Eric Herzog, Chief Marketing Officer at the data protection and storage product company Infinidat, discusses cyber resilient storage for a data-driven world.
Every 39 seconds, an organisation somewhere in the world suffers a cyber attack. If intrusion attempts are happening with such frequency, the question is not if your enterprise will suffer a cyberattack, but when and how often. When they do, they’ll surreptitiously wait, sometimes for months, before they try to take control of your organisation’s data, encrypt it and then demand a ransom to decrypt and restore access. Imagine what this means for a healthcare provider or financial services company? For any enterprise.
We also know that the average number of days taken to identify and contain a data breach is 287, according to research by the Ponemon Institute. This means that chief information officers (CIOs) and chief information security officers (CISOs) are regularly caught out when a ransomware or malware cyberattack has penetrated their enterprise. By this time, it’s already too late to prevent the malware or ransomware software from wreaking havoc with your data.
It’s alarming to even think about the amount of damage that can be inflicted in that timeframe. Data could be corrupted, copied, blocked, and exposed to all kinds of criminal activity, without the enterprise even realising a that breach took place. These are not exceptional events, but routine attacks that can undermine an enterprise and halt their business activities, virtually overnight.
No organisation wants to be crippled by a cyberattack like this, but it is unfortunately the reality. It means effective cyber security is no longer about preventing an attack from occurring, but being ready to thwart the problems that arise from the security breach. Cyberattacks are definitely going to take place, it’s just a matter of when and how often. It’s time to think beyond the traditional toolkit of prevention – the firewalls and cyber management software – and be ready with a cure, an antidote to stop the damage from spreading.
Hackers on the other hand are very well aware of the gaps and vulnerabilities that exist in most enterprise infrastructures. They know exactly how to take advantage of the value of data, by taking their time, doing a thorough ‘reccy’ of their victim’s systems before accessing critical storage resources. Once they know exactly how to create the most trouble, they will unleash ransomware and malware across the data and make their financial demands. These criminals are technology experts, highly skilled at exploiting the vulnerabilities of enterprises that have left their primary storage infrastructure and secondary/backup/disaster recovery storage exposed.
For this reason, enterprises need to regard securing primary and secondary storage as an essential part of their overall corporate cyber resilience strategy. Data is one of the most important strategic assets an enterprise owns and yet, many organisations have not fully integrated a cyber storage resilience program.
When it comes to securing enterprise storage, there are some essential ingredients to ensuring a strong storage cyber defence strategy. These include ensuring the immutable nature of the data, recovered from a copy you can trust. Air-gapping to separate the management and data planes to protect the data. A secure forensic environment, to analyse the data thoroughly and ensure the fastest recovery speeds possible is critical. Each of these elements needs explaining.
Immutable snapshots are like the vital ‘secret sauce’ of storage cybersecurity. They allow organisations to effectively roll back the clock and recover guaranteed, uncorrupted copies of their data, before the execution of any malware or ransomware code introduced by an attacker. Immutable snapshots ensure the integrity of stored data, because they prevent the data copies from being altered or deleted by anyone. Even internal systems administrators are locked out of immutable snapshots manipulation. It means that an organisation can be confident that any disruption or damage caused by the intrusion can be kept to an absolute minimum.
Logical air gapping adds a further layer of security, by creating a safe distance between the storage management layer and the immutable snapshots. There are three types of air gapping. Local air gapping keeps the data on premises, remote air gapping makes use of a remotely hosted system and hybrid air gapping combines the two.
Fenced forensic environments help speed up the recovery process by providing a secure area to perform a post-attack forensic analysis of the immutable snapshots. The purpose here is to carefully curate data candidates and find a known good copy. The last thing you want to do after an attack is to start restoring infected data that has malware or ransomware infiltrated within it. Once forensic analysis is complete, it is safe to restore the copy to primary storage systems.
Finally, there is an expectation that even with these layers in place, the final recovery stage will take some time. Not any longer. Advances in cyber storage resilience technology allow this to happen in minutes, with just a couple of clicks and a water-tight vendor guarantee.
The right cyber storage resilience solution is part of a “set it and forget it” process. Once the immutable snapshots, logical air gapping, fenced forensic environment and cyberattack recovery processes have been established, the whole restoration will progress like clockwork. This is all part of being an agile enterprise, one that’s cyber resilient as well as cyber secure.
Thanks to cloud technology, this level of cyber storage resilience can be provided as a service and delivered over a hybrid cloud storage implementation. This means that these software-defined storage capabilities are accessible to every organisation, regardless of their in-house technical capabilities.
Although we are always taught that prevention is better than cure, when it comes to cyber hackers, this maxim isn’t necessarily true. If intrusion attempts are happening every 39 seconds, can anyone really prevent a cybersecurity breach? Perhaps not. So, organisations need to focus on being ready with a cure – whether it’s on premises or in the cloud. An antidote to thwart the intentions of perpetrators and prevent their activities from causing any real disruption.
