facebookpixel

Keeping Your Data Protected During Chaotic Times

CMMA Blog

The world events of the past weeks have given us a clear view of what not having a plan looks like. We are learning that current infrastructures cannot support a pandemic the likes of what we’re currently living through and we’re managing it in crisis mode. Learning this lesson came at a great cost, but it is challenging us to rethink our preparedness. As I sit here on a stay indoor order from our local leadership and doing my due diligence to protect myself and others, I can’t help but draw parallels (being in the technology space) from these life-altering events to digital cyber-criminal events that are occurring right now as I write this. In my last blog, I wrote about the importance of testing your IT network and pointed out some strategies to use to ensure you are well prepared should ransomware or other cyber-attacks infiltrate your datacenter and cause irreparable damage. In this blog, I want to discuss – no, stress once again the importance of testing your backup strategies and business continuity plans.

Training & Preparedness

With a lot of the workforce working remotely, it is crucial that employees are trained to be alert to activity that targets regular users like you and me – watch out for those coronavirus emails that are being used as bait by phishers! There are sites that are using COVID-19 and Coronavirus as a lure to make victims ‘click the link’. Paul Chichester, Director of Operations at the NCSC, said: “We know that cybercriminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak.

Time and time again we’ve heard that cyber-attacks come in different forms such as data breaches, ransomware, phishing campaigns, and even some advanced hacking attacks. Investing in an excellent cybersecurity software plus employee training will play a major role in averting a disaster. Persistent criminals will take advantage of the opportunity to infiltrate your network via the various forms of cyber-attacks so let’s learn from previous incidents causing millions of dollars in damage (see previous blog – link) and avoid the same fate as best we can. Just last week, a report on the NCSC site stated that a global network of bots was brought down and dismantled. These criminals are believed to have infected more than nine million computers worldwide. https://www.ncsc.gov.uk/report/weekly-threat-report-13th-march-2020

The right mix of technology

Let’s start by asking the right questions. First, asses your cyber risk. Check out the NCSC website for guidance https://www.ncsc.gov.uk/collection/risk-management-collection/essential-topics . Is your organization prepared to weather a cyber-attack? Is your network not only protected but resilient and able to predictably recover stolen, encrypted or lost data? What are the RPO/RTO’s that need to be met, and can they be met with your current data protection technology? If your network backup copies are compromised, do you have a copy offline and air-gapped? These and many more questions need to be asked to ensure that whatever data protection solution you choose, test your Business Continuity (BC) and Disaster Recovery (DR) to understand efficiency resiliency and predictability so you have the peace of mind that your data is protected.

The experts, highly recommended that you apply the time-tested best practice rule of 3-2-1-1 rule to be safe. Have both disk and tape to ensure a reliable copy is available when you need it. Whether you use cloud or hardware on-prem, be it fast performance technology to quickly process your hot data to cold storage technologies for long-term storage – the most cost-effective way to tier-off your data as it shifts in value is to leverage the different technologies that are available.  Here is an example from Quantum with DXi and object storage for enterprise backup where cost-effectiveness, scalability, and management of unstructured data is of extreme importance.

drblog1

All these technologies combined will help you meet your RPO/RTO’s but in addition, should you need to call on your backup copy for any reason and your copy on spinning disk is compromised, your insurance will be the copy that is offline and air-gapped.

If we knew when disaster will strike, everyone would prepare. The reality is we never know. Test and practice your response to a cyber-attack. Whether you are small or large organizations, testing your resiliency is critical. Create practice scenarios in a safe environment where you can test your network and backup strategies, there are plenty of online help tools available if you’re organization does not have IT, professionals, to handle this type of exercise. Be prepared to handle a crisis scenario. If you’re in the public sector and funds are tight, leverage organizations like NCSC with their exercise in a box tool to practice your response https://www.ncsc.gov.uk/information/exercise-in-a-box .

These times call on us to provide you, the IT professional with
all the tools and necessary information to help you make the best decision for
your organization. Crisis or no crisis preparedness is key!

To view our Partner blog, click here

World Backup Day

CMMA Blog

Today is World Backup Day and we are celebrating and gently reminding IT organizations across the world, backup your data! Though we celebrate it once a year, it does not mean we backup data once a year. Let’s consider 3 reasons why backing up to protect your data is crucial to your organization: 

The Rising Tide of Data 

Managing data is becoming a challenge for many IT organizations. The continued rising volumes of data is putting pressure on backup strategies that were once effective. IT leaders need to find the latest, fastest, most cost-effective forms of backup solutions that can make sizeable backups manageable and easy to implement. IDC projects that there will be 79.4ZB of data created by connected IoT devices by 2025, growing from 13.6ZB. Unstructured content related to entertainment (creation, production, distribution and consumer consumption) continues to be the largest category of data.” This volume of data presents many challenges so backup methodologies and strategies need to be revisited often. Finding the right backup tools and methodology are an essential piece to finding the right recipe for your organization as is preparing your infrastructure for the vast amount of data that is being generated. 

Back Up Regularly to Avoid Disaster 

Why do you need to backup anyway? Because you never know. Infrastructure hardware will fail. Malware, such as ransomware will strike, and humans will make errors. There is no question IT Managers must be prepared for those moments when disaster strikes a blow when you least expect. Backing up your data regularly will ensure you can protect and recover data quickly and effectively. In addition, they should be done intelligently to address the hyper-growth and the requirement for hyper-availability. Part of finding the right solution requires an analysis to help determine the value of data to efficiently manage greater volumes that applications are generating. It is a necessity not a luxury to future-proof your infrastructure.  This exercise helps organizations acquire the correct tier of technology to not only manage but restore within the specified SLAs of the organization. 

Ransomware 

Highlighting ransomware is important because of its prevalence in cyberspace. Threats and attacks are getting more aggressive and those ransomware-focused threat actors are using creative means to break into systems and deploy ransomware for the threat actor’s payday (Source: TechCrunch). There is a rule as old as time that has been proven true time and time again:

Keep 3 copies of your data, using 2 different storage media types (object, flash, HDD, tape) 1 offsite (physically separate from the building such as DR site), and 1 offline (completely disconnected from your network).

Keeping a clearly defined data copy offline and air-gapped to protect against malware attack will enable you to retrieve that data and get back up to speed faster and back to business sooner in the case where your network-connected copies are compromised. 

Conclusion 

World Backup Day is not about backing up just one day of the year. Let today serve as an awareness day to remind enterprises and SMB’s that protecting data by backing it up regularly will prevent disasters that can come in any form. Restoring data from a backup copy will allow businesses to resume operations effectively. There is value in protecting your data. What is the value? In many cases, unquantified. Preserve and protecting your data, whether for the three factors mentioned or to simply provide the continuity of business operations. Learn more about our Enterprise Backup and Archive solutions .

To view our Partner blog, click here

Ransomware’s Latest Hits

CMMA Blog

Ransomware remained at the top of the charts last year, as one of the most cunning and vicious forms of data theft. Ransomware attacks take place every 14 seconds and have increased by 700% since 2016. The loss of access to production data cost companies around $11 billion in financial, productivity, and downtime losses in 2019. Sifting through the latest ransomware news, I find it alarming that some organizations still do not see ransomware protection as a number one priority to protect their IT infrastructure. With the continued attacks on unsuspecting companies, the crafty criminals are getting away with a huge paycheck and with your data.

Public, Education, and Healthcare Organizations
are Likely Targets

According to recent data, public organizations and the healthcare industry are the most likely targets that could be hit the hardest this year. Many public and healthcare organizations may not have the budget to invest in the latest cyber-security software available in the market today nor do they have the systems in place to perform upgrades as needed, thereby leaving their systems vulnerable to attackers. Understandably so, it is seen as a weakness and one to be exploited where healthcare facilities can’t provide critical services to their patients. A published article by Tech Target quotes Caleb Barlow, president and CEO at healthcare cybersecurity firm, CynergisTek, in Austin, Texas. He states, “The most common attack on healthcare has involved data theft, but that’s starting to change. Today, hackers are using ransomware attacks more frequently, which have a destructive, “kinetic impact” to them. That means, you didn’t steal the data; you locked it up, destroyed it, or changed it,” Barlow said. “When those things happen, you can’t see patients.”

Ransomware is a destructive force and medical organization need to brace themselves in 2020 because these attacks will spread wider and with more frequency. This reminds me of the Campbell County Health 2019 attack, which was one of the worst recent hits because it put lives at risk. (Source: Campbell-county-memorial-hospital-ransomware attack ).

Latest string of Companies Crippled
by Ransomware

  • March 2, 2020 (Reuters) – Currency service provider Travelex on Monday estimated a 25 million pounds ($31.9 million) hit to first-quarter underlying core earnings due to the ransomware attack in late December and said it has restored all its customer-facing systems. (Source: UK Reuters/ransomware attack ). Travelex services remained offline for more than two weeks following the attack, leaving some customers cashless during the busiest travel season.
  • Among small and medium-sized businesses, in the last 12 months, twenty-two percent of organizations had to cease business operations immediately because of ransomware; Eighty-one percent of businesses have experienced a cyberattack; Sixty-six percent have suffered a data breach and thirty-five percent were victims of ransomware (Source: https://www.malwarebytes.com/ransomware/ ).
  • Legal services giant, Epiq Global, has been hit by a ransomware attack. A source with knowledge of the incident said the ransomware hit the organization’s entire fleet of computers across its 80 global offices.
  • And just recently, Visser, a parts manufacturer for Tesla and SpaceX, was hit by a more advanced, data exfiltrating ransomware. A portion of the files stolen from the company were published by the ransomware group. (Source: https://techcrunch.com/2020/03/02/epiq-global-ransomware/ ).
  • How about the Ransomware attack against the New Orleans city government earlier this year, which cost the city $7 million dollars.
  • Albany County in New York was hit by three cyberattacks in the span of three weeks in late 2019, including a Christmas day attack on the Albany County Airport Authority (ACAA) that resulted in an undisclosed ransomware payment by the ACAA. (Source: Times Union https://www.timesunion.com/business/article/Ransomware-attack-cripples-airport-authority-s-14963401.php ).

Important to know: Ransomware is getting craftier

While some reports say ransomware
is going down and others say it’s going up, the bottom line is to understand
that the illegal activity will attempt to hit your datacenter, and the only
unknown in this equation is when? The answer is you never know, but there is
ninety-nine percent chance that your organization will be targeted,
unfortunately.

It’s important to protect your IT
environment by becoming aware and by applying old but true principles of data
protection (DP) and business continuity (BC) as follows:

  • Prevention and recovery should
    both be an important part of your DP and BC strategy.
  • Upgrading legacy backup
    infrastructures is top of the list, so it doesn’t become an easy target.
  • Next, is having your backups
    current and up to date, so you can recover the most recent instances of your
    data.
  • Whether you choose to back-up on
    disk or keeping an air-gapped copy on tape, the latter of which is iron clad
    protection from ransomware because it’s air-gapped, physical barrier, you will
    ensure recoverability.
  • Backup copies should not only be
    recoverable, but they should be predictably recovered. In other words, test,
    test, test the integrity of your backup recovery system and verify it. And
    speaking of predictability, the NCSC (UK National Cyber Security Centre) has
    updated its guidance and is suggesting greater emphasis is needed on that
    offline copy.

In conclusion, the most sensible approach to protecting your data should be prevent, detect, and respond, but also protecting your backup with the 3-2-1-1 rule : 3 copies of your data, 2 different media types, 1 offline and 1 offsite.

Visit our Ransomware Protection Solutions page for the latest information on our Ransomware Protection packs, our deduplication back-up appliances, and tape solutions with LTO-8 technology .

To view our Partner blog, click here

Is STaaS Right for You?

Archive Storage

For companies that increasingly view storage as a vital utility, rather than as a capability that they want to cultivate and staff, Storage-as-a-Service (STaaS ) is becoming an increasingly attractive option. With the advent of cloud computing, IT departments started getting comfortable with software-as-a-service, infrastructure-as-a-service, and platform-as-a-service. With Amazon S3, storage-as-a-service entered the mainstream. STaaS is essentially a cloud-like storage resource, implemented as an on-premises service providing immediacy, scalability, and pay-per-use flexibility, minus the security and performance variability issues that keep enterprise users up at night.

STaaS offers some compelling benefits . End users turning
to STaaS are drawn by the ability to reduce operational and administrative
costs, eliminate unplanned capital expenditures and major upgrades, improve
control and security with on-prem infrastructure, and achieve greater
performance with less downtime.

IT departments making their first steps into the realm of
StaaS often begin with a daunting list of questions to address as they begin to
sort through basic questions of what kind of storage they require.  How much do they value security, service, and
support? How do they manage and control their environments? What is the true
value of an SLA?

Surveying the Enterprise IT Community about STaaS

John Webster, senior analyst with Evaluator Group, decided
it was time to take the temperature of the end-user community considering STaaS.
Webster surveyed 249 enterprise IT end users and conducted extensive interviews
to understand the evolving attitudes toward STaaS.

The results are
revealing. Some of the interviewees spoke glowingly of the benefits they have
seen. One noted, “Switching over to STaaS has allowed us to lifecycle our aging
storage fleet without the large CAPEX layout that would be required if we were
to purchase the storage infrastructure. We will also be getting a significant
performance uplift from the new storage hardware.”

Not surprisingly, compatibility,
security, and support are all top concerns for end users as follows:

  • 73% of those surveyed required compatibility
    with their existing IT environment. Customers
    want a STaaS vendor to be the single, consolidated source for support and
    maintenance.
  • 65% of respondents
    indicated that they want the STaaS vender to be the single source of support
    and maintenance even if the infrastructure is sourced from different suppliers.

In the area of management and control of a STaaS
environment, just 22% of survey respondents want the vendor to manage every
aspect of their STaaS environment. 11% prefer to do it all themselves. Most
want something in between.

“What I could allow the vendor to
manage and control depends on what they own. There are a lot of moving pieces
in an IT environment,” the CIO of a manufacturing firm noted. “The storage
vendor could tweak something, which causes problems upstream and we’re left
trying to figure out what changed. One of the things I hate is when vendors say
it’s not their problem or they didn’t do that. They would have to be
accountable and we would have to know what they are doing.”

Download STaas eBook

Webster’s eBook, “Storage-as-a-Service Comes of Age – A Study of
Enterprise User Perceptions and Requirements,” is now available to download for
anyone eager to learn more.

To view our Partner blog, click here

Air-Gap: A Cybersecurity Benefit

Archive

Of course, magnetic tape is an old technology but the simple reason of being old does not make it ineffective or impractical to use in the modern data center. Many would dare to say, magnetic tape is so retro its totally new again. I am inclined to believe that. Why? For one, the most modern data centers, called hyper-scalers, are leveraging the use of magnetic tape and cost-efficiency for such large magnitudes of data. For the rest of us, it mainly has to do with the cybersecurity benefit of air-gapping a backup copy.

I recently did a webinar where I teamed up with one of Quantum’s IT managers to discuss mainly what his IT organization did to protect against Ransomware. (If you missed, see here: Ransomware Webinar ).  Maybe for some it felt like it was a pitch for tape coming from a company that owns more than 30% of the tape market, but the reality is that we have seen and heard from many companies how air-gapping a backup copy truly became the best last line of defense against the nemesis of Ransomware. Plus, if we didn’t use the solution ourselves, would you really buy it from us?

When your organization was saved multiple millions of dollars because you stored a backup copy of your asset or last week’s data on tape and saved the most precious intangible commodity of time, creativity and effort plus the tangible ones like new data of new customer acquisitions, market intelligence and new product analysis you too would also say, damn tape is freakin’ awesome. Ransomware, due to the patience and tenacity of the criminals behind it, can sit and pause for any length of time inspecting your network from a distance until they discover a way to bypass your security. This is not to say, that the cybersecurity software in the market today aren’t amazing solutions, but if we’ve learned something it is that cyber-criminals are tenaciously patient and very hungry to be rewarded. This is why, air-gap is the best last line of defense. Working together with cybersecurity software, SDDs, flash and replication technology as data moves from a hot to cold status, air-gapping becomes very cost-effective and the best way to store long-term data.  In no way, are we saying replace your ultra-speeds that SSDs or flash offer in a back-up scenario, but rather include an air-gap backup copy on magnetic tape in the event you find your network connected devices compromised by ransomware. The enterprise backup environment is being hit hard by these vile characters and you don’t want to be caught by surprise.

To view our Partner blog, click here

Tape Storage – a Proactive Layer of Protection Against Ransomware

Archive

As we close out another year, cyberattacks like ransomware continue to be top of mind for many organizations. We expect it to be top of mind in 2020 and beyond as organizations make investments in the latest technology. With all the energy and spend going towards new technology and cybersecurity efforts, I can’t help but wonder what continues to give these cyber adversaries the upper hand? I’d be naïve to say that profit isn’t a huge motivator because there is a straight line from development to profit. It is a well-known fact that these intrusions are expected to yield more than just profits when they cripple your systems, they seek to yield the grand prize – your company secrets, your data is the currency of choice. An article published by Tech Republic states, “Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft.”

A backup strategy is important to overall protection

Backups are a critical component to your overall protection strategy. Is all your critical information being backed up. Is it being stored offline? Has the backup strategy implemented been tested to ensure it works? The FBI has recommendations for ransomware preventions and responses fo r CEOs. It is not a surprise to see that the first answer to the question of ho w to protect your network was Backups.

Tape storage: Your last line of defense

We have learned that ransomware seeks and attacks known vulnerabilities in the
network, where data on servers, storage, and everything else connected to it
will most likely be compromised. For your data to be truly protected, we recommend
an offline or airgap copy in your backup strategy that works in conjunction
with your security software, hard disk drives (HDD), and cloud storage.

Because tape storage is an ‘offline’ storage technology, it provides
effective protection against ransomware and malware. Tape is your last line of
defense—simply because criminals can’t delete or encrypt what they can’t access
over the network. To fully protect your data against ransomware, prevent the
infection in the first place, and then perform regular backups, replicating
data to off-site and offline media such as tape.

Tape offers high-speed restore rates

Not only is tape storage cost-effective, but it offers high-speed restore rates, currently with LTO-8 generation it has an up to 750MBps transfer rate. That makes it ideal for both storing large volumes of data over the long term, as well as protecting your assets. Although replication technologies can provide faster restores, let’s remember they do not protect from ransomware.

Make tape part of your backup and DR strategy

Given the prevalence of ransomware attacks, you need a strategy for
defending your files against these debilitating events. We’ve seen state and
local governments, educational institutions, and private enterprises rendered
helpless in their ability to continue their day-to-day business after an attack.
Start with a proper data protection strategy.

Understanding what part of your data is critical to your operations is the
first step to ensure that a backup copy is readily available on magnetic tape. Keeping
a disconnected offline copy of your data is important to your data recovery
(DR) plan because tape storage provides the best offline option, is
inexpensive, portable—and offline.

When ransomware hits, you want to be proactive, prepared, and in the
position to stand up against ransomware threats. Let’s stop giving them the
upper hand and may this 2020 be uncompromising and ransomware-free.

To view our Partner blog, click here