Why defending against Ransomware is a multi-layered requirement

Not all Bumble Bees are good for the environment

A Bumblebee loader could be enabling bad actors to be working their way through your environment as you are reading this. In my last blog, “Can You Keep Your Business Running When Ransomware Strikes?” we discussed the ever increasing threat of Ransomware and how it is not a matter of if but when you will be subject to an attack. 

Using Veeam’s 3-2-1-1-0 zip code as a defence in depth to mitigate against your data being encrypted by Ransomware, I am going to explore a little deeper some of the challenges people face in recovery:

  • Backup vs Recovery time and why you need to think about it
  • The challenges with HCI Storage out of the box
  • Replication and why you need more than just replication on its own
  • Why you need different storage technologies to meet different business needs
  • Cloud Object Storage and the impact of latency on time

Backup vs Recovery vs Time

The industry has traditionally been obsessed with backup windows; this has become a bigger challenge as the amount of data to be protected increases. However, we now live in different times. A DBA dropping a table accidentally; a user accidentally deleting the spreadsheet they have worked on for 3 days; the RAID systems having a double disk failure are still threats to our business and backups are the main solution to these events for many organizations.

We are, however, facing new and more extreme threats. Natural disasters due to climate change means we have to consider having offsite copies of our data beyond a localised geography.

The 24x7x365 threat of Ransomware actors is a global phenomenon that is not going to go away any time soon. So not only do we need to understand when and how to do the backup with minimal disruption to our users and customers, but we need to focus on the recovery. Recovery is what hurts in real money when we are offline.

At an average recovery time of 3 weeks, can your organization cope?

Planning for the Unknown

Storage provides some rapid recovery options and Zadara’s Virtual Private Storage Arrays (VPSAs) are no exception. We have a comprehensive snapshot, replication and Backup to Object (B2OS) Storage capability. Along with our instant mount remote clone capabilities these offer strong alternatives to other vendors as we deliver this as a Storage as a Service (STaaS) OPEX model in the location of your choice.

This helps with your Recovery Point Objective (how much data you can afford to lose) and your Recovery Time Objective (how long you are going to be offline for), but we recognize that it is the multi-layered defence in depth approach that provides a more robust capability to protecting an organization’s data. 

Zadara has a Technology Alliance with Veeam and I am going to focus on how Zadara compliments the capabilities of Veeam in the real world.

Your production environment could be operating in multiple locations; on-premises, Public Cloud, Private Cloud, a Hybrid Cloud or Multi-Cloud model is becoming the norm. Veeam has a suite of capabilities for protecting VM hosts, NAS volumes, SaaS Applications and even Kubernetes Containers via the Kasten by Veeam K10 integration.

Zadara’s Compute and Storage IaaS capabilities provides a complimentary 100% OPEX model that can be aligned to these changing needs and Veeam’s subscription licensing models.

Tearing the Hyper-Converged Reality Apart

You have a Hypervisor environment and let’s say you are looking to deploy storage from the HCI/Hypervisor vendor. You can back this up using Veeam, and you can use Veeam CDP to replicate to another location. Now you are going to need to deploy double the equipment and double the cost for providing DR. Alternatively you can use a Veeam Cloud Service Provider (VCSP) to provide this capability for you behind Cloud Connect.

The VCSP does not need to implement the same technology as the source and therefore the replication target storage can be a Zadara VPSA. This could be an All-flash VPSA with dedupe and compression enabled. This could also be utilising Zadara’s tiering capabilities to provide lower costs, but adding to the SSD tier in the event of invoking DR instantaneously. Additionally you could make use of Zadara snapshots and clone capabilities to help guard against other threats.

You want more than just CDP replication on its own though, as a Ransomware attack will simply replicate the changes from source to destination. Typically the Malware will be in place for a while before being invoked. This only provides two copies of the data, therefore a robust backup and recovery strategy also needs to be implemented. I hope you don’t fall into the 2% in the infographic below. 

If you have deployed a HCI storage solution, the chances are that you have deployed everything into a single storage pool as this is the default recommendation from Nutanix and VMware if deploying a single Cluster using their software defined storage solutions. The 3-2-1 rule, never mind the 3-2-1-1-0 rule shows that you should not be using this for your backups too. Zadara STaaS capabilities can complement this by providing layers of Block, File and Immutable Object Storage On-Premises.

The ability to integrate the VPSAs with Multi-Factor Authentication (MFA), KMIP systems for encryption key management, the use of Virtual Network Interfaces (VNIs), Role Based Access Controls, snapshots, clones, Replication, Stretched Cluster support, and Remote Clones provides a number of defence postures that allow you to provide controls on your data to meet your business requirements. This is also why our recommendation is to protect your HCI environment better and consider a multi-layer approach.

Why Zadara provides the best STaaS solution for Veeam

We recognize there are many vendors to choose from, everyone will tell you why their solution is best in class for their chosen market. Some offer Cloud Object Storage Solutions only, which may provide a low cost backup solution, but when it comes to recovery may not deliver to your business needs. Some will offer Block only, some NAS only, others Object On-Premises only. Some may claim to do it, but it may just be one layer with different access interfaces and protocols. Zadara provides a multitude of options to enable you to make the choices that suit your business needs.

This is an example of combining CDP with Veeam and Veeam Backup and Replication via a VCSP to deliver a multipoint recovery option. Snapshots in the target may allow faster recovery of the DR environment should the CDP source be compromised. If you use a VCSP that is able to offer Snapshots via a Zadara VPSA, you have a storage layer managed by the VCSP which is out of reach of the on-premises attack vector. SureBackup is still a key function for the on-premises testing and this is where Zadara VPSAs can be the recovery target and the on-premises Immutable Object may answer the potential Cloud Object Latency issue. Providing the VCSP has a local Object and a recovery platform this is another viable option.

I will leave you a final thought, for every 1TB of data to recover in a perfect zero latency world, each 1Gb/s of network speed is going to take greater than 2 hrs 20 mins to get back. If the latency is 40ms then you are looking at over 7 hours 36 minutes; so pulling from a Cloud Object Storage needs big network pipes. Just because you have pushed it to a Cloud Object Storage, does not mean you are going to be up and running quickly, you must consider your recovery partner’s capabilities.

Picture of Steve Costigan

Steve Costigan

Steve Costigan, Field CTO EMEA at Zadara, is an experienced IT professional, with over 30 years of experience across many technologies and systems within the data center and cloud arena. Steve is skilled in taking complex technical subjects and making a simplified solution achievable–especially around storage, virtualization, and cloud technologies.

Share This Post

More To Explore