Skip navigation

In the Face of Ransomware, Is Your Cloud Data Safe?

Peter Smails is Vice President of Marketing and Business Development for Datos IO.

I’ve spent much of my career focused on enterprise backup, recovery and disaster recovery. Two big shifts in the market have taken many vendors and IT professionals by surprise: First, new application platforms are not just cloud-first, but often touch multiple clouds. Second, ransomware attacks against these same platforms are emerging as a very significant threat.

Prevention is a critical part of an overall protection strategy to combat ransomware. But given the rapidly evolving threat, it’s likely that even organizations with strong security technology and policies will be affected.

While CIOs and IT administrators evaluate the strategies and dangers posed by these attacks, there are additional steps to help ensure protection through data backup. Backup strategies won’t necessarily prevent an attack from occurring, but can serve as a crucial last line of defense enabling organizations to destroy all affected data and then restore it from a backup taken before the data was infected.

The rapid rise of multi-cloud infrastructure and next-generation cloud applications, in which the data resides in multi-cloud and hybrid cloud environments, adds an additional layer of complexity to the challenges of ransomware. A common misbelief held by many CIOs is that data in the cloud is immune to ransomware attacks but this is not the case.

Next-generation cloud applications are quickly becoming a new target for criminals. Cloud applications are running businesses and are big, high value targets with tens or hundreds of terabytes of sensitive data. Financial institutions, for instance, store years of account or trade records and create unified views of the customer. And retailers have created critical e-commerce capabilities that drive loyalty programs and generate customized offers.

Compounding the problem, these applications are almost always directly connected to the Internet. The underlying databases are open to query by different systems, and are often exposed to attack because of that. These applications have also emerged quickly driven by business teams (rather than IT), and lack robust processes for security, availability, backup, recovery and other enterprise functions that are standard for on-premises infrastructure.

Recently, more than 34,000 MongoDB servers were compromised, with attackers demanding $150 to $500 in ransom to restore data. And a 2016 study found that over 5,300 Hadoop installations were exposed to the internet and had insecure configurations.

Cloud providers recommend maintaining independent backups of the databases and applications to ensure organizations can recover applications independent of any specific cloud. Effective backup and recovery is critical, but traditional approaches to backup don’t provide effective recovery or protection from ransomware for these applications for a variety of reasons. For instance, traditional LUN or VM-centric backup solutions are not designed for the cloud, making the process incompatible with the distributed, scale out nature of most modern applications. Traditional backup solutions also do not address the eventually consistent nature of today’s modern applications live, wherein data is committed to a node, and then eventually written to other nodes for redundancy but may not be present on every node.

Modern data protection solutions must therefore be application-centric in order to create a consistent point-in-time backup of the database. Other issues include lengthy restore processes and unreliable point-in-time recovery due to traditional backup’s inability to quickly restore distributed databases — especially across or between clouds – to the required point-in-time prior to infection.

How can you ensure reliable backup and recovery capability for next-generation multi-cloud applications? Here’s a list of best practices and capabilities you should put at the top of the list:

  • Focus on applications rather than infrastructure. Infrastructure is quickly becoming invisible, particularly in the cloud. Backup and recovery need to work at the application level to be effective.
  • Stay cloud-independent. Ransomware, cloud outages and common business sense make it desirable to work across major public cloud platforms, as well as hybrid cloud and private cloud platforms.
  • Architect for flexible recovery to any cloud or cluster topology. You never know when you’ll need to use a different cluster, different data center or different cloud for recovery.
  • Support any point-in-time recovery. This is critical for ransomware, and important for any outage in general.
  • Use infrastructure efficiently. The cloud can be cost-effective if used efficiently. Many approaches to backup make copies of already redundant data. You need a solution that provide efficient backup storage for any cloud, NFS, or object storage platform.

As enterprises continue their journey to build and move applications to the cloud, following security best practices is crucial. It’s important to review these and take steps to limit exposure, but ransomware will get through with almost statistical certainty. And when that happens, backup will be that last line of defense that enables you to delete data under attack and restore from an earlier copy of data. If backup and recovery is not already part of your strategy against ransomware, it should be.

Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish