Protecting Data with a Multi-layered Cyber Defense

Stephen Manley, CTO

Why You Need Comprehensive Cyber Defense in the Cloud

The data revolution has begun, and IT needs to find its role in the new world order. Data is sprawling across sites, applications, and clouds. Cyber criminals and insider threats are escalating. Traditional efforts to protect data in the cloud include data center backupenterprise cloud backup, and SaaS data protection. But not only do you need to protect your multi-cloud data, you need to be prepared to recover and run security operations. To protect your data, you need a multi-layered security approach: zero-trust security, automatically secured backups, orchestrated recovery, and operationalization. 

Multi-layered cyber defense will help you regain control of your data environment so that you can deliver data resiliency to your business. Meanwhile, in the face of greater requirements, the business expects IT to do more with less. It is time for a new approach to protecting data in the cloud.

Druva Data Resiliency Cloud

The Challenges of Data Protection in the Era of Ransomware

Cyber threats have evolved so quickly that most organizations are exposed. Ransomware-as-a-Service offerings enable anybody to attack at any time, so somebody will penetrate your defenses. Once inside your environment, attackers spread rapidly through insecure legacy data infrastructure.

Modern cyber data protection is not just about prevention. Unfortunately, IT organizations are struggling to provide the multi-layered protection their businesses need. Among their challenges:

Trying to implement modern cyber data protection with traditional, and even many cloud data protection solutions, is too expensive, complex, and risky. The result — more companies are paying larger ransoms.

What Is Cyber Defense in the Cloud?

A multi-layered cyber defense can address the different layers of cybersecurity challenges. Today, teams take on the responsibility of buying separate components, stitching them together, and operating them, but there is a better way. 

It solves the challenges of cyber data protection for you, with four integrated layers so you can be confident your organization can respond to a security breach.

Layer 0: Integrated, End-to-End Zero-Trust Security

You cannot assume that internal actors are trustworthy. First, cyber attacks often try to take over key administrative accounts, and they gain control over email, phones, and more. Second, insider threats are on the rise. 

If your environment is compromised, a bad actor can take control of your backup environment and destroy everything. Backups can be destroyed at multiple levels: backup software, backup server, storage appliance, and cloud account (for backups stored in the cloud). Therefore, if you lose control at any level, you lose your backups.

You need zero-trust security for the entire backup service. This includes:

Eliminating Administrative Control of the Backup Infrastructure

  • There should be no direct access to servers, storage, or software 

Monitoring Administrative Behavior 

  • Any unusual activity, e.g. deleting backups or dramatically changing policies, should generate alerts

Preventing Destructive Administrative Behavior 

  • Any unusual backup deletion should be prevented/recoverable 

End-to-end Encryption 

  • Data should never be accessible to anybody other than the owner

Layer 1: Air-gapped Secure Backups Across All Workloads

It is time to update the “3-2-1 rule for backups” to address modern cyber security threats. For a generation, the “3-2-1 rule” meant: at least three backups, on two types of media, with one copy offsite. The “3-2-1 rule” protected against user error, system failure, and natural disasters. With the introduction of backup appliances, however, companies only made offsite copies of their mission critical data because it was so expensive to buy a second backup appliance. 

Cyber attacks expose the weaknesses of modern protection environments. First, they will compromise the local copies. Second, even offsite backups are no longer safe unless they are “air gapped.” As multiple on-premises backup customers have discovered, their backups were gone before they even knew they were under attack. 

Therefore, the new “3-2-1 rule” is: at least three backups, on two types of media, with one copy that is completely separated from the production environment. Therefore you need a backup service that includes:

Isolated Backups 

  • All backups automatically stored in a separate site with separate management — without requiring extra copies

Immutable Backups

  • Backups cannot be deleted or modified

Multi-cloud Backups 

  • One solution to protect all data — endpoint, data center, cloud-native, and SaaS applications

Layer 2: In-depth, Accelerated, and Automated Data Recovery

You need a ransomware response and recovery plan in place before ransomware strikes. Otherwise, as one customer discovered, you could do more damage than the actual ransomware. Upon detecting ransomware, they powered down their entire environment. It took weeks to bring the environment back online so they could begin to follow the proper steps for a ransomware recovery

Ransomware recovery is even more complicated than disaster recovery, and most organizations do not even have a robust disaster recovery plan. Disaster recovery planning is difficult because it spans IT silos — data, servers, networking, and applications — and it is difficult to coordinate. Ransomware recovery planning spans across even more organizations — security, legal, and often HR. Even worse, in a ransomware recovery, you cannot trust anything — your infrastructure, your data, or your backups. You need a plan because trying to recover from a ransomware attack “on the fly” will crash and burn. 

While no data protection solution can “solve” ransomware, it should help orchestrate your recovery. At each stage, data protection can streamline the recovery process:

Forensic Analysis 

  • Enable centralized access to log data (which should be backed up)

Damage Assessment 

Identify the Data to Recover 

  • Automatically identify the most recent clean version of each piece of data

Scan the Recovery Data 

  • Enable in-line malware scans and sandbox recoveries for additional malware scans


  • Automatically scale to recover data on-premises or in the cloud to minimize recovery time


  • Most importantly, the data protection solution should allow low-cost testing that does not affect the production environment

Recovering from ransomware is challenging, but with a proper plan, a data protection solution with orchestrated recovery, and frequent testing, you will not have to pay the ransom. 

Layer 3: Operationalizating Your Cloud Cyber Defense

Most companies struggle to operate and maintain their cyber protection. Their teams have to keep the infrastructure patched, monitor for anomalies, and maintain a state of recovery readiness. Of course, since security and recovery are forms of insurance, it is difficult to maintain investment. As a result, almost 50% of successful attacks exploit vulnerabilities that have patches that were not installed. Even worse, since the attackers are constantly evolving their attacks, an organization has to do more than maintain their defenses. They have to counter every new threat. Even the largest companies have fallen victim to ransomware attacks because it is almost impossible to keep pace with the relentless horde of attackers. 

The only way to counter an army of attackers is to have an army of your own — a service that will work on your behalf. 

Eliminate infrastructure 

  • Without infrastructure, there is nothing to patch 

Global AI/ML-driven analysis 

  • Leverage a global view across thousands of customers to identify anomalies

Data validation 

  • Constantly verify that data is clean and recoverable

More importantly, the service should be able to evolve with the attackers, since they are part of a broader security ecosystem and focused only on keeping your data safe and recoverable.

Conclusion — Future-Proof Your IT Environment with Druva

We live in a world where cyber attacks will only become more frequent and more insidious. You cannot retrofit a legacy data protection architecture for cyber security — they were designed for traditional data loss use cases. Cyber security brings new requirements and new layers to data protection. 

A multi-layered cyber defense for your data will help you respond to and recover from cyber attacks. First, zero-trust security must be done at a service level. Second, all backups should be automatically air-gapped at no extra cost. Third, it should help orchestrate your recovery from an attack. Finally, the operations should be done by the service — not you. Instead of desperately trying to fight the cyber attackers on your own, find someone who can help you. 

A Multi-layered Cyber Defense for the Future of Cyber Threats

Enter the Druva Data Resiliency Cloud. Data Resiliency is the next generation of data protection that is enabling companies to be prepared to stop attacks before they spread, and easily recover without business disruption. The Data Resiliency Cloud shifts from selling software and appliances to providing a subscription-based service that actually solves your protection challenges for you. 

The Druva Data Resiliency Cloud offers the industry’s leading multi-layered cyber defense for data. As a SaaS offering, Druva was built with zero-trust security. Druva’s backups are all stored under Druva’s control with orchestrated recovery. Most importantly, as a 100% SaaS service, Druva delivers full operationalization of your data cyber defense.

In a multi-cloud world, it is time for a data resiliency cloud… the Druva Data Resiliency Cloud. Download Druva’s new eBook, Why Companies are Migrating Data Protection to the Cloud, to discover the benefits of the Druva Data Resiliency Cloud for all your workloads. 

Read part one of this blog series to learn how Druva provides the ideal capabilities for cloud data operations, read part two for a look into Druva’s unified control pane to help manage your data environment, and stay tuned to the Druva blog as we explore the other pillars of this ideal solution.