kras99 - stock.adobe.com

Tip

Building cyber-resilient storage beyond backup

Traditional backup methods aren’t enough to deliver cyber resilience. High-performance storage architectures enable enterprises to rapidly recover and adapt from cyber events.

Cybersecurity has been steadily evolving into cyber resilience, meaning that enterprises must deploy technology resources to quickly recover and adapt from a cyber event. Traditional data storage, data backup and recovery solutions may be insufficient to handle such requirements. As such, today's mainstream backup solutions may not deliver cyber resilience. 

This article examines issues that can ensure enterprises have sufficient storage, backup and recovery to deliver cyber resilience. 

Storage versus resilience

Traditional data storage architectures use a variety of systems and networks to deliver an efficient ecosystem for protecting information. Primary storage, backup storage and archival storage assets may be linked using specialized applications, storage area networks (SAN), network attached storage (NAS) and other arrangements. 

Storage performance metrics, such as recovery time objective (RTO) and recovery point objective (RPO), establish performance levels for data storage and recovery. And while these have been among the key metrics for several decades, they may be insufficient when the goal is cyber resilience.

Primary storage architecture determines recovery

Figure 1 depicts a typical storage architecture. Primary storage handles the day-to-day activities. Backup storage collects copies of system databases and files and maintains the most up-to-date version. If recovery of data and systems is needed, and primary storage is unavailable, recovery software retrieves the backup copies and moves them into production.

Typical storage architecture
Figure 1 – Typical storage architecture

This architecture is suitable for production and minimally disruptive cyber events. But how does it scale to environments where enormous amounts of data are being processed, such as with CRM and ERP systems? And is it sufficient to back up and recover the data that may be needed after a cyberattack? 

The growing use of artificial intelligence introduces yet another dimension to storage and recovery. For example, AI systems are likely to be highly compute-intensive, requiring vast amounts of data. Traditional storage, backup and recovery architectures may not support the added overhead needed to handle AI requirements.

It is not uncommon for IT admin teams addressing storage, backup and recovery or even archiving to operate as silos. In situations where a collaborative process is needed for recovery from a massive cyberattack, these teams may work at cross purposes, rather than as a unified entity. Recovery and resilience in a sufficient time frame are hampered as a result. 

This is why a traditional backup and recovery architecture can fail when recovery and resilience are needed on a massive scale. 

What a cyber-resilient storage architecture may look like

When migrating an existing storage architecture to one that supports cyber resilience, storage teams must carefully examine:

  • Current and anticipated storage, backup and recovery requirements.
  • Speed of recovery.
  • How much data will need to be recovered.
  • Network bandwidth to support data flows.
  • Software that raises the bar on overall storage ecosystem performance.

Figure 2 suggests a possible cyber-resilient storage architecture. It is built on the primary storage architecture, with enhancements such as using all solid-state devices (SSDs) while minimizing hard disk drives (HDDs). Network performance will need to be enhanced significantly to reduce latency and increase throughput. A new parallel storage infrastructure, operating in effect as a shadow to primary storage, is designated as "resilience storage" to be brought into use in situations where massive amounts of data may need to be retrieved, recovered and reinstated. 

This ecosystem can be built on a combination of cloud storage, MSP storage and dedicated on-site storage, all of which are optimized for high performance in a cyberattack or other disruption. 

Cyber-resilient storage architecture
Figure 2 – Cyber-resilient storage architecture

Resilience storage and backup resources are dedicated to post-event backup and recovery. They are also instrumental in establishing cyber resilience. In Figure 2, the cyber-resilient part of the new architecture should have a strong AI management component. In practice, AI constantly monitors storage and backup operations, engages with cybersecurity systems to identify potential threats, and quickly activates the enhanced resources when a cyberattack is detected. Existing production storage and recovery systems will need to synchronize with the AI-based resilience architecture for optimum performance and resilience. It may be preferable to have the new technology handle both production and emergency storage and backup requirements.

Another cultural change to facilitate the evolution to cyber resilience is for storage admins, backup admins and CISOs to collaborate. 

Benefits of a cyber-resilient storage framework

Evolving from traditional storage architectures (Figure 1) to a cyber-resilient architecture (Figure 2) delivers enhancements beyond cyber resilience. 

Faster recovery times from cyberattacks, such as ransomware and phishing, are immediate benefits from the proposed high-performance storage and recovery framework. The ability to rapidly retrieve, recover and reinstate mission-critical systems and data can greatly reduce downtime and potential reputational damage. This is also true for non-cyber disruptions such as power outages and network disruptions. 

Enterprise disaster recovery plans will need to be redone to reflect the new storage architecture. This means backup and recovery procedures will need to be updated, testing of the new architecture will be an essential activity and the overall recoverability and resilience of IT ecosystems will be enhanced. 

Business continuity and cybersecurity plans will need to be updated to reflect the new storage, backup and recovery architecture. This will necessitate updates to policies and procedures, training and awareness as well as program testing. 

Cyber-resilient storage and backup frameworks are based on a multi-tier architecture that is enhanced by AI, high-performance storage and networking technologies. In addition to the technology aspects of this framework, noted cultural changes should also be implemented to ensure fast, coordinated and efficient recovery from a cyberattack and to increase the enterprise's cyber resilience.

Paul Kirvan, FBCI, CISA, is an independent consultant and technical writer with more than 35 years of experience in business continuity, disaster recovery, resilience, cybersecurity, GRC, telecom and technical writing.

Dig Deeper on Primary storage devices