Data Protection in the Era of the Cloud

As digital advancements continue to transform today’s landscape into a complex cloud-based space, businesses have become more vulnerable. With the right data protection, businesses can survive data losses caused by either human errors or security hacks and ensure business continuity.

Earlier this year, Druva released its 2020 Value of Data Report, revealing that 89% of Indian IT Leaders were concerned about protecting their organizational data from ransomware attacks during the pandemic. We spoke to Milind Borate - Co-Founder and Chief Development Officer, Druva, to share some insights, challenges and tips to make the cloud more secure.

The challenge, and common threats

Ransomware has emerged as a formidable challenge. With the increasing volume of valuable and sensitive data that is being generated and stored, ransomware has greater incentive and opportunity to attack unprepared organizations. With the rise in remote working businesses are left more vulnerable than ever to ransomware.

According to IDC, organizations globally are reporting more than 70 per cent of ransomware-infected endpoints every year. Indian businesses recognize the threat of ransomware. Druva’s 2020 Value of Data Report revealed that the pandemic has pushed 89% of Indian IT leaders to protect organizational data from ransomware.

Milind Borate - Co-Founder and Chief Development Officer, Druva

The Changing landscape with the emergence of hybrid – WFH and office - workplace models

With data getting dispersed outside of data centers to endpoints, cloud workloads and SaaS applications, organizations either assume that the data is protected or hope that nothing will happen to their data. Unfortunately, hope is not a viable strategy in the face of errors, outages, and auditors.

With the emergence of hybrid workplace models, organisations face three types of risks -

First, organisations must confront potential security vulnerabilities. With the blurred lines between personal and professional environments, people can download ransomware on their laptops and accidentally infect their organisation. They can also download and unintentionally expose private data. Similarly, users can allocate new cloud infrastructure quickly, but without experience, they can also quickly expose or lose data.

Second, companies should meet compliance guidelines. Employees are using SaaS applications - from messaging to documents - to replace face-to-face interaction. Sensitive communication, now transmitted over SaaS applications, must comply with all regulations and be retained as business-critical information.

Third, companies face the challenges of application outages. As more people work remotely, it is getting difficult to coordinate application and infrastructure upgrades. Somebody will upgrade, modify, or migrate to cloud a component without understanding all the implications because the “hallway conversation” is not taking place. Therefore, companies need to be able to rapidly recover applications to a healthy state.

In this scenario, organizations need to adopt a holistic data protection approach that offers full visibility across their entire data environment. With the need for agility, companies cannot manage a unique solution for each environment. Therefore, they need a solution that spans data centers, endpoints, SaaS applications, and the cloud. This approach ensures that whether an employee is at home or in the office, the data needed for their job is accessible, and the company can be confident that they meet security and compliance standards.

Indicators of a potential ransomware attack

There are classic early warning signs. For example, ransomware may start renaming or encrypting files en masse, or a hacker bent on harming the company may delete thousands of database records at once.  Cyber attackers think strategically about when and where to launch an attack; the large majority of ransomware attacks targeting businesses occur outside of regular working hours and over the weekend.

This is because most organizations don’t have IT staff working during those times, and even if they do, their team is likely under-staffed, unprepared to manage an attack, unable to react immediately and unable to shut down the network at hand. This has been an even more effective strategy during the pandemic where people tend to work more ad hoc and might open the email in the evening or on the weekends.

Steps that organizations can take to improve their data protection

The following best practices are recommended for businesses to improve their data protection

• Review existing data – Before developing a backup and recovery strategy, review the current data architecture. Knowing who owns data and applications, current backup policies, and applicable regulations and requirements positions you for success.

• Follow the 3-2-1 backup rule – Don’t forget the basics. Always keep at least three copies of your data, using two different backup media, and storing one copy offsite, ideally in a separate account to isolate it from ransomware attacks.

• Invest in a cloud backup solution – Since data is so distributed, investing in a cloud backup solution has become a necessary line of defense in today’s modern IT landscape. Unlike on-premises backup protection, the cloud offers connectivity to all data sources, limitless storage for backups, and significantly lower management costs.

• Perform regular tests –  A backup that has not been tested is a backup that should not be trusted. The best way to ensure that your backup is tested regularly is to automate such testing. Not only will this ensure it gets tested more often, but it will also ensure that the team will be comfortable with running a recovery when the disaster strikes.

With the complexity of the new environments and lack of expertise, data protection must be fully automated. With teams manually changing core operations on the fly, the safety net needs to always be there.

Evolving nature of ransomware attacks

Ransomware has become more sophisticated, evolving from encrypting data to deleting backups to now extracting copies of data, which increases the potential damage to your organization. Combating these new malicious attacks requires a comprehensive solution that offers multi-layered ransomware protection and recovery to defend against data loss, accelerate incident response, and simplify recovery, so they can reduce downtime.

Druva’s data protection strategy

Druva’s core focus is to help customers who are making a significant shift to the public cloud and are considering a data and architectural shift as a result. As organizations transform their business with cloud, we deliver data protection and management across endpoint, data center and cloud workloads, which eliminates the dependence on complex infrastructure and time-consuming administration. Our patented cloud architecture transforms backup data into an asset, making it more open and accessible so customers can streamline governance, improve cyber resiliency, and gain critical insights to uncover opportunities and expedite decision making.

The role of cloud-based backup solutions in ransomware protection

Cloud-based backup and recovery is a crucial line of defense against ransomware. As the number of threats targeting data and applications continues to grow, reliance on prevention measures alone is insufficient. Customers need to have new and improved ways to prepare for and respond to incidents, including better visibility, automation and orchestration.  The multi-layered ransomware protection and recovery to defend against data loss accelerate incident response, and simplify recovery, so the businesses can reduce the downtime.

Having secure backup images of critical business data and applications allows companies to roll back in time to recover applications and data before the point of ransomware infection. When integrated with existing security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools, air-gapped backups become the foundation for rapidly and securely recovering from ransomware attacks with enhanced capabilities.