Ransomware attacks occur roughly every 11 seconds, and 94% of them now target backups. That means backups are under threat like never before — and as a result, it can be argued that the most business-critical workload is backup/restore. To achieve cyber resilience, this threat to backups must be addressed thoroughly and decisively.
CIOs and CISOs have made cyber resilience a top priority, employing many best practices and security layers to safeguard data:
- Identifying key assets that are searchable/accessible online and reducing their exposure.
- Ensuring that firmware and software are patched on a regular basis and that common vulnerabilities and exposures (CVEs) are monitored.
- Securing public-facing servers and applications at the firewall, network, and data storage levels.
- Simulating different attack threat "vectors" (external and internal) and creating recovery procedures for them.
Understanding the pillars of cyber resilience
Cyber resilience requires a strong architectural foundation based on four pillars.
As the IT ecosystem has expanded, teams need to be able to have visibility to their key assets, and especially for high-value data that can be a compelling target for ransomware attacks. With today's hybrid environments, this means ensuring visibility to data across cloud and on-prem infrastructure. The 2022 Cisco Global Hybrid Cloud Trends report found that 82% of IT leaders said they’d adopted such a hybrid approach.
Having centralized visibility is fundamental to not only taking control of cloud environments but also bridging silos. In a recent survey conducted by Forrester, 83% of IT decision-makers said a single consolidated view for managing their organizations’ cloud and IT services would help achieve their business outcomes — including improving their cybersecurity posture.
Data protection via immutability
Immutable data storage enables the storing of data after it is written, such that it's impossible to change, erase or otherwise interfere with it. This functionality guards against malware, ransomware, and both unintentional and malicious human behavior.
Since it effectively protects data against any change or erasure, as would be typical in a ransomware attack that tries to encrypt data, immutability is commonly regarded as a prerequisite in the battle against ransomware. It also covers ransomware attacks that threaten to read, exfiltrate and publish data in order to reveal private or sensitive information to the public; Wikileaks is one example.
Archive tiers, both in the data storage and in locations
Enterprises are seeking backup storage solutions that offer a multi-tier backup design, enabling every storage tier to be optimized — performance, capacity, or archival — whether located on-premises or in the cloud. Moreover, each of these tiers can and should be immutable and secured with their own login credentials, encryption keys, authentication, and access control schemes. This makes it harder for malicious actors to access data from "all" tiers, even if they succeed in breaking into one.
The time-honored 3-2-1 backup rule recommends having three copies of data stored on two different media, with one copy stored offsite. However, in light of today's threat landscape, many organizations create four or five copies of important data. And an additional step has become necessary: storing at least one of those copies offline.
Augmenting - not countering - is the pillar of network visibility; best practices today also use "air-gapped" copies that reside on a physically separated network or device, either.
- Locally, through physically disconnected storage systems with offline copies of backup data.
- Remote replication to two or more data centers in a rotating "tick-tock" manner. One site remains air-gapped while the other receives newer data, then vice-versa.
- Secure offsite storage.
- Offline devices such as tape for that last-and-final copy of critical backups.
In practice, immutable object storage can achieve 99% of the benefits of these physically air-gapped approaches without the inconvenience and the additional advantages of offering faster restore capabilities.
Scalable backup and recovery architecture
Beyond this 3-2-1 rule, organizations need a scalable backup and recovery infrastructure — one that makes management fast and simple – to sustain business continuity and operations in the current cybersecurity landscape. The reality is that backups can fail such that data is lost, corrupted, or inaccessible. Unconstrained data expansion poses another threat to cyber resilience, with more devices needed to manage and store the data, more time for backups, and far more time for restoring petabytes vs. gigabytes. With cost always a concern, the temptation exists to not backup or data-protect everything — a huge mistake if something critical is missed.
When it’s quick and simple to adjust infrastructure components like data storage and protect them accordingly — it’s easier to recover and stay resilient.
Cyber resilience: A modern necessity
Cyber resilience is critical to the security of an organization’s data — and possibly to an organization’s survival. When built on a solid architectural foundation, organizations can dependably manage unanticipated ransomware hazards and other threats to recoverability — keeping data secure and immutable no matter what.
Giorgio Regni is the co-founder and chief technology officer of Scality.