Cybersecurity has evolved greatly over the last 20 years and, in fact, nothing about it is the same as when the concept of cybersecurity first emerged. Need proof? Even dictionaries have not kept pace with the growth with many still promoting the idea that cybersecurity is primarily building walls, “Cybersecurity isdefined as measures taken to protect a computer or computer system against unauthorized access or attack.” Today, the meaning of every operative word in the definition – measures, computer systems, access, and attack - has broadened well beyond what was originally intended.
And it isn’t just about virus scanners and passwords anymore. While still important, the world and goals of cybersecurity have changed greatly:
Threat- Twenty years ago, cybersecurity was pretty much limited to external individuals. But we all know that these bad guys have evolve and now include malicious insiders, state-sponsored agents looking to steal secrets, competitors, and organized criminals.
Technology - The role of technology has evolved from simply improving office productivity to supporting entire business operations running worldwide 7x24x365. Uptime is measured, demanded, and expected. Further, as more systems are spread in datacenters around the globe and in the cloud, they require higher levels of protection.
Role of IT – In the past, IT tools were home grown. Now, organizations purchase a variety of powerful and complex solutions that IT organizations must manage while also protecting a company’s data. Interestingly, while the amount incoming data has exponentially increased, IT budgets as a percentage of company spend has greatly declined. In fact, a recent study found that the amount of data required to be protected has grown 33 times the number of IT people charged to protect it.
The frequency of data breaches, the sophistication of hackers, and the growing use of ransomware has created a disruption to all walks of life including political affiliations, large corporations, Small to Medium-sized businesses, and even police departments. These threats are impacting everyone’s ability to protect business continuity, as many don’t know how to begin protecting their intellectual capital and data assets and in fact many falsely believe they are already protected. This is clearly a costly mistake as downtime, accidental and malicious together cost business over $700B last year.
Cybersecurity mandates have even found their way into federal law as Sarbanes-Oxley (SOX) compliance is required for every publicly held company. In addition to requiring corporate officers to take greater responsibility for the accuracy of financial reports, SOX mandates that organizations understand the risks that may impact the financial reporting process. A proper assessment of this risk must include risks resulting from inadequate disaster recovery or business continuity plans.
Elements of an Active Cybersecurity Defense
Let’s face it, the harsh reality is that in the present environment, at some point you will be hacked. It’s just a matter of time as threats are very strong. Though you may not always hear about it, even the largest corporations are victims. Assuming you are doing all you can to keep them out, there are things you need to do today to limit the impact that an incursion will have to your operation. A broad range of technologies and processes are required to protect corporate data and systems. The defensive capabilities of cybersecurity are changing rapidly. To make sure you are as prepared as one can be, below is a list of required systems and best practices to maximize protection:
The most elemental protection against data loss is backup. It seems intuitively obvious that making a regular, formal copy of your data makes sense, but many smaller organizations still don’t do it. One of the most prevalent forms of cyberattack is malicious employees purposefully deleting data as they exit the company. The role of backup plays an even stronger role if you expand the concept of cyber security to include employees accidentally deleting or over-writing their own files. Good backups are also the primary protection against ransomware.
Backup Best Practices:
Must be done with no interruption to ongoing business processes– Some forms of backup require all systems and applications be quieted before a copy can be made. This “backup window” is usually early in the morning when there are few workers on the job. But what happens when you work around the clock? Backup technology must be able to take snapshots of changed data at regular intervals throughout the day so that you gain short Recovery Points (RPOs) to limit data loss.
Must be able to protect all forms of computing products and software – Today’s data centers are a heterogeneous mix of gear and technologies and it is very common to find applications deployed on both physical and virtual servers. Since no one can foresee future recovery requirements, backups need to copy files, applications, and full volumes, including all the settings required to support full server replications, called bare metal restores.
Cloud providers offer high availability but not backup – One big mistake companies often make is that cloud providers provide backup for applications running on their infrastructure. Corporate IT is as responsible to back up their cloud workloads as they are for on-premises applications. This can be done multiple ways, from a VM to a different VM in the same cloud, cloud to on-premise or even across cloud providers. Bottom-line; you are responsible for your own cloud backups.
Protect your cloud Office 365 – This suite deserves unique mention because it is so widely adopted, with an estimated 50,000 small businesses added each month. Microsoft does permanent removal of deleted files after 14 days, generally before someone realizes that they deleted something they need again, and recovery within that 14-day window can take days. This means that O365 users need to setup their own backup system. The best tools offer self-service recovery capabilities for quick restores.
Ransomware resistant – Ransomware developers target Windows servers because of their large numbers. This is especially true among SMBs companies, as they specifically target those least likely to have good defenses. To keep from being a victim, backup appliances should be Linux-based, and ransomware resistant.
A backup is of no use if it can be destroyed with the primary data by the same event, maliciously or accidental. Data loss from site level disasters are especially crippling as server performance must be restored as well as corporate data. Regular rotations of data backups that support full server restores must be a regular part of the IT job.
Off-site Replication Best Practices:
Choose a cost effective secondary location – Organizations such as school districts and governments have an advantage as they generally have locations over a wide geography. However, if you are a single location business you need a remote target for your secondary backups. Consider using a cloud provider with dedicated services and support for remote backups, as this will generally be the most cost effective alternative.
Use the off-site, protected data for disaster – Some cloud providers offer services where remote backups can be spun-up and used in the event of a disaster.
Deduplication – Deduplication is a technology that reduces the file size by identifying redundant elements. Employing an integrated deduplication technology as part of your replication strategy will greatly reduce the amount of storage as well as make network transmissions faster and less impactful on internal bandwidth.
Encryption – Many industries such as healthcare and finance are mandated to protect customer data while it is in transit and/or at rest. Look for a backup system that can allow automatic encryption of selected files or datatypes as part of the backup process.
Self-service recovery – Basic file recovery of accidentally deleted or over-written docs is the most common data recovery required. You must be able to manage your own file recovery and not depend on another organization. A good file recovery process should take less than five minutes from login to full file availability.
Cybersecurity often includes legal defense, as tax law requires corporations to store detailed tax information for seven years. The retention schedule of a drug company also has dozens of types of documents required to be retained for perpetuity including information on hazardous material spills, board of directors notes, human drug trial results and adverse drug reactions. Not complying with these mandates exposes the organizations to the same sorts of negative consequences as an external data theft.
Archiving Best Practices:
Dedicated functionality – There are clouds that are specifically designed for archiving. They create their own replicated and protected copies and are priced to provide storage for only the required volumes and length of time required.
Double duty – Superior cloud archive suppliers can offer additional disaster recovery services from backed up data and applications. Generally, this is priced affordably especially if compared to creating your own off-site location. This provides another layer of disaster protection.
Disaster Recovery-as-a-Service, (DRaaS) is the ability to recover application and business performance on remote infrastructure after cyber-attacks, accidents, or natural disasters. This capability includes not just data storage but system settings pre-positioned to be deployed in the event of a disaster declaration. This capability can occur in remote corporate locations or in a public cloud.
Disaster Recovery Best Practices:
Automatic – Implementing disaster recovery should not depend on someone manually starting recovery, especially if they are from potentially failed servers. After you lose your servers, your DRaaS provider should be able to spin up your remote infrastructure in minutes.
Service Level Agreements (SLA)– It is important to have an SLA with your DR supplier. Not only does this give leverage to demand quick action, it is also a sign that the supplier is confident to offer compensation if they do not meet their standards.
While we all hope that we will never need our disaster recovery tools, hope is not a strategy. IT needs to ensure that if a disaster is declared, systems will work as planned. In fact, many federal and industry regulations such as HIPAA and SOX mandate regular testing to ensure compliance. Written proof of test results is common. However; superior testing should actually simulate the DR process up to, but just before applications are deployed.
Testing Best Practices:
Unlimited testing - Testing is no longer just a once a year procedure because changes to the infrastructure are made all the time. Testing needs to done after adding a new server, application or virtualizing a portion of the datacenter and should be performed as many times as there are changes, across all your assets no matter where they are deployed.
Datacenter management has evolved greatly over time. Originally, companies had a philosophy called “best-of-breed” where the best product on the market was purchased to provide a particular service. IT’s job was then to stitch them all together thinking that if each app was the best then the total infrastructure would be superior to any single offering on the market. This is no longer the preferred approach. The best-of-breed approach created a lot of finger pointing between vendors around performance issues, took a long time to deploy, was slow to change with new requirements and very expensive.
Managing Complexity Best Practices:
Single solution - Having a single vendor for the entire backup, recovery and retention process ensures that there is no finger pointing and provides “one-throat-to-choke”. These single solutions are easier to upgrade and deploy as functions are designed to work together.
Single interface – Organizations today are generally spread across geographies. Backup, recovery, and retention procedures should be able to be managed from a single console with control across appliances (hardware and software) no matter where they physically reside.
Importance of Support – Support services are critical with any solution required during disasters. Look for a provider with a high customer satisfaction rating, available 7x24x365, and with support resources co-located with engineering.
Change, while scary, is usually quite good
Following these recommended steps will provide you with levels of cybersecurity to survive threats unforeseeable several years ago. Put into practice these recommendations and be sure to select a local technology provider that can support and guide investment and deployment choices. With the right partner, you should be able to future proof your infrastructure to withstand new, unforeseeable threats that are sure to emerge in the years to come.
Dick Csaplar is a product marketing manager at Unitrends, an all-in-one enterprise backup and continuity solutions. Previously, he was a recognized industry analyst for a Boston-based firm advising clients and writing about new technology trends in data centers and the cloud.To learn more, visit www.unitrends.comfor more information or follow the company on Twitter @Unitrends.