One of the reasons that data centers are so vulnerable to ransomware attacks is the amount of data that remains accessible on production storage. The reality is that most of this data does not need to be there. Investing in and enforcing a data management policy can vastly limit an organization’s exposure to a ransomware attack.
Proactive Ransomware Protection
Unfortunately, most ransomware protection strategies are implemented after the fact. By design, these stratagems recover files previously compromised by malware. Data Management, the movement of files off production storage when not in use, is proactive. This moves files out of reach from the ransomware attack and, if the data management strategy includes the use of object storage, the chances of ransomware reaching the managed data is almost nonexistent. Even if the ransomware attack does manage to get to the object store, as long as IT keeps the object store at its default state of read-only storage, then ransomware cannot access or rewrite any of this data.
Under an aggressive data management strategy, as much as 85% to 90% of data should be eligible for archiving. While it is necessary to protect the remaining 10% to 15% of data, removal of the cold data will significantly reduce the area of exposure in the event of a ransomware attack.
Data Management Concerns
The typical concerns of an aggressive data management strategy are its possible impact on users, as the chances of them accessing data from the storage system increase. However, the mapping of this data from its original location to the new object store should be transparent to users. Additionally, object storage systems are disk based, which means rapid access and restoration of data, which also means almost no impact on user productivity.
Transparent access may expose that data to the ransomware attack but again, data on the object store is read only and can’t be rewritten by the ransomware. For ransomware to impact this stored data, that data would need to be recalled from the object store, stored on the primary system, read again, then rewritten and encrypted. This process slows down the ransomware attack and it is only encrypting a copy of data that is already secure. It is also possible to configure the system to allow only a certain amount of access per hour, again limiting the exposure but maintaining practical use for users.
The other course of action is to enable only manual recalls of data. While most customers leveraging this technique will not be as aggressive with their archive strategy, it does provide very secure protection from attack. Even with manual recalls, most organizations will still need to service less than a few recall requests per day. Again, since object storage is disk based, the time it takes IT to service the request will be minimal.
While ransomware may be the impetus for a data management strategy, the strategy itself has at least two additional benefits. First, and maybe most immediately apparent, it reduces the footprint of primary storage. If the IT planners follow the recommendation of an aggressive data management strategy, then they could potentially reduce the primary storage footprint by 90% or more.
Second, data protection becomes simpler. The right data management software will immediately copy all unstructured data, upon creation or modification, to the object store, almost eliminating the need to protect unstructured data. Then the data protection process can focus just on databases and structured data. Additionally, the backup process can use the object storage system as a storage area for those protected copies.
Ransomware is a serious threat and data centers need to be prepared. It is not a question of if, but when. Unlike a typical disaster that might happen, organizations can almost count on experiencing a ransomware attack sometime in the next year. Most protection strategies are reactive and after the fact. Protection via a data management strategy is proactive, securing data prior to attack, and it has the added benefit of reducing storage costs and simplifying protection.
To learn more about how object storage can help protect organizations from ransomware join Storage Switzerland and Cloudian for our live webinar “Three Reasons Why Object Storage is the Best Defense Against Ransomware Attack”.