The Challenges of Data Protection in the Era of Ransomware
Cyber threats have evolved so quickly that most organizations are exposed. Ransomware-as-a-Service offerings enable anybody to attack at any time, so somebody will penetrate your defenses. Once inside your environment, attackers spread rapidly through insecure legacy data infrastructure.
Modern cyber data protection is not just about prevention. Unfortunately, IT organizations are struggling to provide the multi-layered protection their businesses need. Among their challenges:
Trying to implement modern cyber data protection with traditional, and even many cloud data protection solutions, is too expensive, complex, and risky. The result — more companies are paying larger ransoms.
What Is Cyber Defense in the Cloud?
A multi-layered cyber defense can address the different layers of cybersecurity challenges. Today, teams take on the responsibility of buying separate components, stitching them together, and operating them, but there is a better way.
It solves the challenges of cyber data protection for you, with four integrated layers so you can be confident your organization can respond to a security breach.
Layer 0: Integrated, End-to-End Zero-Trust Security
You cannot assume that internal actors are trustworthy. First, cyber attacks often try to take over key administrative accounts, and they gain control over email, phones, and more. Second, insider threats are on the rise.
If your environment is compromised, a bad actor can take control of your backup environment and destroy everything. Backups can be destroyed at multiple levels: backup software, backup server, storage appliance, and cloud account (for backups stored in the cloud). Therefore, if you lose control at any level, you lose your backups.
You need zero-trust security for the entire backup service. This includes:
Eliminating Administrative Control of the Backup Infrastructure
- There should be no direct access to servers, storage, or software
Monitoring Administrative Behavior
- Any unusual activity, e.g. deleting backups or dramatically changing policies, should generate alerts
Preventing Destructive Administrative Behavior
- Any unusual backup deletion should be prevented/recoverable
End-to-end Encryption
- Data should never be accessible to anybody other than the owner
Layer 1: Air-gapped Secure Backups Across All Workloads
It is time to update the “3-2-1 rule for backups” to address modern cyber security threats. For a generation, the “3-2-1 rule” meant: at least three backups, on two types of media, with one copy offsite. The “3-2-1 rule” protected against user error, system failure, and natural disasters. With the introduction of backup appliances, however, companies only made offsite copies of their mission critical data because it was so expensive to buy a second backup appliance.
Cyber attacks expose the weaknesses of modern protection environments. First, they will compromise the local copies. Second, even offsite backups are no longer safe unless they are “air gapped.” As multiple on-premises backup customers have discovered, their backups were gone before they even knew they were under attack.
Therefore, the new “3-2-1 rule” is: at least three backups, on two types of media, with one copy that is completely separated from the production environment. Therefore you need a backup service that includes:
- All backups automatically stored in a separate site with separate management — without requiring extra copies
- Backups cannot be deleted or modified
- One solution to protect all data — endpoint, data center, cloud-native, and SaaS applications
Layer 2: In-depth, Accelerated, and Automated Data Recovery
You need a ransomware response and recovery plan in place before ransomware strikes. Otherwise, as one customer discovered, you could do more damage than the actual ransomware. Upon detecting ransomware, they powered down their entire environment. It took weeks to bring the environment back online so they could begin to follow the proper steps for a ransomware recovery.
Ransomware recovery is even more complicated than disaster recovery, and most organizations do not even have a robust disaster recovery plan. Disaster recovery planning is difficult because it spans IT silos — data, servers, networking, and applications — and it is difficult to coordinate. Ransomware recovery planning spans across even more organizations — security, legal, and often HR. Even worse, in a ransomware recovery, you cannot trust anything — your infrastructure, your data, or your backups. You need a plan because trying to recover from a ransomware attack “on the fly” will crash and burn.
While no data protection solution can “solve” ransomware, it should help orchestrate your recovery. At each stage, data protection can streamline the recovery process:
Forensic Analysis
- Enable centralized access to log data (which should be backed up)
Damage Assessment
Identify the Data to Recover
- Automatically identify the most recent clean version of each piece of data
Scan the Recovery Data
- Enable in-line malware scans and sandbox recoveries for additional malware scans
Recover
- Automatically scale to recover data on-premises or in the cloud to minimize recovery time
Test
- Most importantly, the data protection solution should allow low-cost testing that does not affect the production environment
Recovering from ransomware is challenging, but with a proper plan, a data protection solution with orchestrated recovery, and frequent testing, you will not have to pay the ransom.
Layer 3: Operationalizating Your Cloud Cyber Defense
Most companies struggle to operate and maintain their cyber protection. Their teams have to keep the infrastructure patched, monitor for anomalies, and maintain a state of recovery readiness. Of course, since security and recovery are forms of insurance, it is difficult to maintain investment. As a result, almost 50% of successful attacks exploit vulnerabilities that have patches that were not installed. Even worse, since the attackers are constantly evolving their attacks, an organization has to do more than maintain their defenses. They have to counter every new threat. Even the largest companies have fallen victim to ransomware attacks because it is almost impossible to keep pace with the relentless horde of attackers.
The only way to counter an army of attackers is to have an army of your own — a service that will work on your behalf.
Eliminate infrastructure
- Without infrastructure, there is nothing to patch
Global AI/ML-driven analysis
- Leverage a global view across thousands of customers to identify anomalies
Data validation
- Constantly verify that data is clean and recoverable
More importantly, the service should be able to evolve with the attackers, since they are part of a broader security ecosystem and focused only on keeping your data safe and recoverable.
Conclusion — Future-Proof Your IT Environment with Druva
We live in a world where cyber attacks will only become more frequent and more insidious. You cannot retrofit a legacy data protection architecture for cyber security — they were designed for traditional data loss use cases. Cyber security brings new requirements and new layers to data protection.
A multi-layered cyber defense for your data will help you respond to and recover from cyber attacks. First, zero-trust security must be done at a service level. Second, all backups should be automatically air-gapped at no extra cost. Third, it should help orchestrate your recovery from an attack. Finally, the operations should be done by the service — not you. Instead of desperately trying to fight the cyber attackers on your own, find someone who can help you.
A Multi-layered Cyber Defense for the Future of Cyber Threats
Enter the Druva Data Resiliency Cloud. Data Resiliency is the next generation of data protection that is enabling companies to be prepared to stop attacks before they spread, and easily recover without business disruption. The Data Resiliency Cloud shifts from selling software and appliances to providing a subscription-based service that actually solves your protection challenges for you.
The Druva Data Resiliency Cloud offers the industry’s leading multi-layered cyber defense for data. As a SaaS offering, Druva was built with zero-trust security. Druva’s backups are all stored under Druva’s control with orchestrated recovery. Most importantly, as a 100% SaaS service, Druva delivers full operationalization of your data cyber defense.
In a multi-cloud world, it is time for a data resiliency cloud… the Druva Data Resiliency Cloud. Download Druva’s new eBook, Why Companies are Migrating Data Protection to the Cloud, to discover the benefits of the Druva Data Resiliency Cloud for all your workloads.
