Ransomware and malware have become part and parcel of business in today’s world. Organisations need to be adequately prepared, which means that their data protection strategy must go beyond the traditional backup, restore, and disaster recovery.

By Hayden Sadler, country manager for South Africa at Infinidat

Prevention is obviously still better than cure, but the reality is that it is only a matter of time before a cyberattack is successful. When ransomware and malware hits, it is imperative to be able to recover fast.

This requires total system redundancy through a storage platform that integrates data protection, data validation, and logical local and remote air gapping to accelerate recovery and ensure you can get back to business as usual in the fastest possible time.

Multiple layers of protection

Protecting data is critical, not only for cybersecurity reasons, but also for practical business continuity purposes. This means that both production and backup data must be safeguarded and recoverable. There are several different methods that should be employed in conjunction with each other, from file-level and image-level backups to regular, incremental and periodic snapshots.

Snapshots should be immutable at both the source and the target – in other words, unable to be changed where they are generated or where they are stored, so that they cannot be infected with ransomware or malware and can be used for fast, effective data recovery.

Replication is also essential to ensure that multiple copies of data are retained in the event of a data loss event. There are several replication strategies, from asynchronous, which writes data to the primary storage array first and then replicates it to a secondary site, to synchronous, which writes to the primary and backup sites simultaneously.

In today’s world, however, an active/active replication strategy can prove more effective, because data is replicated between multiple databases and changes are continuously synchronised to ensure the most up-to-date copy is always available for restore.

Ensure there is a gap

For the best possible protection, having backups, snapshots and replication is no longer sufficient. There also needs to be logical local and remote air gapping between copies of the data, either a physical air gap which, as the name suggests, physically separates data copies, such as tape copies that are stored offsite, or a logical air gap which creates a virtual separation between the management and data planes.

Both methods have pros and cons depending on the storage environment. Both physical air gaps lend themselves to on-premises environments, while logical air gaps are suitable for on-premises or cloud deployments. Both provide some peace of mind that there is a valid copy of data as a last resort.

However, they both typically require additional investment because more storage is required to create separated copies of data. Purpose-designed backup appliances often have this functionality built into the cost, so data protection can be assured without additional budgetary considerations.

Valid and verified

Having backups, data replication, and snapshots are all important pieces of the puzzle when it comes to tackling ransomware, malware and data management challenges. However, these methods are only as effective as the validity of the backups. Data validation is a critical step in ensuring that data can be properly restored. Regular testing of backups and failover scenarios is vital.

This is often a manual-driven process, where partial restores are performed ad hoc to test that they work, but this is prone to error and is time-consuming. A backup appliance with dedicated network availability can simplify this process, automating data validation as copies are replicated and air gapped, reducing time to restore, and simplifying the complexity of architecture while improving cost efficiency.

Bringing it all together

For businesses to survive in a ransomware and malware-riddled world, it is critical to look after data. Businesses need to keep multiple copies of data on different media in different locations, implement replication strategies, ensure immutability in both source and target environments, validate backups and provide for logical local and remote air gapping on top of immutability to make certain that there is an uncompromised copy of data from which to restore.

A dedicated backup appliance with total system redundancy not only protects data against corruption, but also provides assurance that there is a guaranteed known good copy of data for restore purposes. A native triple redundant architecture ensures that this is all available without the need for additional investment, resulting in cost savings and simplifying validation.

With the right storage environment, organisations can ensure they remain cyber-resilient against cyberthreats and other data loss events for enhanced business continuity.