The discussion on cybersecurity is ongoing and never-ending. However, most of the time, the focus is only on cybersecurity measures and not on data protection per se, which is the final objective of any cybersecurity strategy. Protecting the data assets of any organization and ensuring business continuity is the end goal of any cybersecurity strategy. Nikhil Korgaonkar, Regional Director, Arcserve India and SAARC, shares his expertise on various data protection strategies that can help organizations protect their data, especially when there is a ransomware attack.
- It seems that despite all measures taken by companies on cybersecurity and data protection, companies are still suffering the impacts of ransomware. How do companies ensure to protect their assets?
Having a complete hold on the network security of an organization is aspiring but never simple. CIOs or CISOs today must have a game plan in place that could ensure that their enterprise network and all applications running on it are protected from all forms of cyberattack.
To ensure such levels of security, it is always advised that organizations maintain a secure cyber landscape, and keep their IT environments less complicated. Every vendor and solution deployed introduces additional weak spots and potential gaps in security coverage. This requires a multi-pronged and unified threat management approach – including malware detection, deep learning neural networks, and anti-exploit technology – combined with secure backup and DR capabilities that can close the security gaps for complete ransomware protection. This single strategy can provide a first and last line of defense.
Also, ransomware attacks are increasingly targeting backups, so it must be ensured that the backup system doesn’t allow direct access to backup files. We at Arcserve, recommend that once backups are developed and strategies are restored, one should perform a test restore to a backup server at least once a month and make sure the restored database is functioning properly. This allows testing the backup and restore strategies to assess whether the backup is accurate and to prepare for a possible disaster.
Also we highly recommend the 3-2-1-1 backup strategy which offers a high level of protection against data loss, especially in the event of a fire or natural disaster. Simple rule: Maintain three copies of the data—one primary and two backups—with two copies stored locally on two formats (network-attached storage, tape, or local drive) and one copy stored offsite in the cloud or secure storage. That extra “1” in 3-2-1-1 stands for immutable storage.
Other than that, staying current on patching and updates, automating maintenance tasks, creating an enterprise-wide cybersecurity education and training strategy are the basic hygiene processes to ensure the tasks are actually completed and important security fixes don’t fall through the cracks.
- Tell us about Data Resilience and how it helps organizations to quickly recover from a data-destruction
Data resilience is the ability to protect and recover quickly from a data-destructive event, such as a cyberattack, data theft, disaster, failure, or human error. It is a set of technologies and strategies that help maintain data availability and ensure it is always accessible, thus minimizing any disruptions or downtime that could lead to tangible—and intangible—losses to the business. Technologies such as cluster storage, data replication, backup, and disaster recovery help minimize the damage caused by cyber threats, such as ransomware and any natural disaster. All these are but parts of the data resiliency game plan, which can help companies get back on their feet as quickly as possible—with minimal data loss.
A solid data resilience strategy includes two critical metrics, recovery point objectives (RPO) and recovery time objectives (RTO). RPO defines the amount of data an organization can stand to lose in a disaster. Establishing the RPO can help to determine how often one needs to back up their data and what type of infrastructure they need to support their backup plan. It is less about the actual execution of recovery and more about establishing the framework.
By contrast, RTO helps the organization to understand the impacts of downtime and aids in making educated decisions about the data resilience plan. For example, suppose it is determined that a business can only handle an hour or two of downtime. In that case, one should invest in a disaster-recovery solution that allows it to get back up and running within that time frame. Planning is 90% of success in data resilience. The better the processes and tools are planned and tested before an actual situation arises, the higher the chances of success.
Regular testing of a data resilience plan should be a standard practice that organizations must follow. At a minimum, organizations should prioritize periodical testing of their data backup and recovery proficiency to ensure they can reliably restore their data in the event of a cyberattack or natural disaster.
- Tell us about immutable storage and how its helps in Ransomware Protection Strategy
Immutable storage is an essential part of a comprehensive ransomware protection strategy. Being immutable means that once the data is placed in storage, it cannot be overwritten, changed, tampered with, or deleted — even by someone with admin rights.
Immutability is different from data encryption, as there is no key, so there should be no way to “read” or reverse the immutability. Immutable data backup storage simplifies disaster recovery efforts because there will almost always be a clean, current copy of the data available that can be restored once remediation is complete.
At Arcserve, our focus on immutable solutions is to offer continuous data protection (CDP) by taking low-overhead snapshots every 90 seconds. These snapshots give a view of the file system at the instant when the snapshot was taken. That means the customers can go back to specific points in time and recover entire file systems in minutes.
Another approach to immutability is network-attached storage (NAS) that includes immutability’s write once read many capabilities. Immutable backups are an important component of data protection and compliance, and, most important, they ensure that backups are secure, accessible, and recoverable.
At Arcserve, our immutable solutions are purpose-built, allowing organizations to add storage—one drive at a time or multiple nodes in a cluster— and appliances seamlessly as the organization grows. This dynamic scalability also covers the storage costs and businesses do not have to allocate wasted storage capacity to meet potential usage spikes, as with inflexible scale-up storage.
- Throw some light on air-gapped technologies.
Keeping data backup is effective for ransomware attacks recovery. However, as I already mentioned above, hackers are now focusing all their energy and tactics to compromise organizations’ backups. To counter this, organizations may secure backups using backup software that leverages air-gapped technologies. Air-gapping is a practical and cost-effective step that organizations may take to secure their backup data.
Air-gapping can be either physical, logical, or of both types. A physical air-gap means the backups are stored on media disconnected from the IT environment, often using tape backup solutions. Tape back-up is back in flavour due to their high storage capacity, high affordability and higher reliability factor in data backup. A logical air-gap stays connected to the network, with users accessing controls to isolate the backup data from the production environment. Both physical and logical air-gapped storage solutions are affordable, hence are also more attractive backup options. In case of keeping the backup data on-premises, using an immutable storage system for the backup data makes sense.
In the 3-2-1-1 plan itself, one copy can be an air-gapped stored far away and disconnected from the company network. This copy can’t be encrypted during a ransomware attack and it is protected from localized threats, such as fire, and it is accessible from anywhere, so anyone on the recovery team can initiate recovery efforts. The bottomline behind air-gapping is that if ransomware can’t “see” or find these backups, the data can’t be compromised.
- We see a lot of traction on Zero Trust. What are your inputs on that and how Data protection is a part of zero trust?
When someone moves to a zero-trust model, they continuously limit access by anyone to only what is needed. 85 percent of all breaches involve the human element. All it takes is one person in the organization clicking on a malicious link or downloading an infected PDF to immediately put the network and the data at risk from malware and ransomware. A successful zero-trust security model requires everyone within the organization, from the top to bottom, understand and commit to zero-trust principles.
Zero-trust model includes monitoring for unusual or malicious activities, granular risk-based access controls (RBAC), and automated, coordinated system security throughout the infrastructure. When going with a zero-trust model, one should also focus on protecting critical data in real-time. At Arcserve, we have designed the Arcserve UDP to support zero-trust security strategies and minimize exposure of essential data backups to external threats. We actually believe in going beyond zero trust, by completely isolating the backup itself, which helps to further support the zero-trust strategy by monitoring and minimizing access to the backup data so that organizations can recover their data in the event of a disaster.
