Ransomware: Why It’s Time to Consider It a Data Management Issue
In recent years, ransomware has taken center stage in data protection, but very few people realize that it is just the tip of the iceberg. Everyone wants to protect their data from this new threat, but most solutions available on the market focus only on Relatively Quick Recovery (RTO) instead of detection, protection, and recovery. In fact, recovery should be your last resort.
Protection and detection are much more difficult measures to implement than air gaps, immutable backup snapshots, and fast restore procedures. But when executed well, these two stages of ransomware defense open up a world of new opportunities. Over time, they will help defend your data against cybersecurity threats that are now less common, or rather less visible in the news, such as data exfiltration or manipulation. And again, when I say less visible, it’s not just because incidents go unreported, but because often no one knows they happened until it’s too late.
Security and data silos
Now that data growth is taken for granted, one of the biggest challenges facing most organizations is the proliferation of data silos. Unfortunately, new hybrid, multi-cloud, and edge infrastructures are not helping this. We are seeing what we might call “spreading data silos”: a multitude of unwieldy data infrastructure repositories proliferating in different locations and with different access and security rules. And across these silos, there are often rules that don’t always follow company policies because the environments are different and we don’t have full control over them.
As I have written many times in my reports, the user must find a way to consolidate all his data in a single domain. It can be physical (backup is the easiest way in this case) or logical, and it is also possible to use a combination of physical and logical. But in the end, the goal is to get a single view of all the data.
Because it is important? First of all, once you have full visibility, you know how much data you really have. Second, you can begin to understand what data is, who creates and uses it, when they use it, and so on. Of course, this is only the first step, but among other things, you also start to see usage patterns. This is why you need consolidation: to get complete visibility.
Now back to our ransomware problem. With pattern visibility and analysis, you can see what’s really happening across your data domain as individual seemingly innocuous events begin to correlate with disturbing patterns. This can be done manually, of course, but machine learning is becoming more common and consequently analyzing user behavior or unprecedented events has become easier. When done right, once an anomaly is detected, the operator receives an alert and suggestions for possible solutions so they can act quickly and minimize the impact of an attack. When it’s too late, the only option is a full data recovery that can take hours, days, or even weeks. This is primarily a business issue, so what are your RPO and RTO in the event of a ransomware attack? There really isn’t much difference between a catastrophic ransomware attack and a disaster that renders all your systems unusable.
I started by talking about ransomware as malware that encrypts or deletes your data, but is this ransomware your worst nightmare? As I mentioned before, such attacks are just one of the demons that keep you up at night. Other threats are more cunning and more difficult to manage. The first two that come to mind are data exfiltration (another common type of ransom-demanding attack) and insider attacks (such as from a disgruntled employee). And then, of course, there is the handling of regulations and penalties that can result from mishandling sensitive data.
When I talk about regulations, I’m not kidding. Many organizations still take some rules lightly, but I would think twice. GDPR, CCPA, and similar regulations are now in place around the world, and they are becoming an increasingly pressing issue. You may have missed that last year Amazon was fined €746,000,000 (nearly $850,000,000) for not complying with GDPR. And you’d be surprised how many fines Google received for similar issues (learn more here). That may not be a lot of money for them, but it happens regularly and the fines add up.
There are several questions that a company should be able to answer when the authorities investigate. They include:
- Can the data, especially personal information, be kept correctly?
- Are you well protected and secure against attacks?
- Is it stored in the correct place (country or location)?
- Do you know who is accessing that data?
- Can you remove all information about a person when prompted? (right to be forgotten)
If regulatory pressures weren’t worrisome enough to encourage a fresh look at how prepared your current data management solution is for today’s threats, we could talk for hours about the risks posed by internal and external attacks on your data that they can easily compromise your competitive advantage. , create countless legal problems and ruin the credibility of your business. Again, a single domain view of the data and the tools to understand it are becoming the first steps in staying ahead of the game. But what is really necessary to build a strategy around data and security?
Security is a data management issue
It’s time to think of data security as part of a broader data management strategy that includes many other aspects, such as governance, compliance, productivity, cost, and more.
To implement such a strategy, there are some critical features of a next-generation data management platform that cannot be underestimated. Many of these are explored in the GigaOm Key Criteria Report for Unstructured Data Management:
- Single domain view of all your data: Visibility is critical, but attempts to close a visibility gap with point solutions can result in complexity that only increases risk. Using multiple management platforms that cannot communicate with each other can make it almost impossible to operate smoothly. When it comes to large-scale systems for the enterprise, ease of use is a must.
- Scalability: The data management platform must be able to grow seamlessly with the needs of the user. Whether it’s deployed in the cloud, on premises, or both, it has to scale based on user needs. And scalability has to be multidimensional, meaning that not all organizations have exactly the same needs with respect to compliance or governance and may start with only a limited set of features and expand later based on business and regulatory requirements.
- Analytics, AI/ML: Managing terabytes is very difficult, but when we talk about petabytes distributed in various environments, we need tools to obtain information in a fast and human readable way. Furthermore, we need tools that can predict as many potential problems as possible before they become a real problem and fix them automatically when possible.
- Extensibility: We often discuss the need for a market in our reports. A marketplace can provide quick access to third-party applications and extensions to the data management platform. In fact, standard APIs and interfaces are required to integrate these platforms with existing processes and frameworks. But if the IT department wants to democratize access to data management and make it available to business owners, it must enable a mechanism that, at first, looks like a mobile platform app store.
From my point of view, these are the fundamental principles of a modern data management platform, and this is the only way to holistically think about data security going forward.
Data management is evolving. Are you?
Now back to the premise of this article. Ransomware is the biggest threat to everyone today, and most organizations are focusing on finding a solution. At the same time, users are now aware of their main data management needs. In most cases, we’re talking about the first steps to gaining more visibility and understanding how to improve day-to-day operations, including better data placement to save money, searching for files globally, and similar tasks. I typically classify these tasks under infrastructure-centric data management. These are all basic unstructured data management functions performed at the infrastructure level. Still, they need the same advanced data management visibility, intelligence, scalability, and extensibility features I mentioned earlier. But now there are increasingly pressing business needs, including compliance and governance, as well as learning from data to improve various other aspects of the business.
Now is the right time to start thinking strategically about next-generation data management. We may have multiple point solutions, one for ransomware, one for other security risks, one for infrastructure-focused data management, and maybe down the road, one more for business-focused data management. Or we can start thinking about data management as a whole. Even if the initial cost of a platform approach turns out to be higher than single point solutions, it won’t be long before the improved TCO pays back the initial investment. And then the ROI will be vastly different, especially when it comes to being able to respond quickly to new business needs.