Building cyber resilience in your business
No organisation today can get away without a cyber security strategy. The constantly evolving nature of threats means businesses are compelled to take preventative action including maintaining IT system updates, employee awareness training, and regular testing of its disaster recovery strategy.
Ian Engelbrecht, Senior Systems Engineer, Africa at Veeam Software, says it’s not enough to look at security in isolation, businesses need to take a more holistic approach to protecting their most valuable asset: their data.
Instead of thinking about cyber security, he asserts, they need to be thinking of cyber resilience.
“Cyber resilience goes beyond simply avoiding the ongoing and growing cyber security risks businesses face in this day and age. It takes a much more comprehensive approach, including strategies for protection, but also the mitigation of the impact in the event of a breach or attack,” he explains.
This includes not only traditional security, but more importantly, integrates backup and recovery, something that has, in the past, been addressed separately.
The edge complicates security
One of the critical factors driving the need for a cyber resilience approach is the change in the way organisations manage data.
“With the accelerated rate of change driven by emerging technologies, we’ve seen a change in where data is created and stored. Today, data isn’t always securely stored in a data centre, but rather closer to the edge of the network, creating data sprawl,” says Engelbrecht.
This move of data towards edge data centres, Internet of things (IOT) devices and other devices is being driven by the demand from customers who want faster access to their data and, in order to deliver this, the data needs to be stored closer to the point of consumption.
This move to the edge has created a multitude of potential vulnerabilities in an organisation’s cyber defences, and criminals have been fast to exploit this. The surge in ransomware attacks is one of the manifestations of the change in the way criminals are targeting IT infrastructure.
The Wannacry attack in 2017 not only targeted active data storage devices, but specifically sought out backup servers and, by locking companies out of their backups, ensured there was no way for companies to restore their data without paying up.
Engelbrecht encourages businesses to follow the 3-2-1 rule, which states that organisations must create at least three copies of their data, store the copies on two different types of media, and keep one copy stored offsite. By following this approach, organisations will always have an available and usable backup of their data and systems.
The return of tape
“The Wannacry attack forced businesses to turn to tape as a backup medium, a technology that many thought had had its day,” he says. “Tape, once again, became an important storage medium because it was air-gapped, meaning no hacker could infect the medium as it was physically unavailable.
“Unfortunately, restoring from tape is not efficient because of the way data is stored. You need to wind the tape to the point where the data you need is stored, not ideal when time is of the essence or you only need a specific data set.”
Prabashni Naidoo, Director at Amazon Web Services South Africa, adds: “For a number of companies, the traditional way of storing tape backups is costly and not knowing the recoverability of those backups is a concern.”
Taking advantage of cloud for backup
With the rise in cloud services, it was inevitable that this would become one of the preferred strategies for backup.
“Cloud also brings additional benefits to the customer and enables them to replace existing disaster recovery facilities with cloud-based environments, reducing costs and complexity,” she says.
While moving to the cloud ensures it’s possible to retrieve data quickly and efficiently from anywhere in the world, traditionally, it hasn’t always offered any additional protection from ransomware attacks.
“If your infrastructure is vulnerable to an attack, whether it is on-premises or in the cloud is largely irrelevant,” comments Stéphane Berthaud, Senior Director Technical Sales, France and Africa at Veeam Software. “Once an attacker is inside your network, they are able to target any systems that are not adequately protected, irrespective of their location.
“It is, however, possible to take advantage of the benefits of cloud and write once read many (WORM) technologies, equivalent to the protection offered by tape,” he says.
Engelbrecht explains that through the use of an immutable S3 bucket, a business can use an object storage bucket as a WORM storage device.
“Customers can configure object lock at the object- and bucket-levels to prevent object version deletions prior to pre-defined dates. This protects customers against ransomware attacks by ensuring that their data stored in object-based storage is always recoverable and can’t be overwritten,” adds Naidoo.
“Cyber resilience is about making sure you are prepared for the worst-case scenario, but that doesn’t mean that you should have to compromise on the agility of your infrastructure. By taking advantage of the always available infrastructure and global redundancy of public cloud providers as a backup location and leveraging the inherent protection of immutable storage, it is possible to protect yourself against cyber attacks without compromising,” concludes Engelbrecht.
Read more about designing and budgeting for object storage by downloading this white paper.