Certain people are not happy about October being Cybersecurity Awareness Month. They don’t like that more CIOs, CISOs, and IT teams are becoming aware of powerful strategies to protect their enterprises from ransomware and malware attacks. They don’t like that corporate leaders are better understanding how to incorporate cyber storage resilience and recovery into an overall corporate cybersecurity strategy. 

They don’t like that enterprises have figured out that next-generation data protection on primary storage and secondary storage in the data infrastructure is the key to fighting these cyberattacks. In fact, they hate it. 

These people are, of course, cyber criminals.

Broader awareness of how enterprises can institute cyber strategies that will provide a comprehensive approach to protecting data is the last thing that cyber criminals want people to know about. October is not their favorite month. 

However, on the opposite end of the line, protecting data is arguably the most critical thing an IT team must do in their data center today. Data needs to be available in primary storage. Data needs to be retained for business purposes and compliance. Plus, the rapid recovery of data can save a company from the claws of a digital disaster.

In the world of enterprises, the expectations for restoring data and backing up data at multi-petabyte scale have changed. IT teams need to increase next-generation data protection capabilities, while reducing overall IT spending. It gets even more complicated when you consider all the applications, databases, and file systems that generate different types of workloads. No matter what, the business needs the right data at the right time. To deliver this consistency, the data needs to be secured.

Next-generation data protection starts when the data lands in the storage array. There needs to be high reliability with 100% availability. There also needs to be data integrity. Each time data is accessed, the storage system should check and verify the data to ensure the highest degree of data integrity. 

Cyber resilience best practices require that you ensure data validity, as well as near-instantaneous recovery of primary storage and backup repositories, regardless of the size. This accelerates disaster recovery when a cyberattack happens. Greater awareness of best practices in cyber resilience would be one of the crowning achievements of this October as Cybersecurity Awareness Month. Let’s make it so.

Six Best Practices in Cyber Resilience for Enterprise Data Infrastructures

Keep the following in mind, not only during Cybersecurity Awareness Month, but at all times:

1. Adopt and embrace a comprehensive cyber resilience and recovery architecture that covers both primary storage and secondary storage. You need to make sure they have the critical pillars of protection and best-in-class capabilities. Core pillars of next-generation data protection in this type of cyber architecture include immutable snapshots, logical air-gapping, a fenced forensic environment, and near-instantaneous cyber recovery. These dimensions of cyber resilience should be available within the core storage operating system that you use or will transition to. And the cyber resilient capabilities that complement, utilize, extend, and enable these pillars must include cyber detection and automated cyber protection. 

2. Seek out and verify guaranteed SLAs on immutable snapshots and cyber recovery. Don’t miss out on having cyber storage resilience and recovery guarantees in place through your enterprise solution provider. You can get guarantees on immutability of snapshots and their recovery times at one minute or less on primary storage and 20 minutes or less on secondary storage / purpose-built backup. The key is to ask the right questions about guarantees and seek out your options. 

3. Utilize a fenced forensic environment that allows you to spin up immutable copies of primary or backup data in an isolated environment without affecting production operations. The best practice is to obtain an ability that allows customers to validate the immutable, protected copies of data, which then enables the use of cyber forensic tools to detect possible ransomware and cyberattacks. It also provides an indication to the infiltration point in time, providing a better understanding of the point in time. You need a known good copy of data. 

4. Apply cyber detection with built-in AI and machine learning (ML) algorithms to scan data over time inside the fenced forensic environment, ensuring the data is clean and free of corruption. AI and machine learning algorithms can analyze previously unknown data patterns and make educated decisions based on entropy detection and multiple other data points with up to 99.99% accuracy. This results in targeted and timely alerts regarding suspected ransom infiltration into the customer data assets. Detecting and alerting of zero-day attacks, where no known signature of the malware or ransomware tool exists in the field, is of the highest value to enterprises. In addition, security and storage teams also need to be alerted to a potential infiltration of a dormant ransomware attack. 

5. Leverage automation that orchestrates the routine, day-to-day scanning of multiple storage resources in a petabyte-scale environment. This type of operation cannot be done manually to the degree it needs to be. The entire process needs to be automated, starting with the creation of point-in-time copies of the customer data, protected and immutable, followed by securely mounting them in the fenced forensic environment, while orchestrating the scanning process and all the way through generating timely alerts in case of a suspected ransomware attack. The scanning process should be performed on the production system. It’s best to use a storage array that is highly efficient in creating and managing tens of thousands of penalty-free snapshot copies of data.

6. Integrate automated cyber protection into your Security Operation Center (SOC) and security monitoring applications. A security-related incident or event triggers immediate automated immutable snapshots of data, providing the ability to protect block-based volumes and/or file systems and ensure near-instantaneous cyber recovery. To have this capability, you need to integrate enterprise storage-centric automated cyber protection with your SOC, as well as your Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) cybersecurity software applications, and/or simple syslog functions for less complex environments. This is the merging of cybersecurity and storage infrastructure into a cohesive strategy that bridges an existing gap. 

Overall, enterprises need proactive strategies, seamless integration across IT domains, and the most advanced, automated technologies to stay ahead of cyber threats. By adopting these six best practices, CIOs and CISOs can transform the way they think about securing enterprise data infrastructure.