Organisations which do not employ robust data protection schemes put themselves at serious risk of suffering a data breach and causing potentially fatal damage to the business. Florian Malecki, International Product Marketing Senior Director of StorageCraft, explains how organisations can better protect themselves by assessing and testing their recovery plans for ransomware prevention.
Why is constant data availability so crucial for modern organisations?
Data is the lifeblood of any modern organisation. It provides the foundation for understanding where a business is positioned and is essential to analysing customer behaviour, navigating markets and assessing a business’ performance. Many successful business leaders are dependent on the insight provided by data to make informed decisions about the business’ future.
If the data is breached, subject to a ransomware attack or unavailable for a given period of time, it can prove utterly catastrophic to a business. Lack of access to critical data can lead to malfunctions across the entire business, from significant revenue loss as a result of system downtime, to remote workers being unable to access shared files. Unquestionably, the constant availability of data is fundamental to the longevity and success of any modern organisation.
What is driving the need for businesses to re-assess data protection strategies?
Today companies are generating oceans of data-and not all of that data is equally important to their function. Organisations that know this and know which pieces of data are more critical to their success than others will be in a position to better manage their storage and better leverage their data. Think about it.
As organisations deal with a data deluge, they are trying hard to maximise their storage pools. As a result, they can inadvertently end up putting critical data on less critical servers. Doing so is a problem, because it typically takes longer to access slower, secondary machines and leverage that critical data. It’s this lack of speed and agility, that can have a detrimental impact on business.
Traditionally organisations take a server-based approach to their data backup and recovery deployments. Their priority is to back up their most critical machines rather than focusing on their most business-critical data.
So rather than having backup and recovery policies based on the criticality of each server, we will start to see organisations match their most critical servers with their most important data. In essence, the actual content of the data will become more of a decision-driver from a backup point of view. The most successful companies in the digital economy will be those that implement storage policies based not on their server hierarchy but the value of their data.
What are the implications for organisations which do not employ robust data protection schemes?
Put simply, organisations that fail to implement a robust data protection scheme put themselves at serious risk of suffering a data breach and causing potentially fatal damage to the business. When it comes to system downtime, businesses risk both reputational damage and the cost associated with that downtime.
If customer data is stolen, clients will lose trust in the business and may look to competitors. In addition, if employees aren’t able to access critical files, productivity will plummet, causing a significant dip in output across the organisation. Companies without a robust data protection scheme should look to implement one as a matter of urgency.
What best practice approach should organisations take to data protection?
StorageCraft recommends that organisations assess and test their recovery plans for ransomware prevention, remediation, systems failures, any type of natural disaster, on a regular basis, being once a year, twice a year, etc. It is the only way to know whether they can meet their Recovery Point Objectives (RPO) and Recovery Time Objectives (RPO).
In the event of a ransomware attack, businesses should first identify and locate their business-critical data and take comprehensive steps to protect it. This step includes email security systems, firewalls, regular software updates, clearly audited administrative and access policies and on-going user education.
However, prevention is not foolproof, which is why a ransomware-specific plan for remediation and recovery is essential. Thwarting ransomware is dependent on an organisation’s data locality (i.e., on-premises, in the cloud or in cloud-based applications such as G Suite and O365) and preferred recovery location. Critical elements of a successful plan for ransomware remediation and recovery include:
Immutable snapshots: To ensure unstructured data can be recovered, companies should protect their information with continuous immutable snapshots. Data captured this way is ‘frozen’ and cannot be overwritten or deleted by ransomware attackers. This ensures an organisation can revert to a secure set of data.
Orchestration: A successful recovery process requires that business-critical data and applications are prioritised. Companies using cloud-based recovery should pre-determine the order in which their data and applications will be recovered. This ‘orchestration’ ensures minimal downtime, once data recovery begins.
Immediate recovery: Considering one minute of downtime costs US$5,600 according to industry analyst firm Gartner, the speed of recovery following a ransomware attack is a crucial element of the remediation and recovery process. Solutions such as StorageCraft VirtualBoot provide the ability to recover virtual and physical infrastructures – and both structured and unstructured data – instantly.
Failback: After a successful cloud-based recovery, the last step in remediating a ransomware infection is returning the data infrastructure to its original location and resuming operations as usual. The planned failback process should have a minimal impact on production applications
to minimise any additional downtime and adverse effect on the business.
What are some of the key challenges organisations face when it comes to data protection and how can StorageCraft help address these?
A recent survey, commissioned by StorageCraft, discovered that nearly 50% of IT decision makers are struggling with data growth and believe that it is only going to get worse. Further to this, 51% are not confident that their IT infrastructures can perform instant data recovery in the event of a failure. It’s clear that exponential data growth and its safe storage and protection, is a challenge for organisations and an area that businesses need additional support and guidance.
The findings also reveal a concerning disconnect between an organisation’s confidence and its actual ability to recover from a ransomware attack. While 68% of respondents believe they have a clear plan in place and could quickly recover from a ransomware attack, nearly a quarter (23%) do not test their recovery plans. Of those that do test, nearly half (46%) only test their recovery plans once a year or less.
Further highlighting the difference between the perception and reality of being able to recover from a ransomware attack, the majority (86%) of respondents confirmed they suffered data loss in the past year, with over a quarter (27%) suffering data loss in the last six months. The research also uncovered issues around the budget and complexity of IT infrastructure, which will add to the challenge of ransomware preparedness.
• Nearly half (46%) of respondents reported that they do not have the budget to manage their data and recover from a failure adequately.
• Again, nearly half (49%) of respondents reported they have between three and five different types of systems to manage and protect data. And 33% have six or more different types of systems.
StorageCraft data protection, data management and Business Continuity solutions allow organisations to keep their critical information always safe, accessible and optimised with StorageCraft’s powerful data protection offerings delivering instant, reliable and complete data recovery and eliminate downtime. Our innovative converged secondary scale-out storage platform, with integrated data protection, solves data growth challenges, is efficient and easy to use.
How does StorageCraft offer a simple to use but robust data protection offering?
ShadowXafe is StorageCraft’s next-generation data protection solution. It gives customers affordable access to a simple, comprehensive and cost-effective solution that meets the highest of backup and recovery metrics attainable.
It is easy to manage, affordable and robust, ensuring constant data availability and uptime for businesses. Benefits include complete data protection. By making all data retroactively restorable within seconds, ransomware is no longer a threat. Customers can scale at speed and with ease because ShadowXafe can restore any device or an entire IT infrastructure from a single console.
ShadowXafe ensures total Disaster Recovery and Business Continuity by simply replicating data to a public cloud, a StorageCraft Cloud for a complete Disaster Recovery as a Service or an off-premises location, all with uncompromising reliability, speed and simplicity.
In addition to ShadowXafe, OneXafe is a converged data platform that unifies enterprise-class data protection with scale-out storage in an easy-to-use, configurable solution. For businesses looking to protect and manage their data in heterogeneous environments, OneXafe eliminates complexity and provides flexible deployment to accommodate various workload requirements.
At the same time, it significantly reduces costs associated with secondary storage as well as data protection software. By providing a converged solution, OneXafe removes the need for siloed point solutions and minimises costs incurred from standalone hardware and software offerings. Data protection services are directly integrated into the distributed object store, delivering powerful backup and recovery, with a workflow optimised for simplified management. OneXafe tightly integrates with StorageCraft Cloud Services, with a single click it provides Business Continuity of data, network and application recovery in StorageCraft’s Cloud.
What trends or emerging trends are you seeing in the data protection area?
As data volumes continue to grow at an exponential rate, companies must not only store their data; they must approach data management expertly and look to new approaches. These may include:
● The ‘prevention era’ will be overtaken by the ‘recovery era’: While data protection remains crucial, in the data recovery era, the sooner organisations adopt a restore and recover mentality, the more they will be able to benefit from successful Business Continuity strategies.
● The repatriation of cloud data: Many organisations are embracing the notion of cloud data repatriation. They’re increasingly deploying a hybrid infrastructure in which some data and applications remain in the cloud, while more critical data and applications come back to an on-premises storage infrastructure.
● A data-centric approach to storage: Today companies are generating oceans of data, not all of which is of equal importance. Organisations that recognise this and implement storage policies based on the value of their data, will be in a stronger position when it comes to data storage, management and leverage. As such, it’s likely that we will start to see businesses match their most critical servers with their most important data.
● Immutable storage for businesses of all sizes: Ransomware will continue to be a scourge to all businesses. It’s more important than ever to protect data with immutable object storage and continuous data protection. Organisations will increasingly look for a storage solution that protects information continuously by taking snapshots as frequently as possible.
Companies that capitalise on these new trends and take new, more creative approaches to data management and protection will be able to transform their operations and thrive in the digital economy.