Do a Google images search for “vaults” and you’ll get a quick visual tour of architectural history, a display of the varied designs of bank safes created to secure cash and other valuables, and even an introduction to gymnastic vaults. Each of these provides a dynamic vision of what a “vault” is and of its physical presence.
One of the most important types of vaults in use today – a cyber recovery vault – isn’t as easily recognized. Yet, by isolating and protecting data, it supports a business in many of the ways that those other vaults do: strengthening the business’ structure, securing the most valuable assets, and providing a launching point for recovery, should a business be subject to a cyber attack.
I previously wrote about the importance of cyber recovery vaults as part of a comprehensive cyber recovery (CR) strategy. Here, let’s take a closer look at what cyber recovery vaults are and best practices in using them to protect your organization’s critical data.
What Is a Cyber Recovery Vault?
A cyber recovery vault is a multilayered defense against cyber attacks. As detailed in a report by the Enterprise Strategy Group (ESG), this is achieved by separating critical data from the attack surface. It is physically isolated, in a protected portion of a data center; access requires unique security credentials and multifactor authentication (MFA).
What Does a Cyber Recovery Vault Offer?
Often located in a production or corporate data provider or with a third party, a cyber recovery vault delivers various safeguards, including:
- An automated “operational air gap,” through which ingestion of data and management of the process is automated and policy-driven, requiring no manual intervention. This operational air gap delivers network isolation, inaccessible from production and from unsecured networks. Note that some “air gaps” separate the data from the production network (e.g., when a data copy is stored in the cloud), but leave the data accessible to bad actors; an offsite copy does not equal a complete air gap.
- Elimination of production-accessible management interfaces that can be compromised.
- Cyber recovery software, deployed within the secured vault environment, which automates data synchronization between the vault and production systems, creating immutable copies with locked retention policies.
Together, these features help meet the guidelines for the second pillar of the NIST Cybersecurity Framework: to protect. They offer a clean data copy that allows for recovery of business-critical systems, should a cyber attack occur.
How to Maximize the Efficacy of Cyber Recovery Vaults?
There are a couple of things to think about when implementing a cyber recovery vault. First, a cyber recovery vault is most effective when operated by a third party and located in an offsite location that also limits which individuals have physical access to the systems. Many organizations and regulations require a separate location for a cyber recovery vault. Additionally, keeping a copy of your data in an offsite location provides protection from disasters to your primary data center, physical access to bad actors, and adds security layers to the entire environment.
Second, there should be some active auditing of the data. The auditing program should look for common triggers and patterns to alert the admins of potential issues. If an alert is triggered, the environment should allow the admin to inspect the data to make sure it has not been compromised. If it is determined that the data has been compromised, steps can be taken to recover the environment as quickly as possible.
So, when you are evaluating a cyber recovery vault solution, keep these three things at the top of your list:
- The vault should be protected by an air gap,
- The vault should be offsite and preferably operated by a separate organization, and
- The vault should run analytics, designed to detect potential issues early.
Unfortunately, cybersecurity events happen every day. Take the time to learn more about cyber protection strategies and keep your company safe.