How to develop a cloud backup ransomware protection strategy
Many organizations are looking for a way to increase their data backup and recovery capabilities, including cloud-based storage.
For business continuity and disaster recovery (BCDR), most mature businesses have multiple tiers of backups. Some organizations are now considering isolated backups due to ransomware. These are backups that aren’t reachable or accessible from the core corporate environment without making infrastructure changes and/or requiring numerous administrative authentication/authorization adjustments.
These are some of the most common methods for cloud backup ransomware security:
- A new network segment is created within an organization’s environment to store these backups. The segment will be protected by a firewall that denies all access. These rules can be relaxed only when data is required or for replication.
- Create a new cloud-based backup that is isolated using both cloud-based network restrictions and on-premises restrictions. This backup could also be stored in a secondary backup center.
- Multiple administrators are required to enter multifactor authentication information and credentials together.
How to get started: Building a strategy
Several areas must be included in the planning phase of a cloud backup ransomware strategy.
- IT Operations. IT Operations teams should consider the types of data they should back up and the length of time that data should be kept.
- BCDR planning. Data should be aligned with standard metrics such as recovery time objective, mean time to recover, recovery point objective, and recovery time objective for BCDR planning teams.
- Infosec. It is crucial to consider the security of data being stored and replicated. Security teams must ensure that they are not only focusing on the data being backed up but also any security measures available in the cloud.
- Compliance and legal issues. It is important to address any regulatory and legal needs early to ensure that all storage and archival requirements are met by industry standards and best practices.
Ask your cloud storage provider questions about the security of your data centers and the personnel operating systems and applications in those environments. The following questions should be asked:
- Is physical access to data centers restricted? What security measures are necessary to gain access, such as biometric retina scanners or password protection? Providers must ensure strong access control at these facilities for enterprises.
- Is the data center staffed and monitored 24 hours a day? How are shift changes handled if the data center is monitored 24/7?
- Is the data center equipped with video surveillance and audit logs that track visitors’ times of entry and departure? What is video surveillance monitoring?
- Do background checks take place on employees who have physical or managerial access? What kind of background checks are done and how often?
- Are intrusion alarms in place? Is there a plan for responding to a physical security breach at the data center?
Network security and storage architecture
Organizations need to be aware of the security design considerations that are in place in the cloud provider environment. These controls are fundamental elements of any security program that every mature program should support. These criteria should be considered:
- What authentication methods should users use to access storage areas and components? A provider’s storage administrator should have strict authentication requirements.
- To secure configurations require default password changes? If users don’t activate any services, features, or functions, secure configurations will deny them. This default denies position applies to all configuration controls.
- What security event monitoring and logging methods are used? All platforms and applications should be able to detect security events and log them. Security alerts should be sent to management consoles and element managers. This data may not be accessible to all cloud providers teams in many cases. However, users need to be aware of the technologies and processes that are in place.
- How does multi-tenancy work? What technologies can be used to isolate and segment different tenants’ data? Hypervisors, virtual firewalls, storage area network (SAN), isolation tools and techniques, and network segmentation are all options. Cloud providers should disclose the methods they use to protect data shared on their platforms.
- How often are passwords and permissions for network devices audited?
- Are the systems that serve each customer separated from other network zones both logically, physically, and in terms of their components and applications?
Management security and storage access
Both cloud providers and enterprises should take security and access control seriously. Cloud storage should be evaluated based upon the following criteria to protect against common security threats such as ransomware.
- Management tools and other administrative software may store passwords in encrypted formats. What type of encryption is used? Is it possible to set up and enforce password length, type, and duration in the storage management software?
- What type of secure connectivity is allowed to the cloud storage infrastructure Do you support more secure communication protocols like SSL, TLS, or SSH?
- Is there an active session timeout?
- Are there multiple administrator profiles that can be used to give you granular security levels? Administrators should be able to restrict access to cloud storage by setting up configuration options. These options can be based on time, day, and other attributes. Logging should be done on all administrator actions for alerting and auditing. These logs should also be made available to enterprise security teams.
- Can cloud storage management software define specific roles and privileges for users? This capability must be mandatory to maintain a separation of duties and enforce the principle of least privilege.
Security-oriented processes in a cloud storage provider’s cloud storage provider should focus primarily on software testing and development security as well as vulnerability management and patching.
The following questions are worth asking:
- Is the cloud storage provider able to test the hardware and software is completely secured and patched configurations, so that they can assess the vulnerability of the servers and networks?
- Does the provider have a system in place to monitor and report security flaws found within cloud storage products? As part of its incident response procedures, the provider should distinguish between general announcements as well as contact methods for specific customers.
- What notification and escalation procedures should be followed in the event of security breaches or other potentially serious security incidents?
- Does there exist a documented and established process for the internal distribution of critical software updates and non-critical security patches?
- Does there exist a standard process for testing security during development and quality control cycles? This process should include scanning the source code for top issues, such as the Open Web Application Security Project Top10, buffer overloads, and poor authentication and session handling.
Cloud-based storage can be used to supplement existing data backup strategies in mature organizations. These strategies include standard backups on-site using tape or disc, large-scale replication, and storage integration with SAN/network. Secondary backups are also possible using tape or disk that is sent to an off-premises provider. For newer situations, such as ransomware, it is possible to create short-term isolated backups of end-user content or core data center assets.