A long time ago I heard an anecdote that the highest level of security certification was given to a system that sat in a secure room and was isolated from a network. Today we live in a connected world, and that creates much bigger surface areas for security threats. As much as IT organizations would like to limit exposure, users expect unlimited access to both business and personal email, to be able to work with attachments, to surf the web, and to interact on social media.
Pandora’s Box has been opened
Although risk cannot be completely eliminated, it can and should be managed. In parallel, ransomware has emerged as a top cyber threat to business. The number of attacks and their complexity is unparalleled. These are not simple drive-by threats (such as a random user visiting a site that contains malware); instead, they are custom-designed to bypass an organization’s perimeter security and target specific high-value data sets.
The combination of open access and more advanced threats is something that requires far more attention!
Many organizations derive a false level of confidence from their investment in perimeter security: firewalls, authentication/authorization, antivirus solutions and encryption over-the-wire. When assessing security and protection, however, assume that the perimeter has been breached! The breach point is already beyond antivirus software and firewalls; it is now within authenticated systems where encryption becomes transparent. Do you know what your level of protection is?
How big is a Ransomware threat?
• Ransomware has headlined on FBI, DHS, DOJ, and NSA lists in 2016 and triggered multiple US Senate and Homeland Security questions that have resulted in FBI, DHS, and DOJ responses.
• It’s growing fast: At the end of Q1 2016, 93% of all phishing emails contained encryption ransomware. That’s a 763% increase year over year!
First, let’s look at the infrastructure
If you do control the infrastructure, be sure to take advantage of Isolated Recovery Solution (IRS) for systems such as EMC VMAX and Data Domain. IRS ensures that (a) you have a replica of your storage for fastest recovery, and (b) replication is enabled over a link which is air-gapped when replication is not occurring. That way, any corruption of primary data can quickly be recovered from an unaffected replica copy.
If you outsource your infrastructure (for example, by using the public cloud), does that mean security is no longer your responsibility? Remember, an IaaS provider takes responsibility for infrastructure availability and resiliency, but not for data validity. That means protecting your data on your core systems is your responsibility.
Regardless of the location or ownership of the infrastructure, you should be asking yourself these questions:
• Does it matter if we (or the provider) have certification XYZ.123 or not?
• In case of compromise, how do we recover data?
• Do we have a clean copy of the data that is isolated?
• How quickly can we recover?
Second-level safety is provided by having a well-designed data center protection strategy, including a backup solution, which provides an additional level of isolation for your data. That data should be secure and immutable, and it should be available for quick recovery to any point in time. Solutions such as EMC NetWorker or Avamar data protection software together with EMC Data Domain protection storage provide this level of protection. (more…)