The reason that file data is a prime target of ransomware attacks is that most file servers are full of juicy targets that organizations are willing to pay to get back. Payment is, after all, exactly what ransomware is all about. One of the best ways to defend against ransomware is to create a less target-rich environment. And data management is the key to create that environment.
The Art of Data Management
Primary storage is point A. Archive Storage is point B. The art of data management is moving data from point A to point B without disrupting user workflow. Software is the key to making that happen. The right data management software can identify files that qualify for archiving, move those files to the archive and replace them with a pointer to its new location. The archive storage location is, at this point, a secondary concern. For now it can be another NAS, an object storage system or the cloud.
Most organizations will find well over 80 percent of their data qualifies for archiving, meaning that a user does not access it for greater than 90 days. If the organization adopts a “archive after 90 days” policy, a legitimate concern is what happens if a user accesses a file that was moved? The short answer, if the software is in place, is NOTHING. The user accesses the file and it is recalled automatically for them.
Even though the archive storage system does not have the same performance metrics as a primary storage file server, it’s still likely the user will not notice the difference. Primary storage, while typically faster, is responding to thousands of I/O request, archive storage is typically waiting for a request.
The Ransomware Air Gap
How does data management help protect against ransomware? First, at least 80 percent of the targets (files) are now on secondary storage. If that secondary storage is object storage or the cloud, it is harder for the ransomware to get to it. Second, many data management software solutions, can copy data to the archive even before fulfilling the age out policy. A policy can be made to copy data to the archive as it changes throughout the day, then maintain a user specified number of versions for a period of time. It will also reduce storage to only one copy after the age out policy kicks in and remove the other copy from primary storage. The result is near real-time protection of files.
Beyond the software, the archive hardware can add value. If the archive storage has the ability to store all inbound data as read-only, it is protected against ransomware, even if the attack does make it through to the system. Read-only storage is critical. While the ransomware in theory can read the file and start its encryption, as soon as it writes the file back to storage it will get an error message.
The hardware typically also has the ability to replicate data to a secondary archive storage system in another location. And some even have the ability to copy data to tape, the ultimate air gap.
Watch Storage Switzerland and NTP Software CEO Discuss using Archive to protect against Ransomware in our ChalkTalk Video, "WannaCry, Snowden, Wikileaks… Is Your Data Next?"
Of course data management has other value points beyond protecting against ransomware. The most obvious is it reduces the investment in primary storage and reduces the complexity of the data protection architecture. The combination of ransomware protection, and reduced investment in primary storage and backup should place data management at the very top of the IT project list.
Sponsored by NTP Software