Data Recovery is the key to developing an effective cyber resilience strategy in the event of a cyber-attack or disaster to resume business operational resiliency.
It empowers businesses to quickly recover critical data, minimise downtime and potential threats.
Everyone in the security space knows that backups of important data are vital in the event of a disaster. Cybercriminals know this too and go after backups before encrypting the main data, ensuring they can get the maximum value out of it. The golden rule is ‘3-2-1’, meaning three copies of data, on two different storage mediums, with one off site. However, it is no longer enough to rely on backups during a cyber-attack as the data within these backups are vulnerable to corruption. In the event of the recovery of an infected data set, an organisation’s live environment would also be vulnerable to this. Therefore, it is recommended to create a copy of this data stored in an air-gapped ‘clean room’, where the data is contained and assessed before recovery.
One extra layer to this is to ensure that data is immutable at the application level. This prevents users from manipulating any data and ensures it cannot be accidentally or intentionally lost, and it is prepared for recovery purposes. It is also crucial that the data is immutable at the storage level, to ensure that even with access to the storage medium, the data cannot be tampered with. Therefore, to achieve the effectiveness of backups and its immutability, it is critical for IT teams to first pinpoint an organisation’s vital data assets. This not only promotes cost efficiency by avoiding the unnecessary duplication of three sets of data for each backup but also saves time.
The safest way to restore these backups is to airgap them in a completely isolated and secure networking environment, known as a cleanroom. This isolates the data from the organisation’s live production system and network, adding an extra layer of protection for the backup data, and making it virtually impossible for malicious actors to compromise it. This increases the guarantee of recovery after experiencing a breach, as the data is no longer susceptible to the same risks as other data in live production.
Cleanrooms are also vital for forensic analysis to certify the data’s integrity and usability of data and systems, before recovering them. Forensic analysis provides insight into which applications can be safely restored without causing conflicts in production systems to ensure they are free from malware.
Sam Woodcock is Director of Cloud Strategy and Enablement at 11:11 Systems
