Cyber-Resilient Data Protection
12th July 2021
Building On The Foundations Of A Cyber-Resilient Data Protection Service
Blog by Daniel Banche, Senior Technical Sales Architect
Once again, following a series of high profile cyber-attacks around the world, I have found myself being asked by our clients not only how their backup data is currently protected from the likes of ransomware, but what further steps can be taken to proactively stay ahead of the threats to come?
Protecting Against Zero-Day Cyber Attacks
Whilst there is a high degree of inevitability that one day an organisation will suffer a cyber-attack, what isn’t predictable is exactly how and when that attack will happen, such is the nature of a zero-day attack. To prepare for this event, it is therefore to our advantage that we can draw upon a pool of solutions from key technology partners, including Dell, IBM and Veeam, to isolate and protect that backup data which represents the last line of defence in a cyber resiliency strategy.
For years, before ransomware became one of the top threats, the design of our managed backup and recovery services has aligned with principles such as hardening the backup servers and storage repositories, avoiding reliance on network sharing protocols, running on operating systems less susceptible to an attack and, of course, the traditional use of tape as an obvious yet trustworthy airgap.
“When it comes to isolating backup data from a cyber threat, there is nothing easier to demonstrate an airgap than the simple laws of physics.”
Cyber Resilient Data Platform
Yet there is still scope to improve upon the standard design. It is simply not always enough to trust that user credentials are being managed properly or that tape handling processes are being followed correctly. The attributes of a cyber-resilient data platform need to be baked into the design such that those “clean” backup copies are isolated and immutable by default, and online ready to be analysed, then swiftly recovered.
Here I’ll cover some of the potential enhancements we look to implement when developing a cyber-resilient backup and recovery platform.
The aim of ransomware or any other malicious sabotage is to change data to the extent that it cannot be read, typically through the use of encryption. A system that stores backup data in an immutable format ensures that it is impossible to change data written to the storage. Even the account used by the backup software should have restricted permissions, such that data is only removed based on the retention policy applied by the backup software when it was written to the repository.
WORM capability will be well known to many who first took advantage of this when it was introduced with LTO3 tapes in 2005, however, the demands of the modern business and volumes of data in 2021 have raised expectations for recovery times and immutability is now a core feature for disk and cloud-based backup platforms.
This is a great opportunity for organisations looking to modernise data protection, as not only can they reap the rewards of disk to cloud backup (fast restore from local disk, consolidation of infrastructure and elasticity of the cloud), the data is now immutable.
- Airgap on Disk
A major change over the last decade has been the transition from backup to tape to backup to disk. The advantages are well known, with the days of spending hours in a data centre trying to rebuild a backup environment from tape a thing of the past for many. The expectation is therefore that recovery from a cyber-attack should also benefit from such advantages.
In order to frequently copy data to that disk storage, however, we need to have it attached to a network. This is where we can design a vault, hidden behind a firewall or data diode, which can automatically open and close its network connection to receive updates written to immutable storage. Furthermore, using disk to store backup data allows for frequent analytics to be performed, with the data effectively online, yet still isolated from the production network.
- Cloud SaaS Data Protection
I bring this up as it is a fast-growing destination for critical business data, yet until recently hasn’t had the same level of focus when it comes to backup and recovery. Knowing that a typical entry for a ransomware attack is via user access points i.e. via the Microsoft 365 suite, it is essential that a backup service beyond the rudimentary capabilities of the cloud provider is part of the overall data protection strategy.
Why spend energy and cash over decades juggling stacks of backup tapes for years of necessary file share backups, only to drop the requirement when that very data is migrated to a Software as a Service (SaaS) platform?
Data Protection Strategy and Advice
I have touched upon just a few areas we can explore to enhance cyber-resiliency at the last line of defence.
The conversation does not stop there, however, as we help clients develop their data protection strategy, topics such as immutable snapshots on production storage, and the building out of a “clean room” for recovered data come to the fore.
Explore more about our Data Protection solutions on our website here.
To discuss any of the topics raised in this blog in more detail please get in touch with the team.
Or, to connect via Daniel Banche directly, visit his LinkedIn profile here.
Additional reading on this topic from our technology partners can be found via these articles: