10 June 2022
Nobody knows when a disaster will strike, but we can be prepared. However, with so many types ranging from hacking to ‘acts of God’, does one solution fit all? Robert Shepherd finds out
The word ‘disaster’ is rather broad in modern parlance. A bad job interview, the wrong result in a football match and losing your home due to an ‘act of God’ are all – although completely relative and on very different levels in terms of their seriousness – seen as a disaster’ to many.
It’s the same thing when it comes to the IT, data and communications world. Systems can be taken out and data lost as result of anything from human error to a hurricane. The obvious answer to this is disaster recovery (DR) plan. However, with so many types of disaster ready to take aim, it’s important to know what can be done about such unforeseen circumstances.
Let’s get started and ask the experts how they define a recovery plan and what should be included in the package.
“This powerful strategy combines the practices of cybersecurity, business continuity, and incident response which requires capabilities in five functional areas: identify, protect, detect, respond, and recover”
Greg Jones, business development director EMEA at Datto says that to address increasingly complex ransomware threats, some companies are now thinking beyond established security tools and are now building true cyber resilience. “This powerful strategy combines the practices of cybersecurity, business continuity, and incident response which requires capabilities in five functional areas: identify, protect, detect, respond, and recover,” he adds. “These capabilities cannot be purchased, they need to be built by combining people, processes, and technology. With the right cyber resilience capabilities in place, companies can protect themselves from unknown threats, minimise the impact of attacks, and reduce downtime.”
Jones also says that “recovery needs to start before an attack takes place”. To that end, he says it’s critical for companies to evaluate their IT and security budgets to ensure that they’re able to implement advanced security and data management capabilities. “This will allow them to effectively back up and secure networks, while enabling business continuity capabilities. Having a business continuity and disaster recovery solution in place is the most effective solution for preventing the loss of data following an attack, as it provides the ability to quickly retrieve data and avoid costly downtime.”
More on costs and budgets later, but Russ Kennedy, chief product officer, Nasuni says the DR package should reflect the current environment and prioritise the systems and data that need to be restored first to return to normal operations. “The plan should also be tested regularly and updated as environment and business priorities change,” he adds. “For file data, organizations are turning to the cloud to provide flexibility for their disaster recovery plans and to minimize the cost and still meet the RPOs and RTOs associated, required by their business. Being able to save versions of file data in the cloud with sufficient granularity and recovery speed is why these organisations are modernising their DR plans.”
“Studies show that a majority of DR plans fail when needed”
A DR plan can consist of many things and recovery of IT systems is only one part of that, according to Sandeep Jandu, senior recovery specialist, Assured Data Protection. “The key parts of any plan should include contact details for staff and external organisations, what protocols and procedures need to be done in the scenario, expected order of events and expected timeframe of which things should be done, if staff relocation is in order, how will this happen and where do they need to go,” he adds. “A complete DR plan looks at all aspects of a DR scenario not only within IT but as an organisation as a whole. One of Assured Data Protection’s strengths is that we can cater for multiple different scenarios.”
I don’t profess to be an expert on disasters of any type – if I was, my career path to date would look very different to how it does now – but surely the recovery process is different depending on the type of attack (IT failure, natural disaster, terrorist attack, sophisticated hack)?
Jones puts me at ease immediately. “Absolutely,” he says. “The disaster events differ in their durations, area and scope. Disasters can and do affect disaster recovery infrastructure as well as the production. That is why it is important to have a multi-tier strategy in place.”
He also shares an example as to where a single server can be recovered on local disaster recovery infrastructure, i.e., purpose-built disaster recovery appliance, Datto SIRIS. “Yet, the hurricane may wipe out the entire data centre, including local disaster recovery systems,” he continues. “For major area disasters the business must have a remote, cloud-based disaster recovery solution, located at least 100 miles from the production. In case of malicious actions like a terrorist attack or a hack, the recovery process would also include security-related actions to eliminate potential sabotage of the backup and disaster recovery infrastructure, i.e., injection of backdoors and time-triggered malware.”
Kennedy adds that organisations need to plan to address natural or malicious disasters with a key focus on restoring the organisations IT systems to full production as quickly as possible. He says that in the case of disasters impacting their file data, whether natural or malicious these organisations need to quickly identify the cause of the disaster, mitigate the impact of the disaster and restore the environment to full productivity with minimal impact on their users.
“Recovery point objectives (RPOs) and recovery time objectives (RTOs) are the crucial key requirements and metrics when developing disaster recovery (DR) plans and strategy,” Kennedy continues. “The difference that cloud file storage makes is that CISOs and IT teams can take a surgical and less labour-intensive approach to meeting these requirements: if there is an attack or disaster incident, they can simply dial back their data volume to a point immediately before files were lost or corrupted and achieve an up-to-the-minute recovery point. Second, IT teams can focus on restoring only the files that have been affected vs. combing through the entire volume. In most cases, end users will never know an attack happened.”
When it comes to dealing with disaster, Kennedy explains how Nasuni has supported several companies with global operations to recover their business-critical data. He says serious cases included an organisation that faced a ransomware attack on its core data centre infrastructure but was able to recover within one weekend using file restoration. “In another incident, a company executive told us that when mitigating a ransomware attack on its systems, their biggest concern was locking down infected workstations and preventing users getting re-infected,” Kennedy continues. “The executive noted that file restoration from Nasuni snapshots worked perfectly, bringing all the organization’s data back online and intact. Customers have reported to us that due to power situations they have lost locations in their enterprise, but users are still able to access their data.” He says this was due to Nasuni’s unique architecture where the “gold master” copy of the data lives in the cloud object storage solution and each location has edge devices that provide access to the data and cache a copy of the active data locally.
There are also some steps businesses can take to minimise their chances of being hacked or losing data. “The 3-2-1 rule is an easy rule of thumb for a resilient backup strategy,” adds Jones. “You need at least three copies of a backup, two of which are in different locations, and one of which must have protection against destruction (immutable). This immutable copy of the backup means you will always have the ability to restore backups after an attack, despite the attacker’s best attempts to destroy them.”
While it’s heartening to learn that a plethora of vendors are ready and waiting to help your enterprise should disaster strike, these services aren’t gratis. So, in very stark terms, what if you don’t have, for want of a better expression, the protection money?
Kennedy claims Nasuni is the only primary cloud file storage solution with the in-built ability to recover file shares from a ransomware attack or random disaster within minutes at no extra cost. “We believe that organisations shouldn’t have to choose between protecting their company’s file data and their IT budget,” he adds. “Using cloud file storage, file data in use at all locations can easily be restored at a fraction of the time compared to traditional backup systems.”
Jones says there are an amazing number of great technologies and services to help build security and cyber resiliency. For example, he says MSPs and SMEs can purchase an endless number of products or services, including hardware, software, or outsourced services. “Much of the technology that was once only available for enterprise organisations are now accessible and affordable for SMEs,” Jones continues. “However, rushing to buy such technology and services is not always the best approach when building cyber resiliency. As an MSP or SME, it is important to first discover and identify gaps within your cyber resiliency plan and/or framework. Start with people then move onto processes before looking into technology and services.” However, Jones says there’s an element of caveat emptor.
Jandu’s analysis is pretty blunt: “Seeing that data is the lifeblood of most organisations, and the loss of your data or access to your data would affect the running of your business, we suggest that you beg, borrow and steal from other budgets in order to ensure you have a good backup and DR strategy in place,” he says. “There are cost effective solutions out there that you can employ, but the adage of you get what you pay for comes into play - especially when it comes to dealing with a data loss scenario that involves a ransomware attack. The key thing is ensure that your backup data is immutable, and whatever DR plan you put in place that you test it on a regular basis. Studies show that a majority of DR plans fail when needed.”
Whatever the budget you have ringfenced for DR Jones would like to impart “a word of caution” to any enterprise or network manager charged with protecting data.
“Don’t rush into buying new technology just because it’s in the security category, as this can sometimes hinder building true cyber resiliency,” he concludes “Only after gaps have been found and identified should the right technology be purchased.”
Overall, a good disaster recovery plan reflects the current environment and prioritises the systems and data that need to be restored first to return to normal operations. The plan should also be tested regularly and updated as environment and business priorities change, according to Kennedy.
“In most cases, end users will never know an attack happened”
“For file data, organizations are turning to the cloud to provide flexibility for their disaster recovery plans and to minimize the cost and still meet the RPOs and RTOs associated, required by their business,” he adds. “Being able to save versions of file data in the cloud with sufficient granularity and recovery speed is why these organizations are modernizing their DR plans.”
Unfortunately, as Jones says, sometimes disaster must strike first before you start to invest.