The recent Log4j vulnerability is triggering a whole new round of “Get Ready for Ransomware” webinars and blogs, to the point that IT needs a cure for ransomware overload. While being ready for ransomware is critical, focusing on it exclusively is as dangerous as ignoring it. IT professionals will need to recover from ransomware at some point. They will also need to recover from a natural disaster, hardware failure, or accidental (or deliberate) user deletion of data. To meet these challenges, you probably don’t need to overhaul your data protection strategy, but you will need to enhance it.
Getting Back to Basics
Anytime you feel overwhelmed, the best thing to do is get back to the basics. Almost all data protection and disaster recovery strategies are based on the 3-2-1 data protection rule—three copies of data on two separate storage systems and one copy off-site. While the threats facing the modern data center and the increasing expectations for recovery require enhancing the 3-2-1 rule, it is an excellent tool for recentering your focus.
Curing Ransomware Overload with More Frequent Copies
The first part of the 3-2-1 rule deals with copies of data. First, you need at least three copies of production data. Most of those copies should be created by your backup software application. The enhancement required to protect against ransomware is that your backup storage target should store that data so an external force can’t alter it. It should be immutable.
Another enhancement to the 3-2-1 rule, caused by ransomware and increased recovery expectations, is that you need to execute backups more frequently than in the past. Instead of once a night, the goal should be to capture data multiple times a day and even multiple times an hour for active data sets. Most backup-server software solutions can capture block-level changes to data, making the network requirements for more frequent backups less demanding.
However, the challenge with more frequent but smaller backup jobs is the IO demand on the legacy backup storage system may be more than it can sustain. Modern backup storage must have a flash front end that can sustain the IO demands of hundreds of simultaneous backup jobs with just a handful of flash drives. The increase in frequency not only helps you lower the impact of a ransomware attack it also improves your ability to recover, with minimal data loss, from a variety of failures.
Curing Ransomware Overload with Standby Storage
The second part of the 3-2-1 rule deals with the number of storage systems used in the protection process. The problem is the rule is not very particular on the capabilities of the target storage device. The primary focus is low cost. Since data protection is, in essence, an insurance policy, the policy can’t cost more than what you are insuring. In other words, your backup storage target can’t cost anything close to the cost of your production storage system.
However, the problem with only focusing on low cost is that you end up with a backup storage target that doesn’t add much value to your recovery effort. Modern backup-server software can recover and host data directly on the backup storage target. Still, if the performance of that legacy target is so bad that it is unusable, then there isn’t any value in the feature.
Modern backup storage targets need to provide production class performance and even go so far as to provide standby storage capabilities. If you have a modern backup storage target in a ransomware attack, you have a known clean storage system with clean data instantly available. Suppose the backup storage solution can provide this performance, plus high availability, media failure protection, and other enterprise features. In that case, it can elevate your “insurance policy” to a business continuance strategy protecting you not only from ransomware but also storage system failure.
You can learn more about elevating your backup infrastructure to a business continuance strategy by watching the replay of our webinar “The Four Steps to Elevate Backup into Business Continuance“
Protecting the Off-site Copy
The final aspect of the 3-2-1 rule is “one copy off-site.” Most backup-server software can replicate data to another storage device, and if they can’t, solutions like StorONE’s S1:Backup have the capability. In either case, it is even more valuable if the backup storage target at the disaster recovery (DR) site has standby storage capabilities. Imagine needing only one storage system in your DR site that can receive backup and replication jobs and also become production storage in the event of a disaster.
Keeping Backup Storage Cost-Effective
A cure for ransomware overload is to make sure your backup storage is cost-effective for years to come. While rapid recovery from a ransomware attack or another type of failure is critical, the backup infrastructure must remain affordable. Some vendors are suggesting that an all-flash backup device is the only viable ransomware recovery strategy, but considering the 10X price advantage of hard disk drives, all-flash backup isn’t practical. Modern backup storage targets need to balance rapid recovery with affordable long-term data protection.
Affordability can be built into the rapid recovery effort by maximizing the performance of each flash drive used, thus reducing the total number of flash drives required. It can also be built into the hard disk tier using high-density 18/20TB HDDs with a meager cost per GB. However, backup storage targets need to address challenges associated with recovery from drive failure, and weeks of recovery are unacceptable. RAID rebuild times are more relevant than ever, and modern drive failure protection algorithms like StorONE’s vRAID can recover these high-density drives in less than three hours.
If you are focusing on just ransomware right now, you may need a cure for ransomware overload. Take a step back and apply the 3-2-1 backup strategy. All you need to do is add a few enhancements to the way you store backup data, and you’ve not only solved your ransomware overload but also protected yourself against many other types of disasters.