By Tony Liau, Vice President of Product Marketing at Object First

It's hard to remember life before the cloud. Today, this $800 billion market has defined digital transformation, with six out of ten businesses migrating workloads into the cloud, and this trend isn't slowing down. Cloud can help enterprises save on infrastructure and operational costs while enabling more flexibility and scalability.

But each technology has its drawbacks. Cybercriminals have continuously attacked enterprises in the cloud, whether they're data breaches due to poor security measures or cyber criminals accessing sensitive data by account hijacking. This is why the importance of data security cannot be understated in today's business environment. With increasingly sophisticated cyberattacks, having a reliable security posture is essential. Check out these top three tips for staying secure while reaping the benefits of the cloud.

Ensure Your Data is Immutable

One of the most rampant attacks today is ransomware-malware that encrypts an organization's data and demands a ransom be paid to decrypt them. In a 2022 study commissioned by data protection company Veeam, the results showed that 52% of organizations attacked with ransomware paid a ransom to get their data back. Unfortunately, only 24% of those companies got their data back despite paying the ransom. No matter where organizations hold their data, a cybercriminal lurks around the corner, waiting for their golden opportunity.

It is vital to ensure your data is immutable, as this prevents attackers from encrypting it with ransomware. If data is immutable, it cannot be changed or deleted and cannot be encrypted. This is important for primary production data and backups, as attackers now target these with ransomware. Consequently, you must ensure the immutability of your backup data.

One of the simplest and easiest ways to do this is by leveraging object storage and the native object lock feature. Object lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

Adopt a Hybrid Approach

The most effective way to protect your data is to have three copies on two different media types, with one copy stored off-site. The cloud alone cannot provide this level of protection, so it must work in tandem with on-premises infrastructure and storage. Adopting a hybrid approach gives you access to your data both in the cloud and on-premises. Even the most robust cloud security can be penetrable, making on-premises backup storage critical to your overall data protection strategy.

Furthermore, the cloud is limited by an organization's internet bandwidth, whereas on-premises infrastructure and storage allow for much faster speeds. If cyber attackers compromise data in the cloud, hold it hostage for ransom, or even damage or destroy it, IT teams will still be able to leverage the on-premises infrastructure and copies of data to recover and restore everything rapidly.

Test your strategy

Performing either of the previous steps will bolster your cyber-security recoverability, but to truly achieve resilience, time must be set aside for testing. Unfortunately, this is where many organizations spend the least amount of time. Once the money is spent, and the infrastructure is architected, there is always an assumption that everything is good to go and resources should be focused elsewhere, but this isn't the case. Ransomware is an ever-evolving threat, and the steps required to recover from each unique malware are always different.

Ensuring your IT team has walked through a complete recovery scenario, assuming the absolute worst-case scenario, is the only way to be prepared for the inevitable. Savvy IT teams will set aside time every quarter, or every month, to run through a gamut of recovery operations and even download samples of the latest ransomware to test in black box environments. Knowing how long it may take to recover an environment, how many places the data is located, and understanding the difference between recovering from primary on-prem storage vs. cloud are all things a tested IT team can be ready for when the worst strikes.

The old phrase: "knowing is half the battle," could not be more appropriate regarding cyber-security. Knowing how to prepare, stay on guard, and respond to ransomware regardless of infrastructure will always yield a more measured and positive outcome than just spending and trusting that someone else will have your back. The cloud is a great tool when you need infrastructure in a snap, but it also still requires vigilance by the IT team using it. Ensuring data is immutable, a hybrid approach is leveraged, and testing the worst-case scenarios will ensure a proactive IT team doesn't find themselves paying the ransom when the worst becomes a reality.

##

ABOUT THE AUTHOR

Tony Liau is a seasoned executive with experience building high-impact teams. He serves as Vice President of Product Marketing for Object First - a new object storage startup on a mission to eliminate ransomware and simplify data protection. In this role, he is responsible for corporate strategy, messaging, positioning, go-to-market, thought leadership, and the overall marketing engine.