StorONE Blog

Redefining Backups in the Era of Ransomware: Strategies for Immutable, Resilient Data Protection

Written by: James Keating

In the IT storage world in 2024, there is a lot of talk going on about backups, archives, immutability and ransomware attacks, however despite all of this attention, it seems like the definitions of all of these are fuzzy as ever.  I have been working with backups and archives since before the iPhone was a thing, and during this time, it has always amazed me at the vast differences in definitions that exist for what we all would think are common items.  For example, I have gotten definitions for enterprise backup, that could fit into archival, or disaster recovery.  It seems like there is not a common understanding of what one is referring to when they mention backups.   So, let’s look at backups as a copy of data to be used for restoration when data is lost, corrupted, or we need to perform a task on the data that we don’t want to do on the primary copy. 

Backups are more than writing to hybrid storage

Using my above definition, I have seen backups at times treated as something more akin to a diet than to a true business function.  I am referring to when backups are viewed as something we should be doing, and we try, but we don’t have any real procedures or models we are consistently using.  Reminds me of eating healthy, we want to, we try to, but we don’t take all the steps to make sure it happens consistently.  A more technical way of looking at this is architecting backups as backups.  This is the practice of focusing on achieving a backup copy, however I would argue, backups should be treated more in terms of restores.  The goal of a backup is to be able to restore the data when it is needed, so architecting for successful restores may be a better way to go.

In the past restoration of backups was often limited to a few files due to corruption, or user error, the ask was not typically to restore an entire environment, this was left to disaster recovery functions (for the purpose of this discussion, we will assume that is some form or replication).  Enter ransomware, and now backups may be required to restore an entire environment and will have the pressures of doing so quickly to get back into production.  This is because replication alone is not enough in an age of ransomware encrypting your data, if it is encrypted on side A, it will quickly become encrypted on side B.  Ransomware bad actors know this, they also know that backups have long been an area of potential weakness, so they will target backups.

Ransomware has changed the game 

Let’s look at how a ransomware attack can work.  The bad actors get into your systems and depending on who you ask, they sit there for a long time, over 100 days in some cases.  They use this time to map out where the data is, and how the data moves throughout the enterprise.  Next backups are targeted, this does two things, it makes it much more difficult to get data back after an attack, but it also is an area that won’t be noticed immediately. Think of it is as going for the lowest rung first in terms of how companies typically classify data.  Then they will move up the stack of data and eventually encrypt production.  This means backups are an edge or attack surface.

So, how can one help prevent this.  First are good security practices that is a given, but backups should also be viewed not as the lowest rung of data, but as a primary attack surface and a critical part of surviving a ransomware attack.  From a StorONE perspective this is a place where a multi-layered approach would seem like a good one.  Use your backup software’s security features as a layer.  Use good, overall security practices as a layer.  Finally, add the immutable snapshot feature of StorONE to allow for your backup data to have an enhanced level of protection.  Yes, I am suggesting snapshots of your backup data.  This can be easily achieved with a StorONE system as the backup storage target.  StorONE offers included immutability on all snapshots be it of primary or backup data.  Secondly, we can offer multi-admin approval for changes to the snapshot data, so that is another layer of protection.  StorONE also can allow for cost effective storage of snapshots for years with optimized data placement.  Think of it as air gapped immutability like tape, with the ease and performance of disk.

In a time when data is more important than ever, having a strategy for all layers of your data including backups is important. 

Request a Demo