Ransomware “developers” know that organizations are likely to count on their backups as a primary point of recovery if they are infected. As a result, these malware programs attempt to encrypt or disrupt backup operations. Other cyber attacks may even use the backup process as a means to steal data by spoofing the backup server or client.
The backup application must protect itself and the data it stores. The first line of defense is encrypting both the backup configuration files and the protected copies of data that the backup maintains. However, encryption by itself is not enough. Malware can encrypt the encrypted backup data just as it encrypts any other file. It is essential that the backup software only allow access to its data through the backup application itself or a secure peer, like an authorized API.
It is also critical that the backup software securely move data off-premises. If the organization is using tapes, the software needs to support encrypted tapes, if the organization is leveraging the cloud, encryption during the transfer and while at rest is critical.
A Case for Consolidation
Protection from ransomware may also be the most persuasive case for backup consolidation to date. The challenge with using multiple data protection products is that each of these products protects themselves from attack differently. Some solutions have almost no protection from attack and some solutions have extensive protection. The problem is now the organization not only has to deal with managing separate backup operations it also needs to manage varying security levels and methods. A single secure solution is much easier to manage.
More than Just Ransomware
Backup applications have broad access to data in the data center, which makes them an ideal target of cyber attacks. If an attacker can successfully masquerade as a backup installation server to install rogue backup clients, it could gain access to the organization’s entire data set. Attackers that compromise the backup process may also instruct legitimate backup clients to replicate backup data to rogue servers. Backup applications need to provide secure peering to verify the credentials of installation servers, backup managers, and backup clients before they can communicate with each other.
Using backups to recover from a cyber attack is commonplace; protecting backup from a cyber attack is not. Backups though are under pressure from both sides. Malware wants to make backups useless, thus forcing organizations to pay the ransom fee. Other cyber attackers want to leverage the backup software to gain access to data and have that data copied to servers outside of the control of the organization.
Protecting backup against both circumstances requires securing both protected data copies and backup configuration files. Preventing the use of backup as a conduit to a cyber attack requires securing communications between backup software components.
Our latest white paper “How to Ensure Your Backups Protect You from Ransomware” Storage Switzerland discusses the state of ransomware, explains how it has evolved and describes what needs to happen next to make the protection from an attack possible and more seamless.
The paper is exclusively available to pre-registrants of our webinar “Backup vs. Ransomware – 5 Requirements for Backup Success.”