Security vs Protection – The Same, but Different

Though the words “security” and “protection” are mostly interchangeable in regular use of the English language, when talking about data, it’s a different story.

When we talk about data security, we are referring to securing data from becoming compromised due to an external, premeditated attack. The most well-known examples are malware and ransomware attacks.

Data protection, however, refers to protecting data against corruption usually caused by an internal factor such as human error or hardware failures. We generally address data protection by way of backup or replication – creating accessible versions of the data that may be stored on different media and in various locations.

Of course, these backups can be used for data recovery in either scenario.

 

Under attack

We have seen a dramatic rise in ransomware attacks in recent years, with startling results. According to the FBI, in Q1 of 2016, victims paid $209M to ransomware criminals. Intermedia reported that 72% of companies infected with ransomware cannot access their data for at least 2 days, and 32% lose access for 5 days or more. According to a July 2016 Osterman Research Survey, nearly 80 percent of organizations breached have had high-value data held for ransom.

 

security-vs-protection-1So what is ransomware?

Ransomware is a form of malware that is covertly installed on a victim’s computer and adversely affects it, often by encrypting the data and making it unavailable until a ransom is paid to receive the decryption key or prevent the information from being published.

Most infamously, Sony fell victim two years ago to a crippling attack that shut down its computers and email systems and sensitive information was published on the web. The Sony breach was a watershed moment in the history of cyber attacks. It is believed that the attackers were inside Sony’s network for over 6 months, giving them plenty of time to map the network and identify where the most critical data was stored.

The attack unfolded over a 48 hour period. It began by destroying Sony’s recovery capability. Backup media targets and the associated master and media servers were destroyed first. Then the attack moved to the DR and Production environments. Only after it had crippled the recovery capabilities did the attack target the production environment. After Sony recognized the attack, they turned to their Data Protection infrastructure to restore the damaged systems. However, they had lost their ability to recover. Sony was down for over 28 days and never recovered much of its data.

In Israel, the Nazareth Illit municipality was recently paralyzed by ransomware. Tts critical data was locked until the municipality pays the attackers the ransom price.

 

security-vs-protection

What do we propose?

While Dell EMC offers a range of products and solutions for backup and recovery on traditional media such as tape and disk, data is increasingly sitting in publicly-accessible domains such as networks, causing a heightened threat to data security. To address the shift in data storage, in particular the growing trend towards application development and storage in the cloud, Dell EMC is utilizing its decades of experience in the area of securing data with the most stringent requirements and the most robust and secure technology set in the market, to architect and implement solutions. The new technologies will lock out hackers from critical data sets and secure a path to quick business recovery. One such solution is Isolated Recovery Solution (IRS).

IRS 101

Essentially, IRS creates an isolated environment to protect data from deletion and corruption while allowing for a quick recovery time. It comprises the following concepts:security-vs-protection-3

  • Isolated systems so that the environment is disconnected from the network and restricted from users other than those with proper clearance.
  • Periodic data copying whereby software automates data copies to secondary storage and backup targets. Procedures are put in place to schedule the copy over an air gap* between the production environment and the isolated recovery area.
  • Workflows to stage copied data in an isolated recovery zone and periodic integrity checks to rule out malware attacks.
  • Mechanisms to trigger alerts in the event of a security breach.
  • Procedures to perform recovery or remediation after an incident.

*What is an air gap?

An air gap is a security measure that isolates a computer or network and prevents it from establishing an external connection. An air-gapped computer is neither connected to the Internet nor any systems that are connected to the Internet. Generally, air gaps are implemented where the system or network requires extra security, such as classified military networks, payment networks, and so on.

Let’s compare an air gap to a water lock used for raising and lowering boats between stretches of water of different levels on a waterway. A boat that is traveling upstream enters the lock, the lower gates are closed, the lock is filled with water from upstream causing the boat to rise, the upper gates are opened and the boat exits the lock.

In order to transfer data securely, air gaps are opened for scheduled periods of time during actual copy operations to allow data to move from the primary storage to the isolated storage location. Once the replication is completed, the air gap is closed.

 

Dell EMC’s Data Domain product currently offers a retention lock feature preventing the deletion of files until a predefined date. IRS takes such capabilities further. The solution will continue to evolve to simplify deployment and provide security against an even broader range of attacks (rogue IT admins, for example), IRS solutions will make life more difficult for hackers and data more secure. In IT, “security” and “protection” have been treated as two independent, orthogonal concepts. The new, destructive style of attacks changes that relationship. The two teams must partner to make a coherent solution.

 

~Assaf Natanzon @ANatanzon

Road to Efficiency, Part 1

Road to Efficiency, Part 1

In the new IT, there are so many buzzwords, especially around cloud services. Where does the cloud actually fit?
Clouds can be private or public, and they can serve traditional “Platform 2” applications as well as new “Platform 3” applications. So let’s look at cloud services from that perspective.

 

Vlad 1

Of course, some things don’t change regardless of the quadrant of the matrix. We always need to:

  • Protect the data wherever it is.
  • Simplify management across environments.
  • Get more value out of the data.

When talking about the cloud, two important aspects are frequently overlooked:

  1. Private clouds should be as easy to manage and as elastic and flexible as public clouds are. Private clouds shouldn’t get graded on a curve because they come from traditional IT teams. In that sense, I appreciate the urgency that the public cloud revolution has placed on traditional infrastructure providers. It’s time to modernize the solution end to end, not just build a bigger system.

  2. If you move your data to the public cloud, you still need to protect it. The responsibility for resiliency and access may move to the cloud solution provider, but if data is deleted (inadvertently or intentionally) or corrupted on a logical level (and we know applications never corrupt data, don’t we?), it doesn’t matter on which infrastructure it runs. Furthermore, most businesses typically require more than just the most recent point in time copy of data. Finally, remember that these requirements apply equally to IaaS, PaaS, and SaaS solutions.

Transition

What are we building to help with this transition? In the Data Protection Cloud unit of EMC’s Core Technologies Division, we look at four primary items:

1.  Data Tiering to Cloud:

Any data, regardless of whether it sits on primary storage, protection storage, end points or in-cloud should be able to move to and from any cloud. This is very important because it covers all customer data—past, present, and future!

2.  In-Cloud Data and Application Protection:

EMC already has industry-leading on-premises enterprise data protection solutions with NetWorker and Avamar data protection software paired with Data Domain. But we need to be able to protect data that sits in public clouds as well as opaque data that is present within some software-as-a-service solutions. New products, such as Spanning Backup by EMC, were created for SaaS application data protection.

3.  Converged File and Protection Services:

Everybody in the industry is talking about converged infrastructure and focusing on different models of consuming on-premises technology. In the cloud, we can converge multiple types of data usage into a simplified and unified solution. The cloud can be my authoritative central copy of data while I maintain local caches as I need them for fast access. Suddenly, I don’t have to worry about managing multiple copies; including distribution and replication, I can have all the features I expect from data protection built-in with my primary solution. And of course, that will apply to both public and private clouds. The best part? I don’t have to worry about all of the dedicated physical infrastructure to make that happen. But why stop at converging infrastructure? Converge your production and protection—globally! Can we do this? Stay tuned!

4.  Extend Search, Hold, Discovery Platform:

In the end, we need to enhance the value of the data itself. One way is by providing insight into all data, regardless of whether it resides on-premises or in the cloud, on primary storage or as part of data protection solution. Once we can gather and identify all data, the key is unlocking its value. Global search, hold and discovery are just some of the initial use-cases.

After seeing how far the cloud can take us, now we can map all four of them to the same diagram we’ve used earlier:

Vlad 3

Conclusion

How important is it for IT to adapt to new times and actively seek ways to improve—not just financial efficiency, but in delivering value to the business? Take a look at the following quote. In my mind, nothing can be more true today in the IT world:

“The advantage you have yesterday, will be replaced by the trends of tomorrow. You don’t have to do anything wrong, as long as your competitors catch the wave and do it right, you can lose out and fail.”

-Stephen Elop, Ex Nokia CEO

Vladimir Mandic @vmandic00