It is time to focus more on the recoverability of data
This is an exclusive interview conducted by the Editor Team of CIO News with Anay Pathak, Global Account Manager, Data Protection Solutions at Dell Technologies
I am currently working as a Global Account Manager and one of my key focus areas is to understand customers’ business challenges around recovering data when their production environment is compromised due to ransomware and how we can assist them in such a scenario. After an attack, your organization might take many steps, but they will begin and end with recovery. Backups are easy target and attackers target at deletion/corruption of backups, so it is important to protect data as well as copies of data. While we all focus on digital transformation in the new normal, we are also looking at billions of connected devices, which give easy access to malicious attacks in the connected environment and can lead to downtime as well as business or revenue loss.
During consulting, one of the key areas is to understand what the guidelines for ransomware protection are and how to recover the data in case business-critical data is compromised. Most of the analysts will talk about keeping the backup copy offline so that recovery is possible from the offline copy. Think of a smart and highly available offline copy which can streamline the process of recovery in case of an attack. Even more, if there is a malware in the production environment it’s good to push a copy in a passive form into the vault, stopping the oxygen flow by restricting connectivity, and then detecting and cleaning it (even before it is activated).
When we talk about cyber security, perimeter security plays a key role, and that’s where all the intrusions into the network are identified and isolated. But in the modern era, we talk about zero trust architecture where we need to look at multiple touchpoints and how we can build an architecture which is more resilient and can help key business stakeholders by recovering the data which is critical for their business.
It is time to focus more on the recoverability of data in case you are compromised (NIST) or the availability of data which can run your business in the event of an attack (CIA).
Some of the key points to consider when we look at the availability of data and ensure businesses can recover the data from backups are:
- Disaster recovery is not CR. With CR (Cyber Resiliency), businesses are enabled to keep the crown jewels of business in an isolated offline environment (Airgap). In today’s world, CR should be part of your BCP (Business Continuity Planning).
- Ascertain that the Air Gap is configured in accordance with best practises and that there is no connectivity to this isolated environment. The Cyber Vault (an isolated server room) has no connectivity to the outside world (internet).
- Businesses should take out time & do a risk analysis on their data so that they are able to identify the crown jewels & ensure they are part of a Cyber Resiliency Architecture.
- The Cyber Recovery Vault is not only logically restricted (from connectivity and network), but any physical access to the vault should also be monitored proactively all the time.
- There should be a way to analyse the data inside the vault which can proactively detect any malicious activity in the backup data and highlight the same to security SME’s for them to act. Analysis should be intelligent enough to check meta data as well as actual content during the scan to detect ransomware accurately. Accuracy is so critical when it comes to security. False positives should be minimised while true alerts should be highlighted with accuracy.
- Even though the cyber vault is behind an AIR GAP and is an isolated, immutable copy of data, it is important. In the worst case, even if the worm is inside the vault, it cannot be activated and no changes can be made to the purpose-built backup appliance, if TRUE immutability is in place.
- There are multiple architectures and design strategies to create a vault. Ransomware itself will continue to evolve, so you want a simple enough architecture that avoids becoming brittle. Therefore, you will need to decide where you want to build in architectural flexibility for the future.
Leaders should follow my above observations and thoughts around best practises and how businesses can be ready with a Cyber Recovery solution which can save the hassle of losing the data in the event of a ransomware attack.
About Anay Pathak:
- 16+ years of experience in DC virtualization, public cloud, data management & Cyber Recovery.
- Currently working as Global Account Manager, Data Protection Solutions at Dell Technologies with key focus on Data Management & Cyber Resiliency.
- Have many IEEE papers in his name & taken part in various Technical conferences across the world as Technology Evangelist talking about trends & adoption of next gen technology.
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics