Data Protection in the Data Center: Best Practices

For many years, data protection was treated more or less like an insurance policy.  IT leaders knew they needed it, but didn’t want to spend a great deal of time, money or effort on it.

Today, cyberthreats are so pervasive that data protection must be considered a critical aspect of the business. As threats such as ransomware grow and change, data protection must also evolve. Here are three tools and best practices that IT leaders should consider as they look to safeguard their environments.

Immutable backups cannot be changed, deleted or overwritten by outside forces; if somebody tries to access the storage, the data is still safe. However, if an attacker compromises the data protection solution, backups can be undermined. Indelible backups take things a step further by securing backups from being changed, deleted or overwritten by outside forces or from within the data protection solution until the data has expired.

Here’s why immutable and indelible backups are so important: When an organization is hit by ransomware, IT leaders turn to their backups to recover the compromised data so they don’t have to pay the ransom. Attackers know that backups provide organizations with a safety net, so they are now doing their best to either delete the backup data or lock it away.

Indelible and immutable backups can help keep backup environments safe, allowing organizations to restore their systems and data after an attack.

On average, once they breach an organization’s networks, bad actors are inside for roughly 200 days before they strike. This gives them ample time to explore the environment and make their plans to cripple the organization’s systems. Increasingly, we’re seeing hackers attack organizations’ Active Directory environments, using compromised credentials to make unauthorized changes.

Even if an organization has indelible and immutable backups in place, attackers can still compromise Active Directory, arming themselves with elevated credentials. In such cases, organizations run the risk of restoring an Active Directory that contains nefarious accounts, or they might have to rebuild it completely from the ground up. This is why Active Directory threat detection, response and recovery are so important.

Backup environments have now become a Tier 0 application for your business. As the last line of defense against ransomware attacks, backups should have their own isolated vault copy, login credentials and multifactor authentication solutions. Such isolation makes it more difficult for hackers to block an organization’s access to its own data because they now need to infiltrate two completely separate environments. If attackers take down a company’s production environment but can’t get into the isolated backup system, then the organization will have up-to-date, retrievable backups they can use to restore their data.

When we work with organizations, leaders often expect to be able to completely restore their environments within 24 hours after a cyberattack, just as they would if they were hit by a natural disaster. We explain to them that the average recovery time after a breach is 21 days. Because of the nature of a cyberattack, the timeline for recovery will include many lengthy processes not required for a natural disaster recovery. Rather than scrambling after they’ve been hit, business and IT leaders are far better off focusing on these preventive measures and best practices.

Story by Jason Cray