Ransomware fears hit new heights this week with a recent round of attacks on the healthcare industry. This new threat prompted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to send out an advisory this week warning healthcare providers to beware of ransomware and take immediate actions to prevent an attack. Healthcare is the recent target, but no one is safe from ransomware attacks. Security researchers have tracked a growing ransomware threat during Q3 2020, including a massive spike in September. During that time, the U.S. has seen a staggering 145.2 million ransomware hits — a 139% YoY increase (Source: SonicWall research finds aggressive growth in ransomware, rise in IoT attacks).
In the advisory, CISA details how many of the attacks work and how to protect your data. Backups have traditionally been the savior of many of these attacks, but just having a backup is not enough. Ransomware has been known to encrypt backups if they are on the same network or delete the backup altogether. The best solution detailed in this advisory is to “air-gap” the backup to ensure you always have a copy outside the enterprise’s network or security sphere. This ensures that data cannot be encrypted by bad actors and can be restored no matter what. The advisory calls out “Regularly back up data, air gap, and password-protect backup copies offline. Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.” While this seems simple and clear cut, building an air-gapped backup solution is not simple by any means. But time is of the essence, so in this blog post, we will detail the 3 best practices for protecting your data from ransomware.
Not All Air Gap Solutions Are The Same
Traditional air gap architecture for legacy backup solutions throw hardware at the problem to provide both network air gapping and hardware air gapping. Vendors offering this type of solution typically recommend businesses replicate their data to a secondary or tertiary site which requires another backup product at another location and a network that supports air gapping. The hope is that bad actors that get access to the primary or secondary site cannot get access to the air gap. Many enterprises are using the cloud as an offload to reduce the costs of the hardware at the primary and secondary locations, but with an air gap, it is recommended to have all the data local to that site, making the air gap copy an even higher cost than the primary or secondary. This results in a massive investment in both gear, installation, and management time and does not guarantee it is fully protected, as the enterprise owns the security and management of the air gap solution to ensure it is well secured and cannot be compromised. The complexity of getting this up and running could take months to complete.
With Clumio, you can forget about complexity, high costs, or worrying about constantly focusing on our backup security. Clumio gets you protected from ransomware in minutes and delivers the following:
- Backups are air-gapped in the cloud and stored outside of the enterprise’s security sphere for ransomware protection that can be up and running in minutes, not weeks or months.
- All data is encrypted in-flight and at rest with our keys or you can bring your own keys. Data immutable and append-only, so no crypto can overwrite it. So ransomware has no access to any Clumio data or infrastructure within our service.
- There is no ability to delete backups in the user interface, so if a hacker gets access to your credentials, there is nothing for them to do.
Security and Testing Is Key
Building in security for your air-gapped backup solution is not a simple task. It includes certifications and consistent penetration testing to ensure the procedures put in place are actually keeping the bad guys out. At Clumio, we complete quarterly penetration testing by BishopFox, to ensure all our security methodologies and platform is highly secure. We complete all this work, so our customers can focus on their mission versus ensuring their backup data is highly protected and secure. This removes all the complexity of building an air gap solution yourself.
Clumio has completed many rigorous certification efforts including ISO 27001, SOC II Type 1, SOC II Type 2, HIPAA, and PCI DSS. This rigorous testing makes Clumio one of the most secure SaaS platforms out there.
Always Have Flexibility On What and Where Data Is Restored
Nothing is worse than getting attacked by ransomware, but to be safe you need to prepare as if it is going to happen today. Once it happens, you need a quick way to get out of the situation and get your enterprise back up and running. To do this, you need the flexibility to restore the data in various different environments in case the production environment is still compromised. Having an air-gapped solution is great, but if you cannot restore to the location you need the data, then you don’t have a solution.
With Clumio, we enable fine-grain granularity to restore the data you need fast, without having to recover everything, no matter if you are looking to restore a file, directory, VM/EC2 instance, volume, database, record, mailbox or email. This functionality is enabled by search, file system browsing, direct query access for databases, and mailbox browsing. Clumio’s cloud-native platform makes restores fast and simple, with data able to be restored anywhere a cloud connector is installed.
So now is the time to get Clumio up and running so you are protected from ransomware. To learn more about how truly simple it is to protect your data from ransomware, please check out a 4-minute demo on how fast you can remove the worries of ransomware.