Disaster Recovery Journal Winter 2024

enhancements in recent years. Implementing MFA helps ensure only the appropriate administrators access and manage the NAS backup target. Some NAS backup targets even require a second administrator to authenticate and approve certain configuration changes. These may include tasks such as changing folder permissions or deleting backup data, among others. offering highly available controller configurations. Organizations may not normally view HA in the context of cybersecurity. However, HA has become relevant due to the role NAS backup targets play in helping organizations recover from a ransomware attack. During restores and recoveries, NAS backup targets may have to perform the following tasks, which include: w Scanning backups to be used for restores and recoveries for the presence of ransomware. w Providing fast response times for instant restores. w Hosting recovered applications and/or data. w Continuing to serve as a backup target for those parts of the organizations unaffected by ransomware and still operating normally. cybersecurity enhancement with more backup targets

these attacks, organizations quickly figured out they could recover their data from these attacks using their backups. This, in turn, led to hack ers developing ransomware that attacks disk-based targets. By deleting or encrypting data residing on backup targets or compromising the backup target itself, ransomware can impede organizational recov ery abilities. This prompted organiza tions to seek out backup targets better equipped to withstand these ransomware attacks. In response, more storage provid ers offer cybersecurity and data immutability features in their disk-based backup targets. Cybersecurity Advances in NAS Backup Targets Network-attached storage (NAS) has for years repre sented the common storage networking interface used by many disk-based backup tar gets. Using NFS or CIFS/SMB file storage networking proto cols, they facilitate easy, fast deployments into many corpo rate IT infrastructures. Backup software easily rec ognizes and uses any of these file protocols in communi cating with the NAS backup target. These protocols facili tate fast recoveries and even hosting a recovery on the NAS backup target itself. However, this same ease of deployment and use makes NAS backup targets prone to ransomware attacks. To mitigate these concerns about their vulnerability to ran somware attacks, NAS backup

Using a NAS backup target which offers HA better equips it to simultaneously perform some or all these tasks. The HA NAS backup target includes the extra raw resources (com puting, memory, and network ing) organizations need during these times. The Need for Object Storage Backup Targets All these cybersecurity fea tures now available on NAS backup targets, coupled with their ease of deployment, raise a logical question. Why intro duce object storage backup targets into the backup envi ronment at all? Object storage backup tar gets offer specific features that contribute to making them more secure than NAS backup targets. In addition to object storage backup targets sup porting most or all the cyber security features referenced earlier, they also offer the fol lowing: n Simple storage service (S3) compliant APIs . To access backups stored on an object storage backup target, any application accessing them must use S3-compliant APIs. The use of S3-compliant APIs by applications has certainly increased and become more common in recent years. However, the use of S3-compliant APIs in no way approaches the ubiquitousness of the NFS and CIFS/SMB file networking protocols. As a result, object storage backup targets will not appear visible

targets have introduced mul tiple new cybersecurity mea sures. Most if not all include: n Data immutability . Data immutability, or storing data in an unchangeable format, represents one feature nearly every backup target supports. When enabled, this feature prevents ransomware attacks from either deleting or encrypting backups stored on the NAS backup target. Exactly how each NAS backup target supports data immutability does vary. Some permit data immutability at the folder level. However, some NAS backup targets copy backups off it to an immutable storage tier, such as cloud object storage. n Encryption . Many NAS backup targets have offered at-rest encryption for years. However, few organizations used it due to the performance overhead that encryption incurs. This organizational mindset toward using at-rest encryption has changed due to the reality most ransomware attempts to do data exfiltration. Encrypting backups does not prevent ransomware from copying backups. However, hackers will find it almost impossible to decrypt and read any encrypted backups they obtain. n Multi-factor authentication (MFA) . Requiring MFA to log into a NAS backup target repre¬sents perhaps one of the most significant

n High availability (HA). HA also appears as a

w Retrieving backups

from the cloud or offsite locations.

24 DISASTER RECOVERY JOURNAL | WINTER 2024