Securing Backups from Ransomware

Ransomware “developers” know that organizations are likely to count on their backups as a primary point of recovery if they are infected. As a result, these malware programs attempt to encrypt or disrupt backup operations. Other cyber attacks may even use the backup process as a means to steal data by spoofing the backup server or client.

The backup application must protect itself and the data it stores. The first line of defense is encrypting both the backup configuration files and the protected copies of data that the backup maintains. However, encryption by itself is not enough. Malware can encrypt the encrypted backup data just as it encrypts any other file. It is essential that the backup software only allow access to its data through the backup application itself or a secure peer, like an authorized API.

It is also critical that the backup software securely move data off-premises. If the organization is using tapes, the software needs to support encrypted tapes, if the organization is leveraging the cloud, encryption during the transfer and while at rest is critical.

Watch On Demand

A Case for Consolidation

Protection from ransomware may also be the most persuasive case for backup consolidation to date. The challenge with using multiple data protection products is that each of these products protects themselves from attack differently. Some solutions have almost no protection from attack and some solutions have extensive protection. The problem is now the organization not only has to deal with managing separate backup operations it also needs to manage varying security levels and methods. A single secure solution is much easier to manage.

More than Just Ransomware

Backup applications have broad access to data in the data center, which makes them an ideal target of cyber attacks. If an attacker can successfully masquerade as a backup installation server to install rogue backup clients, it could gain access to the organization’s entire data set. Attackers that compromise the backup process may also instruct legitimate backup clients to replicate backup data to rogue servers. Backup applications need to provide secure peering to verify the credentials of installation servers, backup managers, and backup clients before they can communicate with each other.

StorageSwiss Take

Using backups to recover from a cyber attack is commonplace; protecting backup from a cyber attack is not. Backups though are under pressure from both sides. Malware wants to make backups useless, thus forcing organizations to pay the ransom fee. Other cyber attackers want to leverage the backup software to gain access to data and have that data copied to servers outside of the control of the organization.

Protecting backup against both circumstances requires securing both protected data copies and backup configuration files. Preventing the use of backup as a conduit to a cyber attack requires securing communications between backup software components.

Learn More

Our latest white paper “How to Ensure Your Backups Protect You from Ransomware” Storage Switzerland discusses the state of ransomware, explains how it has evolved and describes what needs to happen next to make the protection from an attack possible and more seamless.

The paper is exclusively available to pre-registrants of our webinar “Backup vs. Ransomware – 5 Requirements for Backup Success.”

Watch On Demand

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,950 other followers

Blog Stats
  • 1,323,516 views
%d bloggers like this: