Disaster Recovery Journal Winter 2023

backup software, backup targets, third-party encryption software, and from cloud providers, organizations have plenty of options from which to choose. In doing so, they should give more thought to the solution they use which generates and manages the keys used to encrypt and decrypt the backups. Organizations should also note this step of encrypting backups does nothing to protect production data from being copied or read. Organizations should employ separate cybersecurity measures to monitor and protect against access to and copying of their production data. immutable format . Storing backups in an immutable format prevents hackers from deleting, compromising, or encrypting backups as part of an attack. More ransomware attacks now begin with the ransomware seeking out backup repositories. If ransomware finds and destroys or compromises backups, it mitigates the ability of organizations to recover. Organizations have multiple immutable format options from which to choose. Most cloud storage providers and many disk, SSD, and tape storage systems offer this feature as an option. In selecting this option, organizations should verify how the cloud provider or storage solution implements its data immutability feature.

A few provide an option for administrators to override the data immutability feature. Not all organizations may want this override option available. 4. Instant restores. Every organization wants viable backups . However, organizations need backups stored in a format which positions them to recover quickly. While many backup solutions offer instant restore “instant restore” differently. The amount of data they can restore, and where they can restore, will vary significantly between solutions. Organizations should implement solutions to position them to restore in a manner which meets their service level agreements (SLAs). 5. Multiple user logins and capabilities, providers define and implement roles with logins secured by multi-factor authentication (MFA) . Due to hackers more frequently first attacking backup and DR solutions, organizations need to better secure them. Organizations can do so by giving preference to those offerings which support multiple user roles. Historically, these systems offered “superuser” roles which possessed all security permissions. While still desirable since they can simplify administration, they can unnecessarily expose organizations to undue risk if compromised.

Using solutions which offer multiple user roles and use MFA when individuals log in helps ensure only the right individuals access the system. Further, if a login does become compromised, having different roles limits the amount of damage the user can potentially inflict. Backup solutions vary significantly in their ability to deliver on this functionality. Many rely upon user roles and permissions created in Active Directory (AD) to deliver these capabilities. While that may work fine for organizations connecting their backup solutions to AD, not every organization can or wants to pursue that option. If they cannot connect or use AD, organizations will need to carefully examine the types of user roles a backup solution independently supports. A Cyber Secure DR Infrastructure has Become an IT Necessity Organizations first and foremost need to create a secure perimeter around their production IT environment. However, they cannot and should not assume perimeter alone protects them against all cyberattacks. The MGM Resorts cybersecurity attack helped to illustrate that point and why a cyber secure DR infrastructure has become an IT necessity. This DR infrastructure will need to both secure backups and position organizations to recover. The NIST Framework can help organizations ask the

right questions to identify the features they need to create such a DR infrastructure. While it remains incumbent upon organizations to ask and answer these questions, the five features listed here pro vide organizations with a good starting point. Yet organizations should treat these five features as just that: a good starting point and not a complete list. Further, organizations will likely need to implement multiple features to secure their DR infrastruc ture. As the recent attack on MGM Resorts highlighted, organizations should be care ful not to just cherry pick cer tain features. If they simply select the ones they like or find most cost effective or easiest to implement, hackers may find a way compromise it. Organizations should work under the assumption a hacker may compromise one or more of these features. However, DCIG has yet to hear of an instance where a hacker has successfully compromised two or more of these features. By implementing multiple fea tures, organizations can have a high degree of confidence they always have a path forward to performing restores and recov eries. v

3. Store backups in an

Jerome Wendt, an AWS Certified Solutions Architect, is the president and founder of DCIG, LLC., a technology analyst firm. DCIG, LLC.,

focuses on providing competitive intel ligence for the enterprise data protection, data storage, disaster recovery, and cloud technology markets.

18 DISASTER RECOVERY JOURNAL | WINTER 2023