There are three reasons you need standby storage. First, it provides the best way to recover from a ransomware attack. Second, it enables you to recover from a hard failure of your production storage systems. Third, it provides you with a suitable quality assurance (QA) / test area as you bring new applications online.
What is Standby Storage?
Standby storage is a second storage system able to provide production class performance in case a ransomware attack infects your production storage or your production storage system suffers a severe hardware failure. However, it is hard for some organizations to justify an entire storage system, sitting idle waiting for production storage to fail.
StorONE addresses this issue by integrating standby storage into their S1:Backup solution. Day-to-day, you use S1:Backup to store backup data. S1:Backup is a superior backup storage target and provides 360° Ransomware Protection. However, on your worst day, Standby Storage can help you recover quickly and confidently from a ransomware attack, storage controller failure, or even a rogue user.
In addition to providing production class performance, Standby Storage must also deliver production class availability. The controllers must be highly available; the system must be resilient to drive failure and provide long-term data integrity to protect from media degradation.
Finally, Standby Storage must provide a sterile recovery environment that you know is not infected by ransomware and is using a different storage software than your production storage environments. Without integration like StorONE for most customers, sterility will require a separate idle system, disconnected from the network until it is needed. Not only is paying for an additional storage system to sit idle going to be an unpopular proposal, but it is also risky to have a system sitting idle or, worse, powered-off. You want this solution in use so that you know it is working when the time comes where you need it.
Use Standby Storage for Ransomware Recovery
Using Standby Storage for ransomware recovery enables organizations to:
• Return to production operations quickly
• Have the time to perform the required forensic work on the original production storage systems.
Standby Storage uses a small flash-based recovery area to which IT professionals can recover data using their backup software. They can use the software’s built-in instant recovery feature or direct backups at the flash storage. Recovery volumes should not be created until the time they are needed. Ideally, since tensions are high during a ransomware attack, the creation of new volumes should be templated in some way to ensure that volume creation is smooth and accurate.
Recovering from a ransomware attack requires a known good copy of data which means making sure backup data and metadata are stored immutably on the backup storage target. Recoveries can then push to the standby storage device, and application servers can attach directly to those new, sterile volumes. In the ransomware use case, the Standby Storage solution should maintain immutable protection on the new volumes. Hence, if a ransomware trigger file is still active in the environment, the newly recovered application or virtual machine has protection.
With these capabilities, IT can use their Standby Storage to recover quickly as the backup software can restore data to the flash tier. Using instant recovery features means a few minutes of recovery; direct recovery may require additional time, but sub-hour recovery windows are very realistic. Considering that reports of ransomware recovery efforts often indicate days or weeks of recovery, Standby Storage offers a dramatic reduction in recovery time.
Using Standby Storage for Storage Controller Failure Recovery
Another use of Standby Storage is for recovering from a storage controller failure caused by a hardware problem, a bug in storage controller software, or other catastrophic failures. Most storage systems indeed have redundancy built into them, but almost every IT professional has a horror story of when those redundancies failed them resulting in a total outage. Even a world-class backup storage infrastructure doesn’t help in these situations because IT does not have a viable recovery target. It is like banning oil exports from Russia without first identifying another source, like the resources in the ground within your own country.
Most organizations will also purchase 7x24x4 support to cover themselves from hardware failure. It is important to remember that these are guaranteed response times, not return to operation times. I’ve seen countless cases of customers, while the vendor responded in four hours, having their production storage down for days, which meant all their applications were down as well.
Standby Storage is ready to go for these situations. Customers can restore from backups to standby storage for rapid recovery on a production class system if a controller fails or a software bug creeps in. The Standby Storage system should dynamically redistribute older backup data off the flash tier to the hard disk tier to make room for the new production data.
Knowing you have a Standby Storage system ready to go if there is a hardware failure or software bug may also give you the confidence to move from a 7x24x4 contract to a 7x24xNBD (next business day), or even a 5×9 contract. Each time you lower the response time requirement, the organization can save a tremendous amount of money.
Using Standby Storage for Test and Development
Another use case of Standby Storage is for testing and development. If you are using a solution like StorONE’s S1:Backup, it is already storing all the backup data. Using its Standby Storage solution, customers can easily create copies of production application data for testing of patches, and so developers can use it for application development. Part of this testing can be using Standby Storage for practicing recovery scenarios like a ransomware attack or a storage controller failure. Most organizations don’t have the resources to practice these essential scenarios to ensure their procedures will work under the pressure of an actual disaster.
We’ve long promoted the idea of a secondary, production-class storage solution that is ready to go in case of a storage system failure. The ransomware threat makes Standby Storage a requirement instead of a “nice to have.” The challenge in this recommendation is the perceived cost versus the return on investment (ROI). StorONE’s approach simplifies and accelerates the ROI by integrating the concept into the backup storage target, essentially making Standby Storage accessible since you have to have backup storage anyway. For more info, register for StorONE’s upcoming webinar, “Three New Ransomware Exploits and How to Close the Backdoor”.