Backup Mistakes That Can Lead to Unnecessary Data Loss for Midsize Enterprises

CIOs responsible for data protection must assess the impact that ransomware and SaaS adoption have on their backup strategy. Overlooking these vulnerabilities may leave an organization incapable of recovering data when needed.

Overview

Key Findings

·        Perpetrators are specifically targeting backup environments with ransomware with the intent to leave organizations incapable of recovering from an attack.

·        Many backup vendors have added ransomware detection and remediation capabilities as part of their data recovery solutions.

·        Organizations that assume SaaS applications don’t require backup, or that the SaaS vendor’s data protection is good enough, may place data at risk.

·        Many backup vendors have modules to provide backup for a variety of major SaaS applications.

Recommendations

CIOs in midsize enterprises responsible for data protection should:

·        Take steps to protect your backup data from ransomware by hardening your backup implementation. Make ransomware remediation a core requirement for a backup product.

·        Make the assessment of data protection requirements a standard part of the evaluation before deploying any new SaaS applications.

Introduction

There has been an increase in the number of ransomware attacks targeting backup infrastructure recently. In addition, many organizations are ignoring their responsibility to protect data stored in the cloud. These two often overlooked circumstances require midsize enterprises to examine if and where their backup and recovery strategy may be falling short. CIOs working with security leaders responsible for data protection must adapt their backup strategy to accommodate ransomware and SaaS.

Analysis

Ransomware is a Major Factor Driving Backup Strategies

Ransomware attacks are growing in frequency and sophistication. Even when provided with a decryption key after the ransomware is paid, there is no guarantee that all data will be recovered. In fact, in a survey conducted by Sophos in 2021, only 8% of organizations managed to recover all their data following a ransomware attack. Restoring an infected server or user’s data may be the only way to fully recover from a ransomware attack. Attackers are aware of this and so they are creating ransomware that specifically targets backup systems. Backups are under attack, which makes it critical to protect backup data against being encrypted or deleted.

Immutable “write once, read many” (WORM) backups have gained traction with the rise in ransomware attacks, and they play a vital role in making backups resistant to tampering. Once data has been written to immutable storage, no one within or outside an organization can change, delete or overwrite the backup files.

The concept of an “air gap” backup — a backup copy stored on storage infrastructure that is not connected to external networks — is an additional way to provide extra protection from data deletion or encryption. Air-gapped backups make it more difficult for bad actors to access backup copies.

.

Make Backing Up SaaS Data Your Responsibility

One of the primary drivers for moving to SaaS for many organizations is to eliminate the IT operations associated with the application. One of these tedious daily tasks is backup. Organizations often assume that SaaS applications don’t require backup, or that the SaaS vendor supplies adequate data protection. This assumption is rarely valid, however. SaaS customers also can’t assume that the SaaS vendor is invulnerable to attacks that may destroy or encrypt data.

Midsize enterprises cannot ignore their responsibility to protect data stored in SaaS applications. It is prudent for CIOs working with application leaders responsible for data stored in SaaS to understand the SaaS vendors’ data protection capabilities. Native SaaS recovery capabilities typically focus on total system resilience, and rarely offer the same granularity to recover data as backup vendors do. CIOs should pay particular attention to the restore process for data in a SaaS application.

CIOs should investigate the need for a third-party backup solution if the SaaS vendor is unable to meet your organization’s backup and recovery requirements. Most of the major SaaS applications have options for third-party backup. The backup of SaaS applications has some challenges. The primary way for backup vendors to access the data is through published APIs from the SaaS vendor. These APIs may restrict functionality and performance.