Isolated recovery environments are critical for modern DR

Disaster recovery strategies have traditionally been designed to restore systems after a disruption using the organization's data backups. Unfortunately, this approach hinges on the backups being trustworthy, and that's not always the case.  

Modern ransomware treats backups as a primary target, forcing organizations to reevaluate their approach and understand that backups themselves might be compromised. Organizations need an uncompromised, clean copy of data in case backups become a target for cyberattackers.  

One of the biggest shifts that organizations are making to combat this is the implementation of isolated recovery environments. Depending on the provider, the actual environments can vary slightly in scope and scale. However, the main goal is to isolate the backup environment from the production environment, preventing the backup from becoming compromised during an attack.  

Investing in an isolated recovery environment provides an organization with an extra layer of protection from cyberthreats. It gives IT leaders an option for recovering from a ransomware attack without having to pay the ransom or risk using tainted backups.  

Isolated recovery vs. air gapping 

While they might sound similar, isolated recovery environments are not just air-gapped backups with a new marketing label. An air-gapped backup is designed to preserve data by making it inaccessible to an attacker. Isolated recovery environments build on this idea by giving organizations an option for restoring business operations after a cyberattack. 

Air-gapped backups can be useful, but they are not the perfect defense against attack-related data loss. For example, an attacker might plant malware weeks or even months prior to launching an attack. In this scenario, an air-gapped backup might already be compromised. Another problem is that if an organization mounts an air-gapped backup before verifying that the environment is clean, that backup could become compromised as soon as it is mounted. 

An isolated recovery environment is designed to address these problems. The environment does not just store the backup data. Instead, it provides a completely isolated environment within which the data can be safely restored and examined prior to moving it back into the production environment. Such environments typically use entirely separate credentials to protect against administrative accounts that might have been compromised. 

Why implement an isolated recovery environment?  

An isolated recovery environment is kept completely separate from an organization’s primary environment. This might be a secondary cloud environment, or the resources might reside in a secondary, offsite data center. This secondary environment is connected to the primary environment, but the connectivity is tightly controlled to prevent infiltration by attackers.  

This environment contains protected copies of production workloads, so virtual machines and containers can be brought online and scanned for any malware. If malware is present, the sandboxed environment prevents it from contacting external systems or accessing production resources.  

Once the workload has been confirmed to be clean, admins can restore it to the production environment, similar to a normal data restoration. 

Although each vendor has its own way of doing things, there are some features that tend to be common among these environments. For example, the backup data in these environments is immutable, preventing an attacker from deleting or modifying it. Typically, this immutable storage is combined with automated malware scanning to detect signs of compromise. By doing so, the system is better positioned to help organizations identify clean recovery points and determine which backups are safe to restore. 

Another thing that makes isolated recovery environments unique is that they are often truly isolated, meaning that they might have their own dedicated Active Directory, DNS or other infrastructure. Even the control planes associated with these environments can be isolated or air-gapped. While not every option on the market features completely dedicated infrastructure, many do. 

Isolated recovery environments are also designed with frictionless testing in mind. In other words, organizations can run DR drills or conduct recovery testing at any time, without adversely impacting production workloads. 

Who should use isolated recovery environments? 

Because there are costs and a certain degree of complexity associated with isolated recovery environments, they might not be a great fit for small organizations. However, nearly every enterprise-class organization and many midsize organizations can benefit from an isolated recovery environment.  

This tends to be especially true in financial services, healthcare, manufacturing and retail environments. Organizations in these sectors tend to be heavily regulated, but are also considered by attackers to be high-value targets. Similarly, organizations that are considered critical infrastructure, such as governments, energy companies and utilities, have also begun adopting isolated recovery environments to prevent service disruptions. 

Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America.