Backed-up enterprise data is both the potential lifeline key to overcoming ransomware attacks—and a new vulnerability if not protected. That’s one of the lessons to be pulled from a recent report on backup protection by tech market analyst IDC. The report looks at the importance of backup protection in this age of burgeoning ransomware—especially the important role of immutability.
Cyber criminals are targeting backups because they know that if breached first, this cuts off the enterprise from successfully restoring corrupted or encrypted data. With the backup breached, the criminals then go on to target primary data.
They are also slowly changing their tactics: they slow the encryption process to avoid detection, install attacks that trigger after long dormant periods well beyond backup retention cycles and they can rename files and lock them, allowing access only when ransom is paid.
The report recommended the use of key technologies and practices to ensure successful backup protection. It emphasized the importance of immutability in a data protection scheme. Immutable data is stored as a write-one, read many times process, and unlike encryption, there’s no key. That means the immutable data can’t be altered.
Another key element in the report is a suggested change from the old 3-2-1 data protection rule to the new 3-2-1-1 rule. The “three” is three backups (primary, replica and backup), “two” is the number of media types used, and “one” is for offsite storage. The new extra “one” is added to mean both offsite and offline. According to the report “all copies should be encrypted and one of the two media types should include immutability.” This executive brief from Arcserve makes the point you can think of the new 3-2-1-1 as meaning the new “one” stands for immutability.
There are other elements and technology to consider too. The report recommends all back up data should be encrypted “at rest and inflight.” Backup copies should also be scanned for malware, and especially before recovery. A key technology is also continuous data protection. CDP in which data is stored on every write operation. This and CDP’s journaling feature allows data to be recovered from a state just before an attack, sometimes measured in minutes or even seconds.
Some things don’t change that much—the IDC report recommends a layered, multi-modal approach in any event. VARs working with any size data storage client should keep that in mind. Good plans, good habits and the right mix of technology can go a long way to keeping your clients’ data protected.