By Bill Tolson, Vice President of Marketing, Archive360

Today, many organizations are reevaluating their data protection and security strategies given the number of hacking and ransomware attacks that have held the headlines consistently over the past year.  New and increasingly nefarious threats are seeming to appear on almost a weekly basis.

Traditional backup has been used for decades as a virtual insurance policy as a  means by which to recover from such attacks. The goal has been that should a cyberattack take place, or something as common as a data corruption or local data loss event, data that has been backed up to tape or disk and stored in an off-site location can be reinstalled, and business can be up and running in short order. Of course, cyber-criminals are getting smarter, finding ways to corrupt backup data as well.  And, I think we can all agree that finding and reinstalling data from tape is a tad less than an “immediate” and “complete” solution.

Trying to Stay One Step Ahead of Cyber-Criminals

As mentioned, with ransomware in mind, an increasingly prevalent problem with traditional backup is that the backup server can be quickly infected by ransomware as well. A ransomware cyberattack is sometimes intentionally delayed, timed or designed to ensure all backup systems are also infected. In other words, when the insurance copy of data is backed-up, it brings the ransomware right along with it, thereby infecting all of the backup data and systems as well.  

In many cases, it can then take weeks or months for companies to recognize that they were hacked. During that time, uninfected server backups are overwritten with the malware or ransomware, infecting the backups. After a predetermined period, the hacker triggers the ransomware and the company has no way to repair it. 

Because of the nature of ransomware attacks and the fact that backup and disaster recovery (DR) are not protection anymore, a new method of data protection needs to be leveraged. This means the only way to beat this type of cyberattack is to generate a “gold copy” backup before infection and completely isolate it so that when needed, it is pristine and available for use. This process is known as Isolated Recovery – the recovery of known good or clean data. The problem is how do you know when you have an uninfected backup? The only way to be sure is to generate golden copies on a regular basis so that when an infection does occur, the company can fall back on the last clean backup.

Isolated Recovery and Air Gaps

Segregating every backup copy is generally not feasible, so the isolated recovery process is best aimed at mission-critical data the organization is reliant on to ensure the business can recover quickly and maintain and/or regain business operations.

Isolated recovery depends upon the principles of isolation, and “air gaps,an isolated storage repository that is disconnected from the network and restricted from users other than those with proper clearance, needs to be established. Given these requirements, it stands to reason that this isolated environment can be potentially set up in a cloud environment.

Air Gaps and Immutability

Air gaps are a bit more challenging. An air gap stresses that a storage system be disconnected from the outside world. By design, a cloud storage system is connected and accessible so IT can access it whenever and from wherever needed. It seems clear that the main requirement for isolated recovery systems is the “gold copy” status of the backup. One way to ensure the gold copy status of a backup in the cloud would be to write it to immutable storage. That immutable copy would be isolated due to its immutability and can be restored when needed. A recurrently scheduled, separate backup saved to Microsoft Azure WORM storage would provide a highly secure  isolated recovery option against ransomware. Organizations in specific industries, such as the financial and healthcare sectors, could use this method as yet another piece of their DR process.

This is not to say that isolated recovery should only be utilized for specific industries. Companies across all sectors with business critical data should look at this backup methodology as well.

Standing Strong and Fortified Against Future Attacks

So what can you do, today?  There are already many vendors and technologies that have tried to wiggle their way into saying they are a solution against today’s most vicious ransomware attacks.  There are also a number of vendors and technologies that have been built from the ground up to serve exactly that purpose. What you need to seek is a solution that can assist your organization in serving as the golden copy repository.  Ideally, IT professionals should seek solutions that offer proven integration with Microsoft Azure, as well as Azure-based security protocols. In addition, ideally the solution would offer an information management layer as well as additional security, access controls and integration with Azure immutable storage, while allowing you to maintain it in your own Azure tenancy. By storing known golden copies of your servers in your Azure tenancy, managed with proper retention policies, your organization can stand strong and fortified against all future ransomware attacks from whatever direction and form they arrive!

About the Author

Bill Tolson, Vice President of Marketing at Archive360, has more than 25 years of experience with multinational corporations and technology start-ups, including 15-plus years inthe archiving, ECM, information governance, regulations compliance and legal eDiscovery markets. Prior to joining Archive360, Bill held leadership positions at Actiance, Recommind, Hewlett Packard, Iron Mountain, Mimosa Systems, and StorageTek.  Bill is a much sought and frequent speaker at legal, regulatory compliance and information governance industry events and has authored numerous articles and blogs. Bill is the author of two eBooks: “The Know IT All’s Guide to eDiscovery” and “The Bartenders Guide to eDiscovery.” He is also the author of the book “Cloud Archiving for Dummies” and co-author of the book “Email Archiving for Dummies.” Bill holds a Bachelor of Science degree in Business Management from California State University Dominguez Hills.