Sergey Nivens - Fotolia
Dell draws line between cyber recovery and disaster recovery
Recovering from natural disasters and from cyber attacks represent separate use cases. Dell says customers should be aware of the differences in how to approach the two problems.
The traditional means of protecting a data center against natural disasters are insufficient to protect against cyber attacks.
Businesses have been able to rely on traditional disaster recovery (DR) methods to return to normal operation after a cyber attack, the same as with a natural disaster. However, there are key differences between DR and cyber recovery, said Pete Renneker, managing director at Deloitte and Touche LLP, in a presentation at the Dell Technologies World virtual conference this week.
DR's purpose is to get operations back to a normal operating state, with minimal data loss. Cyber recovery is about the business's survival, which means focusing on preserving the minimum data, applications and infrastructure that's essential for the organization's existence. Speed and availability are prioritized with DR, while security and data integrity are the focus of cyber recovery.
A system that solves the DR problem isn't necessarily adequate for cyber recovery, as the differences in scope, replication frequency, threat exposure and storage and recovery locations make them two distinct problems, according to Renneker.
"There are some fundamental differences between the two," he said.
One of the tools needed for cyber recovery, but not for DR, is an isolated, air-gapped backup environment, Renneker said. Customers should have a way to store essential data in a low-access, secure and immutable repository separate from production and recovery environments, he said, using Dell's Cyber Recovery vault as an example.
Other vendors such as Datadobi, StrongBox, Nexsan and Hammerspace provide similar isolated storage tools. Dell's Cyber Recovery has an additional analytics component with CyberSense, which can scan the data within the vault for signs of cyber attacks.
Replication and redundancy are the main methods for dealing with natural disasters, and the core components of what's traditionally regarded as DR, but that's not enough for cyber recovery, said Ray Lucchesi, president and founder of Silverton Consulting.
Cyber recovery requires something more akin to backup than DR -- a way to restore to a point in time rather than copying an environment to a new location.
Ray LucchesiPresident and founder, Silverton Consulting
Cyber recovery also needs that extra step of isolation, or air gapping, Lucchesi said. A true air gap has no connection to external networks, so Dell's Cyber Recovery vault and similar products don't quite fit the definition. However, they come close to achieving the same level of isolation as tape, Lucchesi said. Although tape can achieve a true air gap, it comes with drawbacks and costs that some customers might not want.
"This emulated air gap is a good first step. If you're really, really concerned, you can use tape, or some other removable media," Lucchesi said.
Cyber attacks have become the most common type of disaster organizations have to recover from, said Krista Macomber, senior analyst at Evaluator Group.
Customers treat recovery from natural disasters and recovery from cyber attacks similarly in the sense that they are parts of their overall data protection strategy, but more and more organizations have been asking for additional measures for cyber recovery, Macomber said. While cyber recovery is still under the same umbrella as what customers define as disaster recovery, it is clear they are recognizing and treating cyberthreats as a separate issue.
In the virtual presentation, Renneker cited data from a Deloitte survey of 500 C-level executives stating that ensuring data integrity -- finding proof their data hasn't been manipulated or tampered with -- had overtaken general data protection and data privacy as the top concern.
Macomber has seen a similar rise in concern about data manipulation, but she stressed data privacy is still a top concern among customers. The loss of customer trust can have more negative impact than any immediate revenue loss, she said.
"There is an understanding of how much a brand can be tarnished if sensitive customer data is breached -- and of the ripple effect that can have to the business," Macomber said.