Who’s protecting the data in your data protection storage? That’s a question EMC wants you to think about as the scope of security threat increase.
EMC recommends – and has customers using – an isolated data center disconnected from the network to keep out threats such as ransomware and other types of cyber attacks. This involves locking down systems used for recovery and limiting exposure to create an air gap between the recovery zone and production systems.
An air gapped device never has an active unsecured connection. EMC’s isolated data recovery makes the recovery target inaccessible to the network and restricted from all users who are not cleared to access the it. In most cases, it’s a Data Domain disk backup system that is off the grid most of the time.
EMC’s isolated recovery includes VMAX storage arrays, Data Domain disk backup and RecoverPoint or Vplex software. A Fibre Channel connection between the VMAX and Data Domain ports is recommended.
The air gap is created by closing ports when not in use, and limiting the open ports to those needed to replicate data. VMAX SRDF creates a crash consistent copy of the production environment, and its SymACL Access Control is used to restrict access and eliminate remote commands from being executed from production arrays.
RecoverPoint and Vplex can be used with EMC XtremIO and VNX arrays to handle replication and provide crash consistent copies.
The process allows companies to keep a secure and isolated gold copy. When a new gold copy is replicated, analytics are run to compare it to the most recently copied version. If this validation process reveals a corruption in the new version, an alert goes out and emergency script is triggered to invalidate the replication center and lock down the isolated recovery system. A good gold copy can be restored to a recovery host in the isolated recovery area.
“We think we’re ahead of the curve here,” said Alex Almeida, manager of EMC’s data protection technical marketing.
He said the key to the air gap process is “traffic cannot reach that isolated system from outside. We can shut down ports to that system.”
Almeida sad EMC built its first isolated recovery network at the request of the CIO from “a well-known consumer brand.” The storage vendor has since received requests from other companies, mainly in the healthcare and financial services industries.
“We have sold dozens of these things,” he said.
EMC has been quiet about its air gapping process until now, but went public with it today when it released the EMC Global Data Protection Index 2016 research that included scary numbers about the frequency of data loss from a survey of 2,200 IT decision-makers.
Those numbers include:
- 36% of businesses surveyed have lost data as the result of an external or internal security breach.
- Fewer than 50% of organizations are protecting cloud data against corruption or against deletion. Many incorrectly believe their cloud provider protects data for them.
- 73% percent admitted that they were not confident their data protection systems will be able to keep pace with the faster performance and new capabilities of flash storage.
- Only 18% said they were confident that their data protection solutions will meet their future business challenges.
User error and product malfunctions have always been a problem and cyber theft and denial of service attacks have been around for years. But newer tactics such as cyber extortion and cyber destruction through use of ransomware and other means are looming as expensive threats to large companies.
“Data protection now requires a business to defend backup copies against malicious attack,” said Chris Ratcliffe, senior vice president of marketing, for EMC’s Core Technologies Division. “It’s no longer good enough to have storage as a last resort. You need a solution to protect your storage as a last resort.”