This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Pure Storage CTO Andy Stone offers an introduction to tiered resiliency architectures for fast ransomware recovery.
Ransomware attacks are increasing at an unprecedented rate while the level of their sophistication continues to rise. In fact, according to industry estimates, the global damage caused by ransomware could cost $265 billion by 2031. Simply put, ransomware attacks are presenting an incredibly frequent (and expensive) risk to modern businesses. So how can organizations combat this growing threat?
The first thing to understand is that traditional prevention measures (think: anti-intrusion systems) are no longer enough. In many cases, once a business has been infected with ransomware it’s already too late to stop it. While having the proper precautions in place to prevent an attack is absolutely essential, it’s equally critical to plan for rapid recovery. After all, speed is of the essence – an organization’s most significant defense against ransomware attackers is executing rapid recovery following an attack.
Building a meaningful resiliency architecture built around tiers is paramount to expediting data recovery and offers organizations peace of mind that their critical data is protected.
Tiered Resiliency Architecture
Traditional enterprise backup has evolved into an antiquated set of technologies. Let’s face it, backup is slow. Even the fastest backup solutions with the fastest enterprise data storage backend are still exponentially slower than security snapshots. While still incredibly useful (backup serves as long-term archival storage), organizations need the ability to recover very quickly when an incident occurs. A tiered resiliency architecture is a future-proof way to build speed and durability into a recovery strategy.
What do I mean by that? A tiered resiliency architecture refers to building an environment of high-speed recoverability, leveraging snapshots for near-immediate recoverability. The architecture can range in complexity depending on how many tiers are created within the infrastructure but ultimately aims to help retain large amounts of data and make it available immediately following an incident. The four main tiers associated with a tiered resiliency architecture include:
The first tier serves as a resiliency tier, and is where organizations’ workloads run and where primary “mission critical” data is stored. When an incident occurs, an organization should begin recovery at the closest point to the incident. As a result, this resiliency tier should involve enabling security snapshots – a set of reference markers for data at a particular point in time – for three to seven days to ensure the most current data is available.
The second tier can be thought of as an incident response tier, which organizations should leverage for forensics, incident response, and broader recoverability. Security snapshots should be copied over from the resiliency tier and stored for (ideally) 6-12 months so that incident response teams can immediately (and seamlessly) obtain a longer-term view into any given incident – whether it be a cyber-attack or other, equally as impactful incident.
The third tier – referred to as the backup tier – serves as long-term archival storage. Organizations should use this tier for data that isn’t necessarily worth snapshotting and for long-term, historical archival purposes. Organizations can leverage this tier as a last resort to analyze historical data.
The final tier can be viewed as a bunker tier (the cloud). Organizations can replicate or copy their data to live on a completely separate site. If an incident occurs, this tier enables organizations to dynamically spin up compute on demand to get up and running quickly without having to move data over long distances.
Why Does it Matter?
When a ransomware attack strikes, prevention is only half the battle. You should already be confident that you have strong data protections in place to accelerate recovery that will help mitigate some of the disruption caused by a high-impact threat.
Take the example of the 2021 cyber-attack on Colonial Pipeline. The critical gas and fuel company didn’t have the proper infrastructure to prevent a break-in, ultimately forcing their hand to pay the ransom. However, the problem for the company didn’t end there. What could have only taken a few hours with a tiered resiliency approach, the recovery process to begin to restore its system took four days, causing devastating effects.
To avoid a similar mistake as Colonial Pipeline, there are a series of best practices organizations can take to maximize backup and recovery strategies to mitigate the wider impact of a ransomware attack, including:
Implement an Active Threat Management Program Early
It’s important to understand your organization’s size, scope and vulnerability to a potential ransomware attack. Arm your organization with internal and external preparations, including the development of employee education and resources and establishing a threat management team. These precautions will not only help avoid an attack but will also provide the proper protocols for the team if an attack occurs.
Personalize the Tiered Resiliency Approach to Your Needs and Budget
Ensure your team aligns on the proper tiered resiliency architecture to service-level demands. Organizations can tailor the infrastructure by establishing more or fewer tiers needed for their level of data. No matter the number of tiers, adopting a tiered storage architecture is a valuable strategy to improve the accessibility and speed of data recovery in the event of an attack.
Enhance Data Protection
In addition to implementing a tiered resiliency architecture, the solution can also be coupled with other strategies, including “data bunkers” to help protect large amounts of data. These bunkers can act as the final tier within the infrastructure to offer a highly secure, extra layer of durability.
Increase Snapshot Frequency
With ransomware attacks becoming more targeted, vulnerability is increasing. Organizations should increase the frequency of backups to protect valuable datasets and processes. Tiered storage offers a host of features that allow instant recovery and help ensure that businesses get back up and running as quickly as possible after an attack takes place. By increasing snapshot frequency, organizations are able initiate their recovery process from a timeframe that’s closest to the initial attack, allowing organizations to minimize data loss and restore critical data and infrastructure quickly.
While a ransomware attack will still disrupt business, accelerating recovery will lessen the organizational, financial, and reputational pain that often follows an encounter with this high-impact threat. By future-proofing critical IT infrastructure and implementing a modern data protection strategy with effective processes to safeguard application data, organizations can create a meaningful approach to recovery. With a tiered architecture, you’ll build resiliency and durability by protecting your data and enabling recovery throughout its lifecycle, lessening the impact of potential attacks.
- What is a Tiered Resiliency Architecture and Why Does it Matter? - November 4, 2022
- World Backup Day: Four Data Protection Best Practices to Know - March 31, 2022