In the event of a ransomware attack or any other type of cybersecurity disaster, continuous data protection is becoming relevant enough to position itself as the best way to achieve a quick recovery from these critical situations.
Existing classic IT data recovery solutions are more suited to limited-sized operations, and the more isolated they are, the faster and more efficient their restoration will be. For larger operations, they are slower and often lack sufficient effectiveness.
From all this emerges a new approach, “continuous data protection,” as an enabler of rapid recovery, even when data losses are significant.
Current outlook
Undoubtedly, preventing and blocking any type of attack is the number one premise in our Cybersecurity plan. From our experiences we can conclude that:
- The costs of suffering a ransomware attack are directly proportional to the cost of quickly recovering from it.
- It is known that paying the ransom demanded by cybercriminals does not guarantee the recovery of the affected environments or the data involved.
Limit of conventional data recovery
Having backup copies and their ease of recovery are key.
Las empresas y organizaciones realizan varias copias de seguridad de manera local y con residencia en la nube simultáneamente, con la finalidad tener respuesta ante situaciones de ataque y poder recuperar la operativa. Esto hacía que la recuperación fuera posible, aunque no necesariamente inmediata. Companies and organizations make several backup copies locally and in the cloud simultaneously, in order to respond to attack situations and be able to recover operations. This made recovery possible, although not necessarily immediate.
Cybercriminals have learned from this and have started encrypting or corrupting backup copies as well. As a result of this new situation, many organizations are isolating these copies to prevent their corruption.
We can conclude that, based on an analysis of the experience in restoring from backup copies alone, it is not a panacea even in cases where the integrity of the copies has been maintained. In addition, it has been contrasted with those responsible for this area in companies that exhaustive tests are not always carried out with sufficient rigor and frequency.
What is left for us as a solution?
We might think that paying the ransom is the only quick and effective way to recover our data.
Reality gives us the answer with data: at least a third of those who paid the ransom were still unable to recover all their data.
¿What is the proposal then?
Continuous data protection (CDP)
It is a solution that offers data replication always in combination with detailed logs. This means that we can perform a complete restore from the “gold copy”, with all changes, or we can return to a specific point in time, undoing any changes made since that point. To achieve maximum speed goals, continuous data protection will be implemented on disk or flash rather than other devices. It is an expensive option, but recovery is faster and the company can get back up and running. Furthermore, by storing the data on disk and backing up only the modified data, the restoration processes are considerably faster compared to full backups, especially when performing a temporary reversal. The hardware involved in this task is typically deployed in the data center, close to the devices to be backed up. If remote backups are required, it is often possible to integrate them as a secondary backup mechanism.
In conclusion
Continuous data protection solves some of the main problems with conventional backups; namely, the possibility of losing data written since the last backup. Recovery times are effectively minimized because very little data is lost in the event of a disaster (if any), and recovery is faster than any other type of system.
