Recently, I read an article that an organization gets hit by ransomware every 14 seconds. In 2021, it is expected that it will be every 11 seconds. That is a very sobering statistic. Consequently, there is not one day in the life of an IT person that the subject of ransomware goes unmentioned or undiscussed. Today alone, I had two meetings with customers who wanted to talk about Cyber Recovery. In both meetings, I could hear the worried tone in the customers’ voices as they asked questions about Cyber Recovery solutions.
Let’s dive into Cyber Recovery, which is very different from Disaster Recovery. While there are common components in Cyber Recovery and Disaster Recovery designs, Cyber Recovery systems have a few sophisticated components that set it apart. Both systems have compute, storage, networking, and a backup system replication target, but a Disaster Recovery system is connected to the production system at all times for continuous online replication. That means if data in your production system is compromised, more than likely you just replicated that compromised data to your Disaster Recovery system—which means this is not a good solution to protect you from a cyber attack.
A Cyber Recovery system needs to be in a Cyber Vault environment – a physically and virtually isolated system that has the data center components. A virtual airgap between the two systems is managed by a vault system that automates the network link to stay up and to shut down. At the end of a root volume copy from the primary backup storage system to the Cyber Vault backup target system, that link is shut down. The Cyber Vault backup storage is also an immutable file system (WORM-Write Once Read Many), meaning data cannot be altered or modified, and therefore cannot be crypto-locked, either.
Another component of the Cyber Vault is vault system software that can inspect the copied data heuristically using machine learning and analytics to identify anomalies and isolate them. The last component is that the access controls and permissions to the vault must be entirely separate and distinct from the production systems. The owner of the Cyber Vault must have the compliance and governance responsibility to manage and administer it. Let’s face it: Malicious attacks also occur inside your organization, either through bad intent or inadvertent actions. Call it an inside job, if you’d like.
Let’s run through it. You walk in one day and you discover that the whole data center is crypto-locked. You just got hit by ransomware! You go to the vault and recover your data to the vault compute and storage from the vault backup copies. In the meantime, your data center team is rebuilding and hardening your stack. Now you are ready to take your Cyber Vault restored data and integrate it into your clean network. Sure, the recovery time is probably longer than the traditional Disaster Recovery process, but you are able to restore your data without paying the ransom.
It’s a lot to take in, but the reality is that there is no getting past the cost of cyber protection. It’s just a matter of whether you want to pay now to proactively protect your data or have to pay a ransom later.
Have concerns about ransomware?
The ConvergeOne Ransomware Readiness Workshop focuses on your organization’s readiness to withstand a ransomware attack. During this workshop, ConvergeOne Data Center Experts will analyze your environment and determine if Cyber Vaulting is the right fit for your organization.
Topics: Data Center