Principles of a Data Resiliency Cloud — Multi-Layered Cyber Defense

The data revolution has begun, and IT needs to find its role in the new world order. Data is sprawling across sites, applications, and clouds. Cyber criminals and insider threats are escalating. Meanwhile, in the face of greater requirements, the business expects IT to do more with less. It is time for a new approach to protecting your data, applications, and businesses.

Enter the Druva Data Resiliency Cloud. Data Resiliency is the next generation of data protection that is enabling companies to be prepared to stop attacks before they spread, and easily recover without business disruption. The Data Resiliency Cloud shifts from selling software and appliances to providing a subscription-based service that actually solves your protection challenges for you. 

There are five pillars to a Data Resiliency Cloud: Cloud Data Operations, Multi-Cloud Control Pane, Multi-Layer Cyber Defense, Autonomous Operation, and True Cloud Experience. Over the course of this blog series we will explore the five pillars, so you can choose the Data Resiliency Cloud that is right for you.

Cyber criminals are relentlessly attacking your organization’s data — from the data center to public clouds to SaaS applications. Not only do you need to protect your multi-cloud data, but you need to be prepared to recover and run security operations. To protect your data, you need multi-layered cyber defense: zero-trust security, automatically secured backups, orchestrated recovery, and operationalization. Multi-layered cyber defense will help you regain control of your data environment so that you can deliver data resiliency to your business. 

The Challenges of Modern Cyber Data Protection

Cyber threats have evolved so quickly that most organizations are exposed. Ransomware-as-a-Service offerings enable anybody to attack at any time, so somebody will penetrate your defenses. Once inside your environment, attackers spread rapidly through insecure legacy data infrastructure.

Modern cyber data protection is not just about prevention. Unfortunately, IT organizations are struggling to provide the multi-layered protection their businesses need. Among their challenges:

  1. Ensuring that backups will not be deleted or compromised by ransomware, so they can recover
  2. Recovering from a ransomware attack because it is significantly more complex than a traditional disaster recovery
  3. Keeping pace with the relentless amount and evolution of cyber attacks

Trying to implement modern cyber data protection with traditional data protection solutions is too expensive, too complex, and too risky. The result — more companies are paying larger ransoms.

The Solution: Multi-Layered Cyber Defense

A multi-layered cyber defense can address the different layers of cybersecurity challenges. Today, teams take on the responsibility of buying separate components, stitching them together, and operating them, but there is a better way. 

A multi-layered cyber defense solves the challenges of cyber data protection for you. With four integrated layers, you can be confident that your organization can respond to a security breach.

Layer 0: Zero-Trust Security

You cannot assume that internal actors are trustworthy. First, cyber attacks often try to take over key administrative accounts, and they gain control over email, phones, and more. Second, insider threats are on the rise. 

If your environment is compromised, a bad actor can take control of your backup environment and destroy everything. Backups can be destroyed at multiple levels: backup software, backup server, storage appliance, and cloud account (for backups stored in the cloud). Therefore, if you lose control at any level, you lose your backups.

You need zero-trust security for the entire backup service. This includes:

  1. Eliminating administrative control of the backup infrastructure — There should be no direct access to servers, storage, or software 
  2. Monitoring administrative behavior — Any unusual activity, e.g. deleting backups or dramatically changing policies, should generate alerts
  3. Preventing destructive administrative behavior — Any unusual backup deletion should be prevented/recoverable 
  4. End-to-end encryption — Data should never be accessible to anybody other than the owner

Layer 1: Automatically Secured Backups 

It is time to update the “3-2-1 rule” for backups to address modern cyber security threats. For a generation, the “3-2-1 rule” meant: at least three backups, on two types of media, with one copy offsite. The “3-2-1 rule” protected against user error, system failure, and natural disasters. With the introduction of backup appliances, however, companies only made offsite copies of their mission-critical data because it was so expensive to buy a second backup appliance. 

Cyber attacks expose the weaknesses of modern protection environments. First, they will compromise the local copies. Second, even offsite backups are no longer safe unless they are “air gapped.” As multiple on-premises backup customers have discovered, their backups were gone before they even knew they were under attack. 

Therefore, the new “3-2-1 rule” is: at least three backups, on two types of media, with one copy that is completely separated from the production environment. Therefore you need a backup service that includes:

  1. Isolated backups — All backups automatically stored in a separate site with separate management — without requiring extra copies
  2. Immutable backups — Backups cannot be deleted or modified
  3. Multi-cloud backups — One solution to protect all data — endpoint, data center, cloud-native, and SaaS applications

Layer 2: Orchestrated Recovery

You need a ransomware response and recovery plan in place before ransomware strikes. Otherwise, as one customer discovered, you could do more damage than the actual ransomware. Upon detecting ransomware, they powered down their entire environment. It took weeks to bring the environment back online so they could begin to follow the proper steps for a ransomware recovery. 

Ransomware recovery is even more complicated than disaster recovery, and most organizations do not even have a robust disaster recovery plan. Disaster recovery planning is difficult because it spans IT silos — data, servers, networking, and applications — and it is difficult to coordinate. Ransomware recovery planning spans across even more organizations — security, legal, and often HR. Even worse, in a ransomware recovery, you cannot trust anything — your infrastructure, your data, or your backups. You need a plan because trying to recover from a ransomware attack “on the fly” will crash and burn. 

While no data protection solution can “solve” ransomware, it should help orchestrate your recovery. At each stage, data protection can streamline the recovery process:

  1. Forensic analysis — Enable centralized access to log data (which should be backed up)
  2. Damage assessment — Identify anomalous data patterns in backup streams to help assess what was affected and when
  3. Identify the data to recover — Automatically identify the most recent clean version of each piece of data
  4. Scan the recovery data — Enable in-line malware scans and sandbox recoveries for additional malware scans
  5. Recover — Automatically scale to recover data on-premises or in the cloud to minimize recovery time
  6. Test — Most importantly, the data protection solution should allow low-cost testing that does not affect the production environment

Recovering from ransomware is challenging, but with a proper plan, a data protection solution with orchestrated recovery, and frequent testing, you will not have to pay the ransom. 

Layer 3: Operationalization

Most companies struggle to operate and maintain their cyber protection. Their teams have to keep the infrastructure patched, monitor for anomalies, and maintain a state of recovery readiness. Of course, since security and recovery are forms of insurance, it is difficult to maintain investment. As a result, almost 50% of successful attacks exploit vulnerabilities that have patches that were not installed. Even worse, since the attackers are constantly evolving their attacks, an organization has to do more than maintain their defenses. They have to counter every new threat. Even the largest companies have fallen victim to ransomware attacks because it is almost impossible to keep pace with the relentless horde of attackers. 

The only way to counter an army of attackers is to have an army of your own — a service that will work on your behalf. 

  1. Eliminate infrastructure — Without infrastructure, there is nothing to patch 
  2. Global AI/ML-driven analysis — Leverage a global view across thousands of customers to identify anomalies
  3. Data validation — Constantly verify that data is clean and recoverable

More importantly, the service should be able to evolve with the attackers, since they are part of a broader security ecosystem and focused only on keeping your data safe and recoverable.


We live in a world where cyber attacks will only become more frequent and more insidious. You cannot retrofit a legacy data protection architecture for cyber security — they were designed for traditional data loss use cases. Cyber security brings new requirements and new layers to data protection. 

A multi-layered cyber defense for your data will help you respond to and recover from cyber attacks. First, zero-trust security must be done at a service level. Second, all backups should be automatically air-gapped at no extra cost. Third, it should help orchestrate your recovery from an attack. Finally, the operations should be done by the service — not you. Instead of desperately trying to fight the cyber attackers on your own, find someone who can help you. 

The Druva Data Resiliency Cloud offers the industry’s leading multi-layered cyber defense for data. As a SaaS offering, Druva was built with zero-trust security. Druva’s backups are all stored under Druva’s control, and Druva offers orchestrated recovery. Most importantly, as a 100% SaaS service, Druva delivers full operationalization of your data cyber defense.

In a multi-cloud world, it is time for a data resiliency cloud… the Druva Data Resiliency Cloud. Download Druva’s new eBook, Why Companies are Migrating Data Protection to the Cloud, to discover the benefits of the Druva Data Resiliency Cloud for all your workloads. 

Read part one of this blog series to learn how Druva provides the ideal capabilities for cloud data operations, read part two for a look into Druva’s unified control pane to help manage your data environment, and stay tuned to the Druva blog as we explore the other pillars of this ideal solution.