Carl D’Halluin, CTO of Datadobi, discusses why security measures such as maintaining copies of business-critical data and creating an air gap between systems containing sensitive data can go a long way in minimizing the risk of intrusion and data loss.
With the rapid growth of unstructured data over the past several years, companies need to have data protection top of mind. Experts predict that the data protection industry will be worth over $1 trillionOpens a new window cumulatively between 2017 and 2021 — and for a good reason. The damage caused by cybercrime could touch $6 trillionOpens a new window annually by the end of this year.Â
To combat the growing cyberthreat landscape, data protection must be a multi-layered process with data safety measures that include physical, technical, and procedural safeguards. Because any vulnerability can open the doors for a cyberattack, a strong security strategy needs to rely on defense in depth.Â
Many organizations prioritize physical and technical security measures such as requiring access cards and deploying security software, but they make the mistake of leaving procedural safety as an afterthought. Procedural data safety measures include creating an isolated copy of your business-critical data to keep operations up and running in the event of disruptions like a cyberattack. This is proving to be a crucial step as we realize that it is not ‘if’ but rather ‘when’ an organization will be attacked and breached. In the event of a breach, organizations should create a golden copy of core data in a separate environment to restore business as quickly as possible.Â
The copy of your business-critical data has to be created, stored, and protected in such a way that it fundamentally lowers the risks of data theft, data corruption, or data loss. This will protect the data and the metadata such as file ownership, permissions, shares, and exports. Below, we discuss safety measures that organizations should implement to minimize the risk of intrusion and data loss.Â
Learn More: Maintaining Customer Data Sovereignty in the Age of Data Privacy Laws
Safeguarding Copies of Business-Critical Data
To avoid common attack vectors such as phishing and malware, this “golden†copy of business-critical data should ideally be stored in a different location from the original files. ‘Location’ can have several meanings in this context.Â
Organizations can choose to store the data in a different city, state, or even country. However, the location difference is not limited solely to geography. Setting up an environment where different teams manage the different data copies is a good practice. Using different software and hardware vendors for your golden copy and considering a different data center services company or a different cloud helps to disguise the data recovery copy and reduce risks.
Finally, you need proper access controls, intrusion detection, malware detection, and behavioral analysis to protect access and to guard the state of your original and protection copies.
The goal of the security measures is to ensure complete data and metadata integrity and avoid unauthorized access. After creation, the protection copy should be isolated from the network and stay immutable for its lifetime.
Learn More: Recoverware: A New Vision for Managing Enterprise Risk
The Role of the Air Gap in Data Protection
Of late, malware is not only entering the network over the internet but also through unlikely channels. For example, an adversary could hide a virus on a seemingly empty USB stick, in the poisoned firmware of a hard disk, or as an innocuous-looking spy chip on the server motherboard. Malware is often dormant for a long time before it strikes, making it difficult for forensics teams to determine when the attack happened and which data versions are safe to use.
To further increase the security of the golden copy, security teams should deploy an air gap to disconnect the target site from the network whenever possible. An air gap is a simple term used to refer to limited network connectivity between the source and the target sites. An air gap requires removing all connectivity between a certain system and its environment where connectivity includes network cables, Wi-Fi or Bluetooth, and remote access to input devices such as monitors, keyboards, mice, or USB ports. Rather than a constant connection being available, the connectivity is only periodically activated (and in a single direction) to pull incremental data updates from the source since the previous data transfer.Â
More and more institutions and industries are taking advantage of air gaps to provide an extra layer of protection. For example, some military-grade setups are deployed in a Faraday cage to avoid electromagnetic radiation leakage from which information can be intercepted and retrieved. Air gaps are also increasingly deployed in the world of cryptocurrencies. “Cold Wallets†or “Offline Wallets†are used by many Bitcoin exchanges or individual users. These devices are entirely air-gapped from most of the world around them.
A well-defined security approach requires organizations to diversify their data protection strategy: don’t put all the eggs in one basket. Relying on different technologies, vendors, and a defense-in-depth strategy with multiple layers of data protection and access security is the only way to guarantee business continuity in the age of an increasingly complicated cyber threat landscape.
Did you enjoy reading this article? Let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!