Ransomware has been the scourge of the enterprise for several years now. And while it’s difficult to imagine right now, we are very close to finally eliminating it as a major threat to data and business operations.
To be sure, the industry won’t eradicate ransomware attacks any time soon – but we could experience a sunset. Given the way many organizations are altering the nature of their data footprints, the trend lines are pointing to a world in which the industry will experience much less potential damage from ransomware.
How will this happen? The cloud has emerged as a highly effective ransomware-killer, and enterprises of all sizes and across all industry sectors continue to move infrastructure and workloads to the cloud at a record pace.
Cloud protection
Gartner reports that more than 40% of enterprise activity will shift to the cloud by 2023, over twice the current level. Back in 2020, an O’Reilly survey found that one-quarter of all businesses were aiming to move all of their applications to the cloud by the end of 2021. It’s significant because in the cloud it’s extremely difficult – even impossible – to encrypt data or turn it into gibberish so that the owner cannot retrieve it without a cryptographic key provided by the hacker.
For example, if we look at object storage – the backbone of most cloud services – security teams can preserve data in an immutable fashion, making it impervious to change. In the past, this was used for archival storage and applications requiring static data sets, since more dynamic processes required the higher flexibility of file storage. With the advent of sophisticated snapshot technology, it’s now possible to create a cloud-based file system combining the immutability of object storage with the operational advantages of a traditional file-share.
It's important to realize that the cloud itself does not intrinsically afford this level of protection. Regardless of how the security team architects the data environment, the weak link in the chain lies in the limitations of the traditional backup model, which was never designed to operate at the speed and scale necessary to effectively recover from a ransomware attack.
Delayed recovery
The problem is not the backup itself, but the recovery. When limited to a single application or process, recovery becomes very straightforward: files are copied back to their original location or to a new location as needed. The more files there are to recover, the longer this process takes. And when it’s a critical mass of highly complex data, restoration can take days, weeks or even longer. All the while, the business cannot function in the digital realm, its brand becomes tarnished, particularly if there’s a leak of personal information, and productivity suffers.
To counter this, many platforms use some form of file-system versioning that restores files not to their original state, but to previous, non-corrupted states. This offers an advantage because it lets the enterprise preserve data that has been accumulated over time. Still, in most cases, these systems can only utilize a limited number of versions that may go back a few days. This gets easily countered by today’s sophisticated malware, because they have the ability to remain undetectable for weeks or more before launching their attack.
The obvious solution: continuous versioning file system that offer an infinite number of versions to recover from. This enables recovery to any point in time within minutes, even in highly scaled-out environments.
This approach also takes advantage of the cloud’s massive redundancy. Using tools like global file synchronization and file lock, operating under the auspices of an AI-driven orchestration engine, security teams can distribute redundancy around the world, with additional acceleration technologies capable of restoring data in minutes.
Data-at-the-Ready
Now, if a ransomware bot does manage to compromise one data store, the security team can access them and many others with little trouble, allowing operations to continue nearly unabated. In many cases, these reserve copies of data are no more than a few minutes old, meaning the overall impact on the data environment is minimal.
For too long, the enterprise has focused on protection as the chief means of thwarting ransomware and other attacks. This essentially created a fortress around valuable data that, once breached, becomes wide open to attack. As well, burdensome security systems that attempt to continuously monitor internal infrastructure and data often come with a performance penalty, and sometimes are not terribly effective at spotting malware anyway.
By combining the cloud with backup and recovery technologies designed to work at the speed and scale of the modern enterprise, without hampering day-to-day performance or productivity, organizations will finally see the sunset of ransomware: not just by making data theft more difficult, but also unprofitable.
Russ Kennedy, chief product officer, Nasuni
