the customer
Cooperation, Maintenance, Compliance…
To be eligible for compensation, you must use the latest major version of ARTESCA (currently 4.1) “in strict accordance with the documentation […] and the security guidelines.” You must also have installed all updates/upgrades (latest release to date: 4.1.3) and patches within 30 days of their availability.
Regarding the data, it must be stored in compartments with Object Lock (immutability) enabled in compliance mode (no user, including root, can modify or delete). And be, at the time of the incident, in an active retention period.
The guarantee is a one-off fixed penalty. Its payment is the sole remedy in case of an admissible incident (the customer cannot claim any other damages). It will be triggered only if the customer has notified the incident in writing within 48 hours of discovery. And has subsequently “fully cooperated” by providing the information and access requested.
