The public cloud has become a major focus of ransomware operators, who are always quick to seek out new opportunities for pay off.
Originally intended to spread quickly throughout on-premises settings, cyber criminals are now retooling ransomware to function on cloud native architectures and infect containers.
As a result, ransomware is now better able to propagate throughout and steal data from the public cloud. According to research from Veeam Software, 45% of production data was encrypted or affected during a ransomware attack and the latest Crowdstrike threat report found cloud exploitation incidents increased by 95% in 2022.
Candida Valois is field CTO for Scality. She’s an IT specialist with more than 20 years of IT experience in architecture, software development, services and sales for various industries. She is passionate about technology and delivering valuable solutions.
These threats have some companies reconsidering whether the public cloud is the best fit for their organization, or whether they should adopt a hybrid approach.
By staying updated on the latest storage options and how storage contributes to security, you’ll be adding value in your consultative role and offering technologies that help customers create a multifaceted data storage and security approach to stay ahead of change and vulnerabilities – with the flexibility they need.
Start with zero trust at the core
A multi-pronged strategy is necessary for ransomware prevention. This entails safeguarding typical ransomware infection pathways through the maintenance of strict authentication and access policies; routine analysis and immediate patching of internet-exposed software vulnerabilities; and network and endpoint security monitoring.
It’s also critical to use automation and administrator training to prevent cloud misconfigurations.
Core to this approach is a zero trust security architectural design. This enables you to prevent unauthorized access to data and services, and enforce access control in a granular way.
No matter how distributed a network becomes, or what mix of hybrid or cloud infrastructure is used, an organization can enforce least privilege pre-request access decisions.
Build a solid backup strategy based on the 3-2-1-1 rule
Backups are one of the most essential elements in a strong ransomware protection approach. Maintaining encrypted backups of sensitive and mission-critical data is crucial, as is ensuring a full restore can be carried out swiftly enough to prevent customers from experiencing more downtime than they can stand.
Air-gapped backups are necessary now that ransomware operators are increasingly targeting backups and succeeding, and there are now more efficient and less costly ways to create these. Veeam’s 2023 Ransomware Trends report found that in 93% of cases, attackers target their victims’ backups.
You can help security leaders carefully consider the backup technologies they’re planning on buying, especially if they’re attempting to create a best-of-breed security stack with the highest level of defense against current ransomware threats.
The 3-2-1-1 backup method is an industry best practice for data security. Three copies of the data must be made, and stored in two different locations, one of which must be offsite. The second “1” is that at least one copy of the backup must be air-gapped (kept offline), meaning there’s no way a ransomware attack can reach it.
This backup method is completely compatible with a hybrid cloud data storage strategy since it enables organizations to store one copy of the backups in their own data center and the other copy in the cloud.
This indicates that a company is not delegating to the public cloud all its priceless data, which, despite its numerous benefits, can also present risks. These risks include not just cyber security concerns, but also potentially slow restores.
Similarly, enterprise-scale backup plans must, of course, be scalable to allow for growing data volumes.
Empower customers with an unbreakable data infrastructure
An organization’s enterprise-grade ransomware protection plan will have a strong footing if it is based on the most appropriate on-premise object storage solution for their needs.
Consider that 80% to 90% of data today is unstructured. Unstructured data can be more easily accessible by unauthorized users if not properly secured. And configuring access controls and permissions correctly for unstructured data can be more difficult.
Due to the lack of a strict schema, identifying sensitive information in unstructured data can be more challenging, potentially leading to data leakage.
The most cyber-secure option for unstructured data is immutable or “unbreakable” object storage. This is the dominant object storage technology. It contains all the security measures that AWS has put in place for its S3 cloud storage bucket, but the storage is located inside a private data center, behind a firewall.
Since on-prem object storage is not accessible via the public internet, this naturally offers more privacy and control.
Unbreakable object storage employs advanced authentication procedures and permissions to thwart cyber attackers. Key-based authentication, which makes data accessible to authorized users only, is used by the most reliable object storage solutions. Each user must have access to the proper encryption keys, including a secret key and a private key, as well as the required permissions.
This type of object storage offers data immutability, meaning that data cannot be changed, overwritten, erased or encrypted for a length of time that the administrator determines. Even an administrator cannot alter the duration of the time period while the stored data is in compliance mode.
This feature, known as Object Lock API, differs from the approach used in file system-based storage – as used on Mac, Windows, and Linux hosts – where files can be edited, shortened, or destroyed at will by anyone with access.
Unbreakable object storage is a distributed storage solution, which is also crucial to highlight to customers. Rather than being kept in files on servers, data is divided up and kept on dozens of drives spread out across the network.
This gives the data durability and resilience; even if one drive failed, the file could still be reconstructed. However, it also provides strong security against data exfiltration. Should ransomware attackers obtain private information, it would only be meaningless ones and zeros in their possession, making it impossible for them to broadcast or use for their benefit.
Keeping mission-critical data safe
It’s impossible to completely eradicate the prospect of ransomware gangs targeting your customers’ businesses. However, you can advise customers on how to confidently defend their data and ensure that even if an attacker gets in, they won’t have to pay a ransom or lose their important data.
They can breathe easier knowing their data is protected with the trifecta of zero trust, immutability, and bulletproof backup strategy.
When it comes to choosing the vendors you work with, it’s important to consider how their solutions address these key components of security. Data must be protected across the full stack – from the data path to the disks.