ST2403

More documents

Recommendations

Info

STRATEGY: DATA INTEGRITY THE CONVERGENCE OF CYBERSECURITY AND ENTERPRISE STORAGE JIM MCGANN, VP OF STRATEGIC PARTNERSHIPS AT INDEX ENGINES, ARGUES FOR A TRANSFORMATIVE SHIFT IN THE WAY ENTERPRISE STORAGE COLLABORATES WITH SECURITY IN ORDER TO BATTLE RANSOMWARE THREATS In today's enterprise environment, the collaboration between the storage and security functions is not as cohesive as it needs to be to combat the growing ransomware threats across all organisations. While this lack of collaboration has not posed significant problems in the past, ransomware is now at an all-time high, leading to costly challenges and disruptions across the enterprise. Gartner addresses this challenge by defining cyberstorage in their recent 2023 Storage Hype Cycle (Gartner: Hype Cycle for Storage and Data Protection Technologies, 2023. Published 13 July 2023). Cyberstorage adds cyber-specific capabilities toward storage vendors, integrating the IT and storage disciplines. Gartner predicts that by 2028, 100% of the storage products will include cyberstorage capabilities. (Gartner: Top Trends in Enterprise Data Storage 2023; June 29, 2023). The challenge is two-fold. First, storage vendors lack integrated security features to fully combat ransomware, leaving organisations vulnerable. Existing storage capabilities fall short, lacking the resilience needed, especially in this ever-complicated ransomware environment. Second, organisations lack the structure within the storage environment to detect, until it is too late, when a ransomware attack has occurred. Unlike data protection recovery, many organisations do not have or are just adopting a formal cyber recovery plan into their operations. THE NEED FOR COLLABORATION Without a well-defined and tested operational plan, fragmented IT and security departments hinder collaboration, exposing organisations to cyber liability issues, resulting in higher costs and downtime. Fostering collaboration between storage and security is crucial, demanding a convergence for cyber resiliency to minimise liability. Storage vendors consistently push the boundaries of innovation, introducing new capabilities to enhance their offerings. The primary focus of these advancements is often directed towards safeguarding data. Primary storage vendors, for instance, have incorporated features such as immutability, encryption, and multi-factor authentication. Simultaneously, secondary storage vendors have expanded their data backup capabilities, integrating features like the analysis of changes in data thresholds and compression of backups to detect potential malicious activity. While these approaches mark a step towards data resiliency, they often fall short in addressing the core issue of data integrity in a cyber attack. It is imperative for storage vendors to adopt advanced security measures aimed at ensuring the integrity of the data itself, enabling successful recovery in the event of a cyber attack. Solely focusing on securing data or conducting superficial content inspections may lead to unexpected recovery challenges, especially when restoring data that has been unknowingly corrupted by malicious actors. STRUCTURAL ISSUES While vendors play a role in the challenge, organisations must also address internal issues by structuring their IT and security departments to foster collaboration in support of data resiliency. The threat of ransomware is not only a storage problem, but also a security and data protection challenge. Through improved collaboration IT and security departments can help control their cyber liability and minimise any impact from a cyber-attack. Numerous instances illustrate the challenges organisations face when recovering from a ransomware attack, and these challenges predominantly stem from a lack of collaboration between IT and Security. The typical scenario unfolds with an attack occurrence, leading the security team to enlist the assistance of the storage team for recovery. Subsequently, the storage team relies on the data protection team for restoration, only to discover data corruption. Excuses arise, with the data protection team attributing the issue to their practice of backing up data directly from storage platforms regardless of the data's integrity. This fragmentation prompts the storage team to turn back to the security team seeking details on the impacted data and the duration of the network intrusion. This lack of collaboration results in finger-pointing, prolonged periods of 22 STORAGE Mar/Apr 2024 @STMagAndAwards www.storagemagazine.co.uk MAGAZINE
STRATEGY: DATA INTEGRITY "The absence of collaboration between storage and security, whether on the vendor side or the end-user side, has resulted in numerous hours of downtime, substantial revenue losses, and tarnished public reputation. This issue has manifested repeatedly over the past few years. What is imperative is a transformative shift - a change in the way enterprise storage collaborates with security, a shift in how corporate data is safeguarded, and a redefinition of resilience in anticipation of potential cyber-attacks." operational disruption, and substantial data loss when achieving a clean recovery becomes challenging. The absence of collaboration between storage and security, whether on the vendor side or the end-user side, has resulted in numerous hours of downtime, substantial revenue losses, and tarnished public reputation. This issue has manifested repeatedly over the past few years. What is imperative is a transformative shift - a change in the way enterprise storage collaborates with security, a shift in how corporate data is safeguarded, and a redefinition of resilience in anticipation of potential cyber-attacks. A NEW FOCUS ON INTEGRITY Data resiliency initiatives represent a pivotal step towards unifying enterprise storage and security. With this strategic focus, new and valuable features will be integrated into storage platforms, fostering collaboration within the IT organisation. However, these initiatives alone are insufficient. The linchpin for uniting these disciplines lies in prioritising data integrity. Data integrity ensures that data remains free from corruption, facilitating effective restoration and minimising data loss. Beyond these benefits, it furnishes deep analytical insights capable of revealing even the most concealed and hidden data corruptions. By emphasising data integrity, organisations can enhance cyber capabilities across primary and secondary storage platforms, providing detailed forensics into attacks and quickly establishing know good recovery options. This, in turn, enables security, storage, and data protection teams to refine their efforts in minimising operational interruptions and cyber liability at a time of chaos. Data integrity surpasses a superficial examination aimed at detecting malicious activity. It extends beyond routine checks for appended file extensions included .encrypted or .lol, unusual changes in daily file thresholds, or elevated compression rates in backups, which may indicate data encryption. While these methods are intriguing, they are susceptible to evasion by malicious actors armed with sophisticated ransomware variants. True data integrity demands a more profound analysis, leveraging advanced approaches such as content-based security analytics and AI-based machine learning. This in-depth inspection not only ensures the integrity of the data but also yields valuable telemetry data. This information can be utilised by data protection teams to identify what needs restoration and by security teams to understand the nature of the incident, enabling them to deploy effective tools against similar malicious activities in the future. The necessity for a detailed level of data integrity becomes evident when considering the latest ransomware variants. Contemporary strains often employ lightweight encryption algorithms, leaving minimal evidence of corruption. Some utilise intermittent encryption algorithms, which in response requires a thorough inspection within files and databases content to confidently detect. Additionally, certain variants engage in slow corruption, deliberately falling below threshold analysis triggers. ROBUST AND RESILIENT Achieving a high level of data integrity demands deep, content-based inspections of files and databases. Advanced analytics, validating headers of databases, assessing content structure, and uncovering hidden internal encryption, become critical. Integrating this advanced level of data integrity with both primary and secondary storage platforms emerges as the sole, effective approach to ensure robust cyber resiliency. The ransomware challenge is a grave and continually evolving threat. Bad actors are now employing advanced technologies like GenAI to craft super variants that corrupt data while leaving behind minimal evidence. The imperative for data integrity becomes increasingly critical in establishing a high level of resiliency. Such resiliency is essential for organisations to swiftly recover, minimise data loss, and prevent public exposure in the event of a ransomware attack. If Gartner's predictions prove to be accurate, the use of this type of cyberstorage capabilities to recover from ransomware attacks will be mainstream in a few years. However, many organisations cannot wait that long as the battle continues to ramp up and cause serious impacts across the globe. More info: www.indexengines.com www.storagemagazine.co.uk @STMagAndAwards Mar/Apr 2024 STORAGE MAGAZINE 23
Page 1 and 2: STORAGE MAGAZINE The UK’s number
Page 3 and 4: The UK’s number one in IT Storage
Page 5 and 6: DON’T SaaSSS GET YOUR KICKED! ! T
Page 7 and 8: MANAGEMENT: IT SKILLS "Thanks to th
Page 9 and 10: CASE STUDY: CASE STUDY: SPHERE ENTE
Page 11 and 12: EVENT: EVENT: STORAGE AWARDS 2024 S
Page 13 and 14: EVENT: STORAGE EVENT: AWARDS 2024 T
Page 16 and 17: ROUNDTABLE: FLASH FLASH FORWARD STO
Page 18 and 19: ROUNDTABLE: FLASH "The need for low
Page 20 and 21: ROUNDTABLE: FLASH "We believe that
Page 24 and 25: CASE STUDY: FLORIDA STUDY: PANTHERS
Page 26 and 27: ANALYSIS: CYBERSECURITY MODERN WARF
Page 28 and 29: RESEARCH: RESEARCH: IMMUTABLE STORA
Page 30 and 31: MANAGEMENT: CLOUD STORAGE FUTURE-PR
Page 32 and 33: STRATEGY: GENAI THREE STEPS TO GENA
Page 34 and 35: CASE STUDY: GRUNDON STUDY: A STABLE

ST2403

Create successful ePaper yourself

Delete template?

Save as template?