Data protection is the process of protecting data against loss, corruption, or the disruption of services through the use of backups and data resilient architecture. From backups to recovery and data reuse, it covers all technologies and techniques an organization may use to keep data secure and highly available for its products, services, and operations.
In this guide, we’ll dive into the various technologies and techniques at a system administrator’s disposal for keeping data safe.
While the term data protection is often used interchangeably with data security and data privacy, there are subtle differences between the three terms:
You’ll want to invest in all three if you want to ensure your organization’s data is fully protected. For this guide, we’ll focus primarily on data protection, although some overlap naturally exists between the three domains.
The philosophy behind data protection in the server room or data center has long been one of redundancy. You can’t afford to have your data lost, corrupted, or compromised, so always have a backup.
Of course, in practice, backing up your data is the bare minimum. Data protection is really an exercise in managing your recovery point objectives (RPOs) and recovery time objectives (RTOs) for the most critical services in your operational technology stack. In other words, it’s how quickly you can back up and restore your data to prevent the disruption of critical business operations.
So what exactly are RTO and RPO?
RTO: The maximum time your business can afford to lose access to the data that powers your apps and operations. It determines how quickly you need your system to recover.
RPO: Refers to the maximum amount of data you can afford to lose. Use this to determine the frequency of your backups.
RTO and RPO are the key performance indicators (KPIs) you’ll want to be aware of when building your disaster recovery strategy.
Also known as backup and disaster recovery, backup and restore refers to the practice of backing up your data so that you can restore business services and operations in the event of a disaster. Disasters can include everything from natural disasters and blackouts to human errors and cyberattacks.
Depending on the technologies and resources available to your organization, you may need to employ one or more of these backup techniques as part of a larger data center disaster recovery strategy:
Learn about tiered backups and data bunkers for long-term, highly available backup solutions
Implementing a solid backup plan is only one part of the data protection equation. The second part involves hitting your RTOs. In other words, how do you get your business systems back up and running in the wake of a disaster? A typical disaster recovery plan will include:
In an increasingly digital world, customers expect businesses to be able to deliver their services 24/7, without downtime or disruption. Continuous data protection (CDP), also known as a continuous backup, is the practice of backing up the continuous stream of data needed to support modern business operations. It gives organizations the ability to restore a system to any previous point in time. The goal of CDP is ultimately to minimize RTOs and RPOs in the event of a disaster. By leveraging continuous real-time backups and implementing a solid disaster recovery strategy, it’s possible to maintain business continuity through CDP.
Thus far, we’ve covered the things you can generally do to protect your data and maintain business continuity in the face of a disaster. But there’s one type of disaster that is on the rise and worth addressing on its own: ransomware.
Cybercriminals have always been a threat, but while the hacktivists of yesteryear were motivated by political, cultural, and religious beliefs, today’s cybercriminals are largely motivated by financial gains. Ransomware, in which a hacker locks you out of your data via encryption until you pay a ransom, is now a multimillion-dollar industry. And in a world where downtime directly translates to lost revenue, it’s never been more tempting to just pay that ransom.
In the following sections, we’ll cover the things you can do to mitigate a ransomware attack.
The best way to fight ransomware is to prevent it from occurring in the first place. It’s about obtaining system-wide visibility, practicing good data hygiene, and having a plan in place to deal with a threat once you’ve identified it.
Cyber attacks aren’t as obvious in real life as they are to the protagonists of movies. The attack itself may last only 30-40 minutes as they access your files and move laterally through your networks, encrypting files and deleting backups. On the flip side, an attacker might lurk on your network long after gaining access, monitoring your responses to anomalies as they plan out an actual attack. Either way, by the time you receive a ransom note for your data, the attack has already been completed.
The only way to catch a ransomware attack while it’s still happening is to take notice of foiled phishing attempts as they happen (by training your employees) or catch suspicious activity on your network through SEIMs and logs. Provided you’ve taken these proactive steps and have the necessary tooling, it pays to have a cyber incident response (CIR) plan to deal with the anomalous activity when you discover it. Document everything and notify the relevant IT personnel to isolate affected systems and mitigate damage. You’ll need those records to meet compliance requirements and help law enforcement with investigations should that activity prove to be a real ransomware attack. We’ll cover the details of creating a CIR plan later in this article.
So your files have been encrypted and you’ve just received a ransomware note. What are your options?
One option is to just pay the ransom, but doing so could risk exposing your organization to further extortion down the line.
A better option, provided you followed the proactive ransomware mitigation steps outlined in earlier sections, is to purge, restore, and respond:
Learn more: Hacker’s Guide to Ransomware Mitigation and Recovery
A cyber incident response plan is a formal document that outlines the details personnel should follow in the event of a cyberattack. It’s also a Payment Card Industry Data Security Standard (PCI DSS) requirement. Cyber incident response plans are generally composed of six distinct phases:
This phase outlines the steps, roles, and procedures that should be followed in the event of a cyber incident. Prepare a team of individuals with clearly defined roles and responsibilities for responding to a cyber incident. It also covers testing these roles and procedures via employee training with drill scenarios such as mock data breaches.
This phase involves detection and forensic analysis of anomalous cyber events to determine whether a breach has occurred and the severity of the incident.
The scope and severity of the incident needs to be documented and analyzed before it can be effectively addressed. System and network logs can be the key to responding immediately to a breach and determining the critical details of a security incident after it has occurred.
Learn more: You’ve Been Hit by Ransomware. Now What?
In the event of a cyber incident, the containment phase specifies actions taken to prevent further damage and mitigate risks. Containment typically involves steps for disconnecting and deactivating affected devices from the internet.
Once a threat has been contained, it can be analyzed by a security professional to determine the root cause of the incident and eliminate any threats. Malware removal, security patches, and other measures should be outlined in the eradication phase.
The recovery phase involves steps and procedures for restoring the affected systems and devices back to production. Redundant backups, snapshots, and a disaster recovery plan may be implemented to restore mission-critical services in the event of a breach. You should also have a staged recovery environment that can give you a “prebuilt” way to get back online right after an event.
Cybersecurity is a continuous process. It’s important to collect information gathered and lessons learned from a cyber incident and apply them to enhancing security protocols and the incident response plan itself.
Get a detailed 6-Point Plan for the “During” of a Data Breach
In this guide, we looked at the various tools, strategies, and technologies available for protecting your data and maintaining business continuity in the event of a disaster. At the end of the day, your data is only as secure as the infrastructure you use to manage it.
That’s why Pure Storage® products are designed from the bottom up with modern data protection in mind. Examples of modern data protection solutions developed by Pure include:
Modern data threats require modern data protection solutions. Storing your data with Pure Storage is the best way to ensure performance, reliability, and security for your organization.
Haben Sie eine Frage oder einen Kommentar zu Produkten oder Zertifizierungen von Pure? Wir helfen Ihnen gerne!
Vereinbaren Sie einen Termin für eine Live-Demo und sehen Sie selbst, wie Pure Ihnen helfen kann, Ihre Daten in überzeugende Ergebnisse zu verwandeln.
Rufen Sie uns an: +49 89 26200662
Presse: pr@purestorage.com
Pure Storage Germany GmbH
Mies-van-der-Rohe-Straße 6
80807 München
Deutschland