Ransomware remains a threat to business data. It’s becoming increasingly common to hear stories of businesses becoming victims of malware, their infrastructure infected and taken hostage by trojan viruses, and their data encrypted against the company’s will. When it comes to data security, then, there is no such thing as paying too much attention. This is true of all data and all storage tiers. How can business efficiently protect their data against cyber-attacks and prevent damage caused by ransomware?
Affected companies are advised not to accede to attackers’ demands and pay the requested ransom. A brochure from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) shows the danger of ransomware and provides recommendations for how to respond to an attack. Payment of the ransom is no guarantee that the encrypted files will actually be released. Instead, there is a risk that the attackers recognise that the infected company is willing to pay and demand even more money.
The more advisable strategy is to secure files using a dedicated storage strategy that guarantees the maximum possible level of data protection. This will not protect against criminal attacks, but it will help to limit the damage that attackers cause by encrypting company data.
Backup plans
With a reliably implemented and carefully thought out backup strategy, you will meet a basic requirement for restoring access to data that has been infected with ransomware – or rather, for restoring access to the backup copy of that data. Three questions arise, in light of the constant increase in data volumes and legal regulations:
- How can the data backup volume be reduced, in order to keep backup times and financial costs as low as possible and to reliably meet the backup schedule?
- How can you ensure that backups are not also infected? How long should backups be retained in order to have access to a “clean” version in case of damages?
- How can you efficiently protect archived files that are no longer part of a regular backup process against ransomware, and how can you restore them quickly in case of damages?
Storage optimization
In other words, dealing with the threat of malware also means optimizing your storage infrastructure. A smart storage strategy offers more than just the potential for cost savings. In fact, optimizing your storage architecture can contribute significantly towards protecting you against malware.
- Relieve your primary storage system of inactive data and make it easier to stay on top of your backup plans.
Primary storage systems are often overloaded with old data that is never, or at least rarely, accessed. This data takes up unnecessarily expensive storage space on the high-performance primary system. It also increases backup volumes dramatically – and unnecessarily increases the time required to back up data. In practice, inactive data can typically be moved right over to more cost-effective archive storage with no impact whatsoever on day-to-day workflows.
Given the time and financial savings that result, relieving the load on primary storage in this way makes it easier to meet backup schedules. - Protect your archived data, too, with replication and offline access to storage media.
Just because data is “inactive” does not mean that it is no longer important or in need of protection. Quite the opposite: Archive files are often exactly the kind of files that are subject to legal retention requirements or business-specific compliance rules. They can also be a key resource for analyses of long-term trends. These files need to be protected against cyber-attacks just like any other.
Use replication to improve the security of your archived data: store it redundantly in different locations, using different technologies. You can improve security further by using dedicated storage media: One criterion might be whether your archive storage can be accessed offline. If data is archived in a format with no network connection, it cannot be attacked over the network. The gold standard here would be the so-called “air gap” that makes e.g. magnetic tape such a highly recommended and secure storage medium for archived data.
The protection of data against ransomware is not an issue to be considered alone. It can be connected very closely to fundamental aspects of your storage architecture and archiving strategies. When it comes to audit-compliant archiving, for example, data needs to be saved in a format that prevents unauthorised deletion or manipulation.
Security for your archived data
A storage solution – a combination of storage hardware and software – that meets the requirements for revision-safety may protect data using WORM (write once, read many) functionality. This is the principle by which data can be written only once, after which it cannot be edited or overwritten. The PoINT Storage Manager is a storage software system offering exactly this kind of WORM protection. It also “hides” archive media from ransomware: if the archive storage system is integrated via the PoINT Storage Manager, a direct file system access becomes impossible.
If data on offline storage media is also automatically replicated, it is then effectively – doubly, in fact – protected against ransomware infection. The storage software used should therefore also support the maximum possible range of storage technologies, allowing you to seamlessly integrate offline storage media like tape or optical drives into your storage infrastructure.
This way, the PoINT Storage Manager helps you to efficiently relieve the load on your primary storage system and therefore your backups, too. At the same time, it also helps you to redundantly secure your archive by replicating data to offline systems.
Conclusion
Protect your data against ransomware with regular backups, a thoughtfully implemented storage infrastructure and a secure archiving strategy. A reliable storage and archiving software system will not just help you to meet legal requirements – it will also enable a strategy for ensuring the security and availability of your data in spite of the threat posed by malware.
We appreciate your feedback about the PoINT blog and this blog post. Please contact us at info@point-blog.de.