By Tony Liau, Vice President of Product
Marketing at Object First
It's hard to remember life before the cloud.
Today, this $800 billion market
has defined digital transformation, with six out of ten
businesses migrating workloads into the cloud, and this trend isn't slowing
down. Cloud can help enterprises save on infrastructure and operational costs
while enabling more flexibility and scalability.
But each technology has its drawbacks.
Cybercriminals have continuously attacked enterprises in the cloud, whether
they're data breaches due to poor security measures or cyber criminals
accessing sensitive data by account hijacking. This is why the importance of data security cannot
be understated in today's business environment. With increasingly sophisticated
cyberattacks, having a reliable security posture is essential. Check out these
top three tips for staying secure while reaping the benefits of the cloud.
Ensure Your Data is
Immutable
One of
the most rampant attacks today is ransomware-malware that encrypts an
organization's data and demands a ransom be paid to decrypt them. In
a 2022 study commissioned by data protection company Veeam, the results showed
that 52% of organizations attacked with
ransomware paid a ransom to get their data back. Unfortunately, only 24%
of those companies got their data back despite paying the ransom. No matter
where organizations hold their data, a cybercriminal lurks around the corner,
waiting for their golden opportunity.
It is vital to ensure your data is immutable, as this
prevents attackers from encrypting it with ransomware. If data is immutable, it
cannot be changed or deleted and cannot be encrypted. This is important for
primary production data and backups, as attackers now target these with
ransomware. Consequently, you must ensure the immutability of your backup data.
One of the simplest and easiest ways to do this is by
leveraging object storage and the native object lock feature. Object lock can help prevent objects from being deleted or
overwritten for a fixed amount of time or indefinitely.
Adopt a Hybrid Approach
The most effective way to protect your data is to have three
copies on two different media types, with one copy stored off-site. The cloud
alone cannot provide this level of protection, so it must work in tandem with
on-premises infrastructure and storage. Adopting a hybrid approach gives you
access to your data both in the cloud and on-premises. Even the most robust
cloud security can be penetrable, making on-premises backup storage critical to
your overall data protection strategy.
Furthermore, the
cloud is limited by an organization's internet bandwidth, whereas on-premises
infrastructure and storage allow for much faster speeds. If cyber attackers
compromise data in the cloud, hold it hostage for ransom, or even damage or
destroy it, IT teams will still be able to leverage the on-premises
infrastructure and copies of data to recover and restore everything rapidly.
Test your
strategy
Performing
either of the previous steps will bolster your cyber-security recoverability,
but to truly achieve resilience, time must be set aside for testing.
Unfortunately, this is where many organizations spend the least amount of time.
Once the money is spent, and the infrastructure is architected, there is always
an assumption that everything is good to go and resources should be focused
elsewhere, but this isn't the case. Ransomware is an ever-evolving threat, and
the steps required to recover from each unique malware are always different.
Ensuring your IT
team has walked through a complete recovery scenario, assuming the absolute
worst-case scenario, is the only way to be prepared for the inevitable. Savvy
IT teams will set aside time every quarter, or every month, to run through a
gamut of recovery operations and even download samples of the latest ransomware
to test in black box environments. Knowing how long it may take to recover an
environment, how many places the data is located, and understanding the
difference between recovering from primary on-prem storage vs. cloud are all
things a tested IT team can be ready for when the worst strikes.
Be Ready
The old phrase:
"knowing is half the battle," could not be more appropriate regarding
cyber-security. Knowing how to prepare, stay on guard, and respond to
ransomware regardless of infrastructure will always yield a more measured and
positive outcome than just spending and trusting that someone else will have
your back. The cloud is a great tool when you need infrastructure in a snap,
but it also still requires vigilance by the IT team using it. Ensuring data is
immutable, a hybrid approach is leveraged, and testing the worst-case scenarios
will ensure a proactive IT team doesn't find themselves paying the ransom when
the worst becomes a reality.
##
ABOUT THE AUTHOR
Tony Liau is a seasoned
executive with experience building high-impact teams. He serves as Vice
President of Product Marketing for Object First - a new object storage startup
on a mission to eliminate ransomware and simplify data protection. In this
role, he is responsible for corporate strategy, messaging, positioning,
go-to-market, thought leadership, and the overall marketing engine.