Isolated Recovery – Your Golden Ticket for Combatting Ransomware
By Bill Tolson, Vice President at Archive360,
Numerous organizations are currently reevaluating their data protection and security strategies given the number of ransomware attacks and security breaches that have continued to make headlines. Increasingly nefarious threats present themselves on virtually a weekly basis. Traditional backup has been used for years upon years as a virtual insurance policy – a means by which to recoup from such attacks, and for other reasons of course. The objective has been that should a cyber-attack take place, or something as common as a local data loss event or data corruption, data that has been backed up to disk or tape, and protected or moved for storage in an off-site location, can be reinstalled and business can be up and running ASAP. Unfortunately, cyber-criminals are getting smarter – uncovering new and innovative ways to attack backup data as well. And, I think we can all agree that finding and reinstalling data from tape is a tad less than an “immediate” and “complete” solution.
Is it Possible to Stay One Step Ahead of Cyber-Criminals?
With ransomware in mind, as stated, an increasingly common problem with traditional backup is that the backup server can be quickly infected by ransomware too. A ransomware cyber-attack is oftentimes intentionally delayed, timed or designed in order to infect all backup systems too. In other words, when the insurance copy of data is backed-up, it brings the ransomware right along with it, thereby infecting all of the backup data and systems as well.
Oftentimes, it can then take weeks – even months – for companies to realize that they were hacked. During this time, uninfected server backups are overwritten with the malware or ransomware, corrupting the backups. After a predetermined period, the hacker triggers the ransomware, and the company has no way to recoup.
Because of the nature of ransomware attacks and the fact that backup and DR are not protection anymore, a new data protection strategy needs to be leveraged. This means the only way to beat this type of cyber-attack is to generate a “gold copy” backup (before infection) and absolutely isolate it so that when needed, it is pristine and ready to use. This process is known as Isolated Recovery – the recovery of known good or clean data. The problem is how do you know when you have an uninfected backup? The only way to be sure is to generate golden copies on a regular basis so that when an infection does occur, the company can fall back on the last clean backup.
Isolated Recovery and Air Gaps
Isolating every single backup copy is usually not feasible, so the isolated recovery process is best suited for mission-critical data the organization is dependent upon on for ensuring the business can recover quickly and maintain/regain business operations.
Isolated recovery depends upon the principles of isolation or “air gaps” – an isolated storage repository that is disconnected from the network and restricted from users other than those with proper clearance, needs to be established. Given these requirements, it stands to reason that this isolated environment can be potentially set up in a cloud environment.
Air Gaps and Immutability
Air gaps are a bit more challenging. An air gap demands that a storage system be disconnected from the outside world. By design, a cloud storage system is connected and accessible so IT can access it whenever and from wherever needed. It seems clear, that the main requirement for isolated recovery systems is the “gold copy” status of the backup. One way to ensure the gold copy status of a backup in the cloud would be to write it to immutable storage. That immutable copy would be “isolated” due to its immutability and can be restored when needed. A recurrently scheduled (separate) backup saved to Microsoft Azure WORM storage would provide a highly secure (against ransomware) isolated recovery option. Organizations in specific industries, such as the financial and healthcare sectors, could use this method as yet another piece of their disaster recovery (DR) process.
This is not to say that isolated recovery should only be utilized for specific industries. Companies across all sectors with business critical data should look at this backup methodology as well.
Standing Strong and Fortified Against Future Attacks
So what can you do today? There are already many vendors and technologies that have tried to wiggle their way into saying they are a solution against today’s most vicious ransomware attacks. There are also a number of vendors and technologies that have been built from the ground up to serve exactly that purpose. What you need to seek is a solution that can assist your organization in serving as the golden copy repository. Ideally, IT professionals should seek solutions that offer proven integration with Microsoft Azure, as well as Azure-based security protocols. In addition, ideally the solution would offer an information management layer as well as additional security, access controls and integration with Azure immutable storage, while allowing you to maintain it in your own Azure tenancy. By storing known golden copies of your servers in your Azure tenancy (managed of course with proper retention policies), your organization can stand strong and fortified against all future ransomware attacks – from whatever direction and form they arrive!