Business continuity and disaster recovery are more top-of-mind than ever before, due to the global shift to more data-intensive “anywhere operations” that can overwhelm the capabilities of traditional backup solutions.
In our recently published white paper, we wrote about Qumulo’s security architecture and best practices to counter malicious attacks. The narrative we laid out was to identify an attack as early as possible in the cyber kill chain with a holistic defense-in-depth approach. Doing so requires various security technologies, such as security information and event management (SIEM), network Detection and response (NDR), and Endpoint Protection, working in concert, rather than just relying on a specific security feature of your storage system.
Below we discuss the importance of planning ahead before a data disaster and how to leverage the cloud for business continuity and disaster recovery. Plus, we offer a fresh take on best practices for creating a business continuity plan to help you prevent, detect, recover, and resume operations quickly from ransomware attacks against your most precious data.
Create a business continuity plan before a disaster
The primary goal of business continuity planning (BCP) is to keep ransomware from getting anywhere near your file data. A robust business continuity and disaster recovery plan should entail taking preventative steps to defend data storage systems, detect suspicious access patterns, and ensure rapid response for ransomware recovery. Above all, in order to prevent data loss due to ransomware, it’s imperative to create a business continuity plan ahead of time.
For data center security, seek business continuity solutions that take a holistic approach to keep out the bad guys
Business continuity solutions that are effective for data center security will take a holistic security approach to ransomware detection. This means capturing data from as many devices as possible to identify suspicious activity at the entry point(s) for analysis and correlation.
For example, Qumulo Recover Q is a backup and disaster recovery solution for use as part of a holistic security approach that fits into existing business continuity strategies. Benefits include:
- Reduce costly data loss and service downtime
- Eliminate redundant data centers to drive down capital costs
- Available on-premises and as low-cost disaster recovery as a service (DRaaS) in the cloud
With business continuity solutions that include Qumulo Recover Q, upon detection of suspicious activity, action is taken to stop the ransomware from gaining access to subsequent layers, including your file data storage. In this way, Recover Q can help defend your valuable data as a component of a defense-in-depth strategy.
Recover Q includes active data protection features that can help ensure data safety and integrity. Its built-in snapshot and cloud replication features add layers of defense against real-world threats that could compromise your data center or continuity of operations.
How to put your business continuity and disaster recovery plan into action
Every business needs a robust business continuity plan—one that’s practical and cost-effective enough to actually be used. Creating a business continuity and disaster recovery plan that leverages the cloud to quickly stand-up secondary or tertiary disaster recovery sites without the high capital costs of on-premises deployments can be a cost-effective data protection strategy against threats.
Business continuity plan (checklist)
Below are 5 best practices to help you begin your business continuity planning journey.
1. Prevention: Reduce your attack surface
Leverage a purpose-built file storage system for business continuity, featuring granular access controls—role-based access control (RBAC), attribute-based encryption (ABE), and host restrictions—and built-in data encryption. This first step will make your data store a much harder target for malicious attackers to breach.
2. Detection: Detect suspicious activities
The key to detection is finding everything early; don’t give malware or threat actors time to do damage. You’ll need to log activities from all devices to then ship the logs to a modern SIEM solution, correlate and analyze them to uncover anomalous behavior. An IDS system can also help uncover suspicious network activities early. A technology partner can help set up log auditing with SIEM to detect data anomalies and bring threat detection to the next level. Simply put, if anything affects your data, you’ll need to know fast.
3. Recovery: Undo the damage
If your data is compromised, your top priority is to roll back to the last known good version of your data to get up and running again. Creating snapshots, data retention policies with micro and macro timeframes, consistent or tertiary sites, like the cloud, will add layers of defense and will speed ransomware recovery efforts.
4. Resumption: Get up and running again
Ransomware recovery of your data is only half of the equation. There are several other steps to resuming business as usual after a data disaster event.
Utilize Continuous replication, File Differential Replication, read-only replication and multi-target replication to easily fail-over to a site with known-good data to keep your applications, data, and services up and running. Once replication is up and running, your data is ready to use again—with as little long-term damage to your business as possible.
5. Practice your business continuity plan
Communicate your plan with other teams in your organization. Practice your business continuity plan on a regular basis, such as with tabletop exercises allowing your team to walk through a hypothetical event.
While “no plan survives contact with the enemy,” practicing a single unified business continuity plan means that even if an actual ransomware data breach or other catastrophic event doesn’t unfold the way you might have imagined, you will be more prepared to think on your feet and improvise—and make good use of the snapshots, backups, and alternate sites that you carefully planned for use in such occasions.
Before you go, remember…
You want to ensure malicious activities are detected before cyber criminals hit the storage system. Implementing a holistic security approach that includes network, compute, device and event-monitoring techniques, together with data correlation and analysis, is an ideal route over siloed solutions that are embedded in the storage system. Leveraging the the cloud for business continuity and disaster recovery as part of a layered approach to security is the most effective way to help defend against data loss from ransomware attacks.
- Download our white paper: Security Architecture and Best Practices to Counter Malware
- Business continuity planning solution: Recover Q helps prevent data loss from ransomware
- Talk to us—we’re data storage experts who can help you put your business continuity plan into action