Written by Warren Arnold, Senior Technical Marketing Manager, Nasuni
There are many different approaches when it
comes to securing an IT infrastructure and critical data, and tools from which
to choose. A seasoned Chief Information Security Officer (CISO) knows that
achieving 100 percent security is a nearly unattainable goal, as the threat
landscape changes constantly. In this article, we talk about how the resiliency
and fast recovery options offered by your file storage solution can be an
extremely effective part of your strategy.
Ransomware
has emerged as a top threat to enterprises, their files and storage, as well as
everyday operational continuity. Email is still the top method of communication
in most companies, making phishing extremely effective, and meaning ransomware
won't be going away anytime soon. Knowing this, an experienced CISO will
architect their infrastructure to be able to endure an infection and minimize disruption to their operations
rather than focusing solely on making their perimeter impenetrable.
As more organizations entrust data to the cloud for its strength of security, there are
many things to consider when increasing a network's ability to withstand an
attack. Increasingly, CISOs can turn to innovative uses of existing technologies
to augment their security strategy. For
example, leading approaches to global file management and primary storage are
highly effective at mitigating the effect of ransomware.
Ransomware
attackers turning focus to the enterprise
Cybersecurity
Ventures estimates that ransomware will have cost companies more than $8
billion in 2018 and that number is expected to grow to $11.5 billion in 2019.
This value doesn't just come from paying ransoms, but from the downtime that
results, which leads to lost productivity and revenue, as well as the recovery
process itself. In 2018, enterprises represented 81 percent of infections, a 12 percent
increase from 2017.
Prior
to 2017, consumers were the most heavily targeted by ransomware. One reason for
the shift to targeting enterprises occurred because consumers stopped paying ransoms.
They didn't need to. Most only use mobile devices, which are fully backed up,
making a complete restore very fast and easy in the event of an infection.
After
an attack, the quickest restore possible is the name of the game, but what
options are available to facilitate the recovery process, lose none or a
minimal amount of data, and do it fast? Enterprises can certainly take a page
from the consumer's playbook and improve security by rethinking data
accessibility and disaster recovery.
Your
global file system + cloud storage = ransomware protection for all your
unstructured data
80 percent of organizations' data is
unstructured -- text documents, graphics, CAD files -- which are easy to
restore in certain environments. A global file system, in charge of
coordinating document contributions and version control from teams across many
locations, for example, could snapshot changes to files roughly every 15 minutes,
and more frequently for active hot data. Enterprises leveraging a cloud or
hybrid cloud environment could then
send those deltas, fully encrypted with their encryption keys, to their
cloud-based storage, accepted as one of the more secure options available,
which is quite a contrast to just a few years ago.
This combination of simple solutions can make
restoring this 80 percent of data - including the application files used to
conduct business today - a very fast process, and in many cases, in as little
as 15 minutes. Enduring just 15 minutes of downtime after an attack would
greatly minimize losses in comparison to taking hours or days to recover. A
CISO who knows this can advise their board with confidence to follow the FBI's advice
and never pay a ransom.
If
the idea of protecting all your unstructured data is appealing, do keep a few
items in mind. Not all file systems work the same. One that relies on local
disks will not be able to achieve adequate granularity, and it will run out of
space. Only a limited number of snapshots can be stored locally. A better
strategy is to leverage a global file system that saves directly to the cloud
where capacity is not an issue. With this configuration, the snapshot becomes a
true immutable point in time copy - much more than just a backup. By storing
the master copy and all its metadata in the cloud, it also relieves the sheer
volume of data that would need to be restored after a loss, making the recovery
process that much faster.
For an extra layer of data security, each
snapshot should be written to WORM (write once, read many) storage systems,
ensuring that the data's integrity is preserved and that restores can be
performed from a viable, clean version. Often, data snapshots can be corrupted
by malware, rendering them unusable for system recovery. Since WORM data cannot
be altered, IT administrators will have many more strong options from which they can select a restore
point.
Increasing
resiliency and speed of recovery using a global file system is an extremely cost-effective
way to prevent undue business interruption. Depending on the frequency of
snapshots, a business may only miss a few moments of productivity before it is
back up and running. After all, not missing a beat due to an attack is the
security endgame all CISOs are after.
##
About the Author
Warren
Arnold is senior technical
marketing manager at Nasuni. The company's platform enables enterprises to embrace a new approach to file
storage, synchronization and collaboration that combines the performance and
control associated with traditional network attached storage and the unlimited
capacity, inherent resiliency and economy of the cloud. With more than three
decades of information technology expertise in senior-level sales and systems
engineering roles, Arnold provides the technical expertise needed to deliver
detailed, accurate evaluations for customers, presentations and training. Prior
to joining Nasuni in 2011, he developed and led the sales and systems
engineering program at EqualLogic. Previously, he held system engineering
management positions at Lucent, Ericsson, Chipcom-3Com and Harris Corporation.