Of all the types of malware, ransomware is a particular threat to businesses today. In our last post on the topic, we covered some key points on the scale of the threat to business continuity posed by ransomware. Your backup strategy - and the solutions that support it - is an important pillar in a holistic approach to dealing with ransomware that should span detection, prevention and remediation.
Backup strategies designed for general purpose business continuity may be ill-suited to the specific characteristics of the ransomware threat because backup files are increasingly targeted by malicious actors in order to maximize disruption.
In this post, we’ll cover the key requirements you should look for in a backup and recovery solution to protect against ransomware-induced downtime.
Isolation from Source/Production Systems
In order for your data to remain accessible in the event that ransomware that has infected production systems, backups must be stored on separate infrastructure from the production data. This is to prevent the spread of the ransomware to the backups that would compromise them as well.
Storing backup files on network attached storage is risky, particularly because ransomware is often designed specifically to seek out network attached storage as a vector to enable its spread. This risk has been magnified more recently as organizations may have opened up permissions quickly in order to enable remote work and a more flexible workforce in general.
Having cloud-based backups that are isolated from your general storage infrastructure is a great way to mitigate this risk. But it also means that the cloud-based backup applications you adopt should have appropriate measures in place to prevent and detect ransomware intrusion.
So what should you look for in cloud-based backup applications to ensure your backups are protected?
Foundational Cloud Infrastructure
Cloud-based backup applications are typically built using underlying, turnkey cloud infrastructures like Amazon Web Services (AWS) or Microsoft Azure. Organizations should consider not only which cloud infrastructures their backup provider has chosen for deployment of their backup solution but the degree to which they are taking advantage of the security and protection measures available on those infrastructures.
Logging, Monitoring and Alerting
While the security capabilities of underlying cloud infrastructures provide a great foundation of ransomware prevention and detection measures, organizations considering cloud backup solutions should ensure that their backup providers take additional measures as well, such as the use of monitoring, logging and alerting tools that can flag abnormal ransomware activity.
Organizations should also ensure that their backup providers leverage encryption to protect backup data. This provides an additional safeguard that potential leakage of data doesn’t result in exposure of data, as the backed up data wouldn’t be viewable by malicious actors.
Organizations evaluating cloud backup providers should also consider whether providers regularly test the measures they have in place to ensure security controls are properly applied and operating effectively. Adequate protection against ransomware threats requires the coordination of multiple technical safeguards as well as operational procedures, and regular testing is essential to ensure that systems that are designed well also operate well.
Finally, organizations looking to ensure their cloud-based backup providers have adequate ransomware prevention measures in place should look for third-party certifications of the provider’s information security practices. This can provide reliable evidence that the vendor can protect the data entrusted to them by having the appropriate controls, measures and programs.
As the #1 cloud data protection platform for Salesforce, OwnBackup helps over 3,500 organizations better address the unique challenges to continuity from ransomware with backups that avoid pitfalls of traditional approaches while providing additional safeguards to enable safe and timely recovery.
Here’s how we measure up against the requirements outlined above:
You can find further details on how we protect cloud-based backups here, and to see how OwnBackup can provide best-in-class support for business continuity, request a demo of our Recover solution below.