In a world where enterprise mobility and cyber-attacks are simultaneously booming, protecting endpoints has become crucial to business longevity. Laptops are the primary target for malware such as ransomware. Also, these devices are prone to being lost or stolen – a substantial threat to the business, considering the volume of unique data (read: data that is not backed up) that sits on these devices. However, disaster recovery for data on endpoints is frequently an afterthought – if not consciously avoided altogether (for additional insight on these topics, read Storage Switzerland’s recent blog, “The Rising Ransomware Threat Heightens Urgency for Endpoint Protection”.
As cyber-attackers more frequently target the sensitive corporate data sitting on endpoints, it is key to break the historical mindset that endpoint protection is an expensive burden that is not mission critical. Backing up endpoints has become significantly easier with modern, time indexed and low impact solutions. User productivity no longer must come to a crawl for backups to occur, making it possible to backup data more frequently, and as a result limit the impact if a device is breached. Utilizing off-premises cloud storage services as backup targets can further limit the impact of an attack, as malware such as ransomware is designed to penetrate Windows and Mac devices.
Once an effective backup strategy has been established, attack detection is the next pillar of a future-forward endpoint disaster recovery strategy. Key capabilities to look for include detection of data anomalies, notification of impacted backups, and identification of the last known good backup – which augments the ability to backup frequently to significantly reduce the impact if an attack occurs.
Naturally, recovery follows backing up and detection as the third pillar of modern endpoint disaster recovery. A critical component to recovery (and also to avoiding the spread of ransomware) is never paying the ransom demanded. A NetworkWorld study found that only 42% of companies are able to fully recover all of their data after an attack. Additionally, it is nearly impossible to tell if all ransomware files have been removed from a data center after an attack, even if the ransom is paid. Furthermore, paying the ransom encourages new ransomware to be developed.
Cloud services should underpin any next-generation endpoint backup and recovery strategy.
From a storage perspective, the ability to access mission-critical data from any device or location, and to restore that data to any device or location, helps to keep core business operations online as the enterprise is working to fully restore after an attack (which is not a fast task). Self-restore capabilities can further help users to regain access to data more quickly, with more limited support from IT.
In addition to providing an extra layer of protection from ransomware, – using cloud storage services causes raw data and metadata to be stored separately, making them more difficult to corrupt. Furthermore, cloud compute may be used for data monitoring (and thus earlier detection).
For additional discussion, register here for Storage Switzerland’s on demand webinar in collaboration with Druva “Ransomware: Strategies for Protecting Your Weakest Link – Endpoints”.