With all the competing aspects of an information technology (IT) environment to be concerned about, it’s possible that backup systems can be overlooked. If the existing backup system seems to be working, there may not be any impetus to review its real utility for recovery in the face of ransomware and other types of cyber attacks or unexpected outages. This oversight can turn out to be a very costly and dangerous mistake.
Legacy backup solutions may have provided sufficient data protection for your organization when they were first implemented. That may no longer be the case. Times have changed and you should consider reviewing the functionality and performance of your backup systems.
A company’s data has become its most valuable asset. This value is reflected in the prevalence of ransomware attacks designed to hold data for ransom and in some cases steal and publish sensitive information. Protecting enterprise data from ransomware has become an essential task for IT teams and decision-makers.
Five critical actions are necessary to effectively combat ransomware and protect your company’s data and business interests. We’re going to look at each of these actions and present some questions that will help determine if your backup systems can address them.
Protecting Your Backup Data and System
Data safeguards are necessary to protect your backup data and the systems that create the backups. These backup security capabilities are fundamental to a modern and effective data management solution:
- Software-based, native immutable snapshots that cannot be encrypted, modified, or deleted;
- Write once, read many (WORM) technology that provides security against insider threats;
- Software-based FIPS-validated, AES-256 standard encryption for data in flight and at rest;
- Automated configuration auditing and scanning to avoid costly human oversights;
- Fault tolerance to ensure data integrity;
- Flexible data isolation options including air-gapping.
The following questions address these capabilities.
- How does your data management solution protect backed-up data from ransomware?
- Does your solution continue to back up data after a hardware or software component fails?
- Does the solution provide strong security while addressing the need for faster recoveries?
- Does the solution provide visibility into potential security gaps in its design and configuration?
Reducing the Risk of Unauthorized Access
Strict access controls are essential to prevent unauthorized access by malicious external or internal actors. These capabilities should be available in your backup solution:
- Multi-factor authentication (MFA) to make it more difficult to compromise login credentials;
- Monitored modification to limit the impact a compromised credential can have on the system;
- Granular and role-based access controls to provide the minimum level of access users need to do their jobs.
The following questions should be asked of your existing or prospective backup or data management solution.
- How does the solution prevent unauthorized access to critical data?
- How does the solution address the threat of ransomware and malicious insiders?
- Does it support multi-user approval for critical tasks?
Detecting Incursions and Potential Attacks
Protecting data from ransomware demands the ability to classify sensitive data and provide near real-time threat detection. Four critical capabilities are necessary to enable proactive threat response:
- Artificial intelligence and machine learning technology to effectively handle classification and pattern matching to address the ever-increasing flood of data;
- Near real-time anomaly detection to find intruders before they can cause damage;
- Automated alerts that generate information regarding the access of sensitive data and suspicious user behavior;
- Cyber vulnerability discovery to identify inefficiencies in the environment so they can be addressed proactively.
The following questions focus on how the solution stops encroachment.
- Does the solution identify and classify sensitive data that can be at risk?
- Does the solution implement AI/ML technology to detect anomalies in near real time?
- How does the solution provide visibility into vulnerabilities?
- Does the solution detect behavioral or system-level anomalies that indicate unique cyber attacks?
Strengthening Security with Integrations and APIs
The ability to effectively thwart ransomware attacks demands future-proof solutions that can be extended and integrated with new tools and technology. Look for these features in a data management and backup solution:
- Pre-built integrations with other leading security orchestration, automation, and response (SOAR) as well as security information event management (SIEM) solutions;
- Customizable integrations via a secure software development kit and management APIs;
- Value-added application interoperability to enhance the solution’s functionality.
Ask the following questions to see how your solution addresses integration.
- What security integrations does the solution support?
- How does the solution work with other leading security products?
- Does the solution provide analytical insights into data resources?
- Does the solution promote team collaboration and eliminate silos?
Ensuring Data can be Rapidly Recovered at Scale
If the unthinkable happens and you are the victim of a successful ransomware attack, you need a solution that can be implemented to avoid paying the ransom. This requires the ability to quickly recover systems at scale and requires these capabilities:
- Instant recovery at scale to any point in time and any location;
- A clean recovery that ensures recovered data is free of malware;
- In-place recovery that uses the same platform without provisioning a new server or database.
Answering the following questions will help determine if the solution has the recovery capabilities you need.
- How does the solution help recover rapidly and cleanly at scale?
- Can the backup system support rapid recovery at any point in time to any location?
- Can the solution recover unstructured data from a snapshot without additional investment?
- How does the solution recover unstructured data in-place to minimize downtime?
Talk to the Experts at VAST
VAST’s data protection specialists have the experience to look at your existing backup system and see where it needs to be upgraded or modernized. VAST offers managed cloud backup as a service (CBaaS) and other data protection solutions. They partner with leading data management providers such as Cohesity and Veeam and can recommend the right managed solution for your unique business needs.
Find the answers to your questions by talking to one of VAST’s data protection specialists. See how your system stacks up against the modern data management and protection solutions available from VAST partners and start giving your valuable data the protection it deserves.