Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
It’s all about the data.
One thing is clear. The “business value” of data continues to grow, making it an organization’s primary piece of intellectual property.
From a cyber risk perspective, attacks on data are the most prominent threat to organizations.
Regulators, cyber insurance firms, and auditors are paying much closer attention to the integrity, resilience, and recoverability of organization data – as well as the IT infrastructure & systems that store the data.
So, what does this mean for the security of enterprise storage & backup systems?
Just a few years ago, almost no CISO thought that storage & backups were important. That’s no longer the case today.
Ransomware has pushed backup and recovery back onto the IT and corporate agenda.
Ransomware groups (e.g., Conti, Hive and REvil) are targeting enterprise storage and backup systems, to prevent recovery.
Here are some of the headlines from those attacks:
These attackers realize that an attack on storage or backup systems is the single biggest determining factor to show if the victim will pay the ransom.
Some ransomwares – Locky and Crypto, for example – now bypass production systems altogether, and go straight for backups.
This has forced organizations to look again at potential holes in their safety nets, by reviewing their storage, backup and recovery strategies.
We published a research report at the end of last year, where we surveyed 200 infosec leaders within the financial services sector. One of the most shocking findings was…
“Almost 60% of respondents are not confident in their ability to recover from a ransomware attack”
There’s clearly a recognition that as an industry, we have blind spots.
Without a sound storage, backup and recovery strategy, companies have little chance of surviving a ransomware attack, even if they pay the ransom.
Isn’t my storage & backup vendor responsible for fixing security configurations and vulnerabilities?
Many storage managers and backup admins mistakenly believe that since their storage & backup vendors already provide patching and ongoing upgrades, they must also check for vulnerabilities and misconfigurations.
Unfortunately, that’s not quite the case.
While storage & backup vendors provide excellent tools to manage availability and performance of their infrastructure, they DO NOT do the same for the security and configuration of those same systems.
Some storage and backup vendors publish security best practice guides. However, implementation and monitoring of security features, and configurations is the responsibility of your organization’s infrastructure and/or security departments.
There are, however, a number of cybersecurity capabilities, ransomware protection solutions, and also configuration management features, provided by the storage vendors.
Air-grapped data copies
Adding an air-gap means separating backups from production data. This means that if the production environment is breached, attackers don’t immediately have access to backups.
You can also keep storage accounts separate.
Immutable storage & vault
Immutable storage is the simplest way to protect backup data. Data is stored in a Write Once Read Many (WORM) state and cannot be deleted for a pre-specified period.
Policies are set in backup software or at storage level and it means backups can’t be changed or encrypted.
The only downside is that it will increase how much data is stored. In addition, one of the criticisms of immutable storage is that it is slower. Immutability increases how much data is stored, so it is often pushed off onto the slower, archive tiers of storage.
Storage snapshots & replication
Snapshots record the live state of a system to another location, whether that’s on-premises or in the cloud. So, if ransomware hits the production system, there is every chance it will be replicated onto the copy.
However, some ransomware – Locky and Crypto, for example – now bypass production systems altogether, and go straight for backups!
This has forced organizations to look again at their storage & backup security strategies.
Vulnerability Management for storage & backup
Vulnerability management solutions help you get a full view of the security risks in your storage & backup systems. It does this by continuously scanning these systems, to automatically detect security misconfigurations and vulnerabilities.
It also prioritizes risks in order of urgency and business impact, and provides remediation guidance.
Ransomware resiliency solutions provided by the storage & back vendors
Enterprise storage vendors
Enterprise backup vendors
So, I’m completely secure, right?
While immutability is helpful in remediating cyberthreats, it is only the beginning of a comprehensive protection practice. And its certainly not bullet proof.
Immutable storage can be ‘poisoned’, enabling hackers to change the configuration of backup clients and gradually replace stored data with meaningless information.
In addition, once hackers gain access to the storage system, they can easily wipe out snapshots. So they’re also not bullet proof.
The one MAJOR thing missing from all these vendors is the ability to continuously scan the storage & backup infrastructure for security misconfigurations and vulnerabilities.
These security risks can likely be exploited by attackers to compromise production and recovery systems – and the data on them.
This is not just theoretical. Its already happening. Just take a look at some recent examples: https://www.continuitysoftware.com/resources/?resources_category=headlines
You wouldn’t dream of not continuously scanning your endpoints, OS and network layers for security risks. So why wouldn’t you do it for your most important layer of IT?
This is why I recommend deploying a vulnerability management solution to help you continuously scan your storage & backup systems, to automatically detect security misconfigurations and vulnerabilities.
These solutions also prioritize risks in order of urgency and business impact, and some of them even include remediation guidance and auto-remediation features.
6 Recommendations – A Dummies Guide