A long time ago I heard an anecdote that the highest level of security certification was given to a system that sat in a secure room and was isolated from a network. Today we live in a connected world, and that creates much bigger surface areas for security threats. As much as IT organizations would like to limit exposure, users expect unlimited access to both business and personal email, to be able to work with attachments, to surf the web, and to interact on social media.
Pandora’s Box has been opened
Although risk cannot be completely eliminated, it can and should be managed. In parallel, ransomware has emerged as a top cyber threat to business. The number of attacks and their complexity is unparalleled. These are not simple drive-by threats (such as a random user visiting a site that contains malware); instead, they are custom-designed to bypass an organization’s perimeter security and target specific high-value data sets.
The combination of open access and more advanced threats is something that requires far more attention!
Many organizations derive a false level of confidence from their investment in perimeter security: firewalls, authentication/authorization, antivirus solutions and encryption over-the-wire. When assessing security and protection, however, assume that the perimeter has been breached! The breach point is already beyond antivirus software and firewalls; it is now within authenticated systems where encryption becomes transparent. Do you know what your level of protection is?
How big is a Ransomware threat?
• Ransomware has headlined on FBI, DHS, DOJ, and NSA lists in 2016 and triggered multiple US Senate and Homeland Security questions that have resulted in FBI, DHS, and DOJ responses.
• It’s growing fast: At the end of Q1 2016, 93% of all phishing emails contained encryption ransomware. That’s a 763% increase year over year!
First, let’s look at the infrastructure
If you do control the infrastructure, be sure to take advantage of Isolated Recovery Solution (IRS) for systems such as EMC VMAX and Data Domain. IRS ensures that (a) you have a replica of your storage for fastest recovery, and (b) replication is enabled over a link which is air-gapped when replication is not occurring. That way, any corruption of primary data can quickly be recovered from an unaffected replica copy.
If you outsource your infrastructure (for example, by using the public cloud), does that mean security is no longer your responsibility? Remember, an IaaS provider takes responsibility for infrastructure availability and resiliency, but not for data validity. That means protecting your data on your core systems is your responsibility.
Regardless of the location or ownership of the infrastructure, you should be asking yourself these questions:
• Does it matter if we (or the provider) have certification XYZ.123 or not?
• In case of compromise, how do we recover data?
• Do we have a clean copy of the data that is isolated?
• How quickly can we recover?
Second-level safety is provided by having a well-designed data center protection strategy, including a backup solution, which provides an additional level of isolation for your data. That data should be secure and immutable, and it should be available for quick recovery to any point in time. Solutions such as EMC NetWorker or Avamar data protection software together with EMC Data Domain protection storage provide this level of protection.
And don’t neglect the end points!
An end-point management strategy is just as important as your data center strategy. Unfortunately, companies often neglect end points beyond the point of standard practices. Sending best practices bulletins gives the appearance of taking action, but posting documents to users falls short of realistically addressing the problem. We all know users will do what users will do, including clicking on an infected email attachment. Once a system is compromised, standard practices are ineffective and a breach will spread quickly to other systems.
End points not only provide access points to core systems, they also contain a wealth of data. As much as we’d like to have all business information in well-managed, centralized and protected repositories, much of it is stored as unstructured data on end points. Once you have thousands of affected systems, how much value are you losing just on lost productivity? And if those end points are not covered under a data protection strategy, how much critical business information could be irreparably lost?
It is simple (and common) to ignore end-point protection and treat laptops as if they were terminals. But that is not sufficient and companies should actively protect those systems as well. They are too important to hope that users will “do the right thing.”
Solutions such as Mozy by EMC provide an ideal hands-off backup as a service for at-scale protection of all types of end points, including remote servers, desktops, and laptops.
Once again, companies cannot afford to ignore the data in the public cloud. Many users’ files are stored in the cloud. If an end point is compromised, any changes (deletion or encryption) will be propagated and synced with the cloud. So they too, need to be protected. EMC’s Spanning family of products provides exactly that solution for Google Apps and Office 365.
All in all, a comprehensive data safety strategy should include both security and protection, span both core data centers as well as end points, and cover both on-premises and public cloud. Unfortunately, you don’t get to choose which one because the risk is everywhere.