Disaster Recovery Journal Spring 2024

The first “must-have” ability for an enterprise is to capture immutable snap shots of data at any given time. This enables organizations to have known good copies of data that can be recovered after a ransomware attack has struck and encrypted data. The best practice, which is truly an advancement, is to conduct logi cal air-gapping of the data and put it into a fenced forensic environment. This process, built around immutable snapshots, is foundational to injecting and elevating cyber resilience into any enter prise infrastructure. Even if datasets are taken “hostage,” organizations can recover back to the most recent known good copy of data, thereby nullifying the stinging effect of the cybercriminals. The second “must-have” ability for an enterprise is cyber detection on primary and secondary storage. This is important because it can serve as an early warning sign of a cyberattack and ensures there is no ransomware or malware hidden in the last known copy of data with which one chooses to revert. How does one know it’s really clean? Cyber detection capabilities, prefer ably built into a software-defined primary storage platform, provide this assurance, as they do highly intelligent, deep scan ning of the data for any corruption when the data is in the fenced forensic envi ronment to get to a known good copy for recovery. Cyber detection is designed to help enterprises resist and quickly recover from cyberattacks. It provides the index ing needed to identify potential issues. It’s best to look for a cyber detection solution that uses advanced machine learning models and inspects the full breadth of files, applications, core storage infrastructure (including volumes), and databases for cyber threats for primary storage environments. Your objective should be to ensure all data which needs to be recovered has integrity. The third “must-have” ability for an enterprise is rapid data recovery. In a data disaster, an enterprise cannot wait days or weeks to recover a known good copy of data. In most cases, a business cannot wait 12 hours or even six hours. Recovery must

be much faster – measured in just a few hours or even in minutes. To avoid a nega tive impact on the business, rapid recov ery is vital. Cyber resilience is not only measured in quality but also in time. How fast can the enterprise bounce back from a cyberattack, even to the point where employees and customers hardly notice? Responsibility to Avert a Data Disaster With all the recent governmental regu lations requiring companies to report the impact of any cyberattacks, having strong cyber resilience capabilities also gives an enterprise the power to demonstrate responsible and smart handling of cyber attacks. The U.S. government strongly discourages the payment of ransoms in the wake of a data disaster caused by a ran somware attack. The most logical safety net is cyber resilience. The U.S. National Cybersecurity Strategy, published in March 2023, set new expectations for any organization that handles data, stating: “In a free and interconnected society, protecting data and assuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems.” Data disasters are becoming increas ingly commonplace in the 21st century. However, with the three components out lined above for cyber resilience, a smooth recovery from the disaster − without sig nificant damage − is now within your reach. Your natural response to such a disaster will be immutable snapshots, cyber detection, and rapid data recovery within a cyber-resilient storage infrastruc ture. They will turn the data disaster into a data triumph, ensuring business continu ity. v

Natural Disasters: The Classic Example of Disaster Recovery When a natural disaster hits an enter prise like a big financial institution, major retailer, or healthcare system, business-critical data can be preserved and recovered by having a copy of it saved at an alternative location off-site. Replication of the data to a secondary site is a simple, classic way to recover data when a data center goes down at a site hit by a hurricane, data center fire, lightning storm, tornado, or earthquake. This is why most enterprises have mul tiple data centers in geographically dis persed locations. For example, if a hurricane hits a data center in Florida, data replicated to the company’s second data center in Arizona supports business continuity. Risk is dis tributed. The enterprise is not reliant on a single point of failure. The enterprise can also leverage the public cloud to have duplication of its data available offsite. Overall, it sounds so reasonable and effec tive yet conventional. But the world has changed. Data disasters such as massive ransom ware attacks change the game for disaster recovery and business continuity. It’s not simply about having multiple sites or an off-ramp to the public cloud. Although preparedness and plans to handle natural disasters are still needed and must be part of any recovery plan, rapid recovery from a data disaster tests the true resilience and mettle of an enterprise. Three Must-Haves for Data Disaster Recovery Preparedness To be properly prepared to recover from a data disaster, an enterprise needs the following three major things: 1. The ability to take immutable snapshots of data which cannot be altered in any way and isolate them in a forensic environment when an attack hits for analysis to find a good copy of the data to recover. 2. The ability to perform cyber detection on primary storage and secondary storage. 3. The ability to recover data rapidly – in fact, nearly instantaneously.

Eric Herzog is the chief marketing officer at Infinidat. Prior to joining Infinidat, Herzog was CMO and VP of global storage chan nels at IBM Storage Solutions. His execu tive leadership experience also includes:

CMO and senior VP of Alliances for all-flash storage pro vider Violin Memory, and senior vice president of product management and product marketing for EMC’s Enterprise & Mid-range Systems Division.

40 DISASTER RECOVERY JOURNAL | SPRING 2024