London is an amazing place. I can’t begin telling you all that I’ve seen and recorded with dozens of cell phone pictures that luckily will endure any demise of my device. This, of course, is thanks to automated cloud backups that will ensure data resiliency for all the memories I’ve captured.
Losing memories or data can be a sad or catastrophic thing. I’d be able to recover from the loss of a few important files (images), but my company might not, depending upon what they contained.
The loss of critical business data could disrupt operations for days, maybe weeks; the loss of personally identifiable information—especially here in the EU—could result in reporting requirements and considerable fines now that GDPR is in effect. Data resiliency or the ability to recover from a cyberattack such as ransomware is just no longer a nice-to-have strategy.
My previous posts covered the basics, describing steps any security team should be taking to defend themselves against cyberattacks and emphasized the need for data backups to be stored outside the enterprise network, so that any successful perimeter breach wouldn’t provide an ability to corrupt “shadow copies” of critical data. All very sage advice, but there’s yet another requirement for a truly robust system: your disconnected backups and anything you’ve archived to object storage shouldn’t be entrusted to a single destination or third-party.
Safety in Numbers
There’s always a chance that an offsite disaster recovery facility could be physically damaged by some natural disaster such as a fire, flood, tornado, etc. This is one of the traditional reasons why companies choose disaster recovery sites located in a different region than their on-premises data centers. This geographic distribution should mitigate any “act of God” business disruptions, but the Internet generally reaches all destinations so physical distance doesn’t protect against cyberattacks.
Data can be split into several parts as it’s written to object storage, but most services follow a simple “sharding” process based on file capacity with the intentions of speeding access to subsets of the data for better performance.
The patented technology within DataKeepTM, SPxCore, takes an entirely different approach that randomly splits anything sent through its Object Store Agent into multiple pieces that can be stored in separate buckets. This further improves data resiliency by requiring an attacker to understand the data distribution technology and number of selected destinations.
You also don’t want to depend upon a supplier to create and manage these multiple images. Cloud vendors are not liable for data loss, you are. Done right, your cloud vendor has no idea what you’re storing in its buckets as the data is encrypted locally before uploading and you create and manage the only key(s).
Redefining Access Controls
Beyond improved resiliency, lower costs and faster retrieval speeds, a cloud object storage resource offers another level of data protection because its contents are written and retrieved (PUT and GET) through an API rather than a traditional file system. This added bit of network complexity will stall any attackers moving laterally across your network in search of data to steal or encrypt.
Security teams sending archival or data backups to the cloud must separately define access control policies for buckets that differ from those contained within a directory service such as Microsoft Active Directory (AD) or Linux’s Lightweight Directory Access Protocol (LDAP). These new definitions should be very narrowly defined (Least Privileged Access) to security policy administrators further limiting any damage associated with a more general user’s compromised credentials.
More Power over Cloud Vendors
Using a single location to store your data means relying on a single vendor more than you need to. This can result in what is commonly known as vendor lock-in, i.e. the switch to another provider will be such huge time and money sink that businesses will stick with their current vendors however they’re treated.
For example, suppose a cloud vendor decides to up their price by a hefty margin. In a competitive market, you should theoretically be able to switch to another one with similar services and better rates. Also, what happens if your chosen provider gets hacked? Will you still feel comfortable with the future safety of your data? In either case, if your data is hosted within a single cloud service provider (CSP), the transition will be an enormous undertaking that most organizations would rather not go through.
On the other hand, if you’re using multiple CSPs to store your data, the power that a single provider has on your business is significantly lower. This allows you to make decisions that help your organization’s long-term bottom line without widespread disruption during transitions or cyberattacks.
Data Resiliency and Lifetime Memories
There’s no hard-and-fast rule to improving data resiliency. In fact, it takes a lot of safety measures that come together to ensure you are truly resilient to any sort of attack and storing your backups in multiple locations is certainly one of the most critical that I can think of in this context. The aftermath of cyberattacks like ransomware are simply devastating for businesses that are caught off guard. In fact, a Deloitte research study estimated the costs can run into the hundreds of millions when including both opportunity costs as well as direct costs incurred for recovery.
Imagine the peace of mind knowing that not even a ransomware attack can truly cripple you, at least not for very long. Even if the worst happens and an attacker penetrates your defenses, your systems can be up and running in no time. You don’t have to waste time dealing with an attacker who has held your data hostage, create an account and buy some Bitcoin, or hire some outside experts to perform a forensic investigation or try to break the encryption that is locking you out of your own data.
Simply clean your systems, restore from your safely-stored backup, and get back to business as usual—re-image, reboot and reload. It’s not unlike replacing a lost, damaged or stolen smartphone.
Contact SecurityFirstCorp.com for help and advice on your company’s cyber security.