Backup Are Under Attack
When it comes to data security, backup solutions are of the utmost importance when ensuring data can be recovered, no matter how dire the situation. While a disaster recovery scenario for data has historically meant everything from natural disasters to power outages and accidental data deletion, malicious attacks on data (such as ransomware) have become the most common situation.
As Lindy Cameron, CEO of the UK’s NCSC (National Cyber Security Council) stated at the Cyber 2021 conference at Chatham House, speaking to the preparedness of businesses “…many have no incident response plans, or ever test their cyber defenses.” This is exactly what cyber criminals are counting on, which is why ransomware attacks in particular have been taken to a new level of sophistication with Ransomware as a Service (RaaS)—operations like the BlackMatter ransomware group provide services to independent cybercriminals who infiltrate an organization’s server or network.
Backup under attack
Cybercriminals know most organizations back up their data, so those backup solutions themselves are attacked, ensuring an organization has no way to recover from such an attack. One such organization, the Conti ransomware gang, has become adept at rendering some backup solutions useless by hunting for privileged users and services to remove and encrypt backup files.
If a backup is the last line of defense, it must be built to defend against hackers and ransomware.
The meaning of secure backup and recovery
As organizations increasingly rely on backup and recovery to save them from a ransomware attack, the standard security methodologies outlined below—not normally associated with backup—are becoming more important.
- Access control: Related to privilege access, which for backup is related to administration of the product. Since the administration of backup solutions is so sensitive, protocols such as. SSO, 2FA, and RBAC should be utilized.
- Immutable: An immutable backup secures data by making it fixed and unchangeable. This backup type prevents data deletion and makes it recoverable at any time. As a result, immutable backups protect data from accidental or intentional deletion or ransomware attacks.
- Air-gap defense/isolation: Meant to keep a network safe from intrusion, typically meant isolating a network from the internet. Backup and recovery, some vendors refer to this as, keeping data offline or, segregated from the primary data. Given that, air-gap is more related to networks isolation is a more appropriate term for data protection. This can also encompass isolated recovery, where data can be recovered in a location separate from where the primary data existed. This is important, for example. If one or all servers have been infected with ransomware, and the infection has not been isolated or mitigated.
Immutable backup and recovery
Modern data protection solutions, such as Business Continuity and Disaster Recovery (BCDR), are architected with these security requirements in mind. Security spans access to the solution itself which requires multi-factor authentication to remove all back-end administrative requirements by offering the solution as Software as a Service (SaaS). It can be argued that SaaS-based backup solutions are inherently more secure because all software is maintained, from operating system patches to new releases of the software.
Our flagship solution, SIRIS, along with the Cloud are an example of integrating security at every level into backup. The security features listed below demonstrate the leadership we are taken to secure backup.
- Access Control: SSO Integration, Mandatory two-factor authentication (2FA), User administration access reporting, IP blacklisting and whitelisting for backup portal access, Active session management & monitoring, and TOR node blocking.
- Immutable cloud: Purpose-built backup and recovery cloud, a full-time security team, RBAC internal controls to protect customer data, Cloud Deletion Defense™ to “undelete” accidental or malicious backup file deletion, backup data encrypted at rest, geographically dispersed, SOC 2 type II and ISO 27001 compliant data centers, fully replicated for locations in the US, UK and Canada, local backups replicated into the purpose-built cloud via AES 256 encryption.
- Immutability of backup snapshots: BCDR leverages the Zettabyte File System (ZFS) so that all local and cloud backups are in a read-only format. This means they are immune to any type of change, including infection from ransomware. All backup copies are kept in a secure, private cloud and can optionally utilize agent-based encryption which enables customer control of the keys.
- Isolated recovery: Systems on the same local area network as the BCDR appliance (physical or virtual) are unable to access or manipulate backups. Recovery can be performed in the secure Cloud in case a system or location is compromised or made unavailable. Our Cloud is not connected to client systems since it resides in a separate, secure data center. However, once a system has been recovered it can be accessed via other client systems once it has been connected to the client network.
- Engineered for security: we utilizes U.S.-based engineering teams with embedded security specialists. The solution is built on the Secure Software Development Life Cycle (SSDLC) methodology with hardened linux based operating system and Role Based Access Controls (RBAC) throughout the development process.
- Backup verification for reliability of data recovery: SIRIS provides two levels of patented backup verification. Level 1 verification ensures the system can boot while level 2 verification ensures specific systems can be accessed. Additional reliability comes with the patented, integrated backup ransomware scanning and inverse chain backup with checksum.
- Speed of recovery: Entire systems can be recovered in minutes with Instant virtualization in the exabyte class, purpose-built Cloud. Granularity of backup delivers RPO’s (recovery point objectives) as short as 5 minutes.