Of all the types of malware, ransomware is a particular threat to businesses today. In our last post on the topic, we covered some key points on the scale of the threat to business continuity posed by ransomware. Your backup strategy - and the solutions that support it - is an important pillar in a holistic approach to dealing with ransomware that should span detection, prevention and remediation.
Backup strategies designed for general purpose business continuity may be ill-suited to the specific characteristics of the ransomware threat because backup files are increasingly targeted by malicious actors in order to maximize disruption.
In this post, we’ll cover the key requirements you should look for in a backup and recovery solution to protect against ransomware-induced downtime.
Isolation from Source/Production Systems
In order for your data to remain accessible in the event that ransomware that has infected production systems, backups must be stored on separate infrastructure from the production data. This is to prevent the spread of the ransomware to the backups that would compromise them as well.
Storing backup files on network attached storage is risky, particularly because ransomware is often designed specifically to seek out network attached storage as a vector to enable its spread. This risk has been magnified more recently as organizations may have opened up permissions quickly in order to enable remote work and a more flexible workforce in general.
Having cloud-based backups that are isolated from your general storage infrastructure is a great way to mitigate this risk. But it also means that the cloud-based backup applications you adopt should have appropriate measures in place to prevent and detect ransomware intrusion.
So what should you look for in cloud-based backup applications to ensure your backups are protected?
Foundational Cloud Infrastructure
Cloud-based backup applications are typically built using underlying, turnkey cloud infrastructures like Amazon Web Services (AWS) or Microsoft Azure. Organizations should consider not only which cloud infrastructures their backup provider has chosen for deployment of their backup solution but the degree to which they are taking advantage of the security and protection measures available on those infrastructures.
Logging, Monitoring and Alerting
While the security capabilities of underlying cloud infrastructures provide a great foundation of ransomware prevention and detection measures, organizations considering cloud backup solutions should ensure that their backup providers take additional measures as well, such as the use of monitoring, logging and alerting tools that can flag abnormal ransomware activity.
Encryption
Organizations should also ensure that their backup providers leverage encryption to protect backup data. This provides an additional safeguard that potential leakage of data doesn’t result in exposure of data, as the backed up data wouldn’t be viewable by malicious actors.
Regular Testing
Organizations evaluating cloud backup providers should also consider whether providers regularly test the measures they have in place to ensure security controls are properly applied and operating effectively. Adequate protection against ransomware threats requires the coordination of multiple technical safeguards as well as operational procedures, and regular testing is essential to ensure that systems that are designed well also operate well.
Third-Party Certification
Finally, organizations looking to ensure their cloud-based backup providers have adequate ransomware prevention measures in place should look for third-party certifications of the provider’s information security practices. This can provide reliable evidence that the vendor can protect the data entrusted to them by having the appropriate controls, measures and programs.
Own helps companies protect business continuity
As the #1 SaaS data protection platform for Salesforce, Own helps over 7,000 organizations better address the unique challenges to continuity from ransomware with backups that avoid pitfalls of traditional approaches while providing additional safeguards to enable safe and timely recovery.
Here’s how we measure up against the requirements outlined above:
- Isolation From Production Systems: Our cloud-based backups enable you to stop relying on backup files that are stored on local and network file systems to support your continuity strategy.
- Foundational Cloud Infrastructure: Own is built on hardened infrastructure from the two largest providers, Amazon and Microsoft, and our engineers also work closely with their technical experts to ensure we are applying best practices in leveraging available security measures.
- Logging, Monitoring and Alerting: At Own, we collect application, network, user, and OS events and analyze them for suspicious activity and threats using multiple, redundant monitoring tools. This provides an additional layer of security beyond what Amazon AWS and Microsoft Azure provide.
- Encryption: We encrypt HTTP communications and also encrypt backup files at rest, minimizing the chances that any data leakage results in data exposure.
- Testing: We regularly perform internal vulnerability assessments and hire independent third-party testers who assess vulnerability as well in order to detect and proactively remediate any exposure points.
- Certification: We subject our security practices to audit and review by third-parties who have certified our processes as adhering to stringent standards. These certifications include SOC II compliance as well as ISO 27001.
You can find further details on how we protect cloud-based backups here, and to see how Own can provide best-in-class support for business continuity, request a demo of our Recover solution below.