Experts: Ransomware protection needs smart storage strategy
Vendor products can offer unique ransomware protections, but comprehensive strategies across storage clouds and formats still form core of IT protection.
Immutable copies and an ongoing backup plan, including duplication in the cloud, should form the core of an organization's storage defense against IT threats, say security analysts.
Specific vendor implementations of file versioning can be useful as a first line of ransomware protection by offering expanded rollback functions, such as Panzura's CloudFS file versioning. But analysts say organizations shouldn't rely on just lone immutable copies or solutions. Instead, an ecosystem of backups and duplication can help with recovery, regardless of the attack.
Applied Software, an Atlanta-based managed service provider for Autodesk programs and numerous file system services including Panzura, had portions of its own file system encrypted by Thor ransomware through a rogue PDF file.
CloudFS allowed the team to quarantine infected files and recover the system's original state to minutes before the initial corruption, according to Douglas Dahlberg, a director of digital transformation services at Applied Software.
Panzura's CloudFS software converts unstructured files into object storage into an organization's particular cloud or on-premises setup. Panzura claims the software can revert changes to files as recently as one minute prior.
"Anybody can fall victim to any of this stuff," Dahlberg said. "Everybody falls victim to this at some time. We were lucky; this was a straightforward solution."
The straightforward Thor attack is, likely, what helped protect Applied Software from even worse consequences, according to analysts.
"I would always recommend immutability," said Christophe Bertrand, a senior analyst at Enterprise Strategy Group, a division of TechTarget. "The key to remember is that every attack is different, and its anatomy dictates the recovery."
Bertrand suggested organizations' IT departments develop and practice data policies of air gapping attack vectors and creating immutable backups, including across multiple clouds and on tape.
Krista MacomberSenior analyst, Evaluator Group
IT departments should develop their analytical skill sets and capabilities, as well, he said. The ever-changing landscape of viruses and ransomware means the ability to spot abnormal behavior can mean the difference between a several-hour headache or a complete system collapse.
"Practice makes perfect; it's no different with practicing recovery," Bertrand said.
The cloud hyperscalers do offer solid protection for backups, Bertrand added. Due to their size and potentially valuable targets, public clouds, by nature, are frequently improving their defense against attacks.
"Everyone has the same issue," he said. "Ransomware is an equal opportunity offender."
Krista Macomber, a senior analyst at Evaluator Group, similarly said the cloud shouldn't be a replacement for a protection strategy or considering other vendors specializing in security.
"I think the jury is still a little bit out, in terms of what the cloud providers offer for full data protection," she said. "I don't think that answer is right there today."
Vendors such as Panzura can offer some cost-cutting measures versus wholesale replication in the cloud, such as eliminating snapshot fees, because public clouds can add up costs quickly.
"Being able to keep data can get expensive in the cloud," Macomber said. "We do see some vendors getting creative in ways of trying to avoid those costs. At the end of the day, it comes around to your particular requirements and your particular implementation."
Data ownership and protection, ultimately, comes down to the individual customer, as many hyperscalers offer no protection guarantees, Macomber said. She also echoed Bertrand's comments on IT departments practicing their defensive maneuvers.
"These bad actors are getting smarter all the time," she said. "They're getting extremely innovative, and they're getting better all time."