Designing a Data Protection Solution for Rapid Recovery From a Cyber Attack

Cyber attacks are happening at an alarming frequency. Ransom demands are exorbitant and paying the ransom does not guarantee you will regain your data. After a cyber incident, pressure is high and it is too late to devise a plan that minimizes your business impact. Therefore, it is essential to design your data protection solution for rapid recovery now, so you can confidently get your business back up and running as quickly as possible.

To successfully design for recovery, we suggest the following strategy:

1. It is essential that all your business-critical data is protected appropriately and securely. This can be challenging given the typical sprawl of data across hybrid and multi-cloud environments.  An enterprise solution that can provide visibility and protection for all your data is essential. A disaster recovery site alone is likely not sufficient for recovery since data is duplicated asynchronously or synchronously between sites and therefore will also be infected. 
2. Identify critical business functions and their maximum tolerable downtime (MTD). All recovery methods take time. According to a Statista survey the average duration of downtime after a ransomware attack in the first half of 2022 was 25 days. While having access to all your data seems necessary to recover immediately, this is likely not a reasonable strategy nor is it cost efficient. Instead, it is essential that you are fully aware of the priority order for recovery and the MTD for all applications so that you can architect your data protection strategy in a way that minimizes downtime for your essential businesses.
3. The type of impact varies greatly. Everything may be impacted and you will need to recover your entire data center to another location, or it may be that only some databases, VMs or files need to be recovered in place. In either case, you need a solution with flexible restore options to restore your data to any location quickly.
4. Cyber attackers also target backup data so that businesses can’t recover. It is essential that you have multiple backup copies, at least one that is immutable and ideally in an isolated environment, separate from your primary and secondary backup copies. You might also consider having recovery infrastructure for your most critical applications in the same isolated recovery environment.
5. Practice, practice, practice!!! After an attack, IT is under tremendous pressure to recover. Without a properly designed plan that has been thoroughly documented and repeatedly rehearsed, costly mistakes will happen. Build in automation wherever possible to make recovery faster and more reliable while eliminating human errors.

Veritas provides a cyber resilient data protection solution essential for a robust recovery strategy. It provides:

• A single solution, capable of protecting over 800 workloads
• Clear visibility to all data copies across your entire enterprise data estate from a single UI
• Automated orchestration across an organization’s entire hybrid and multi-cloud environment
• A consistent user experience for all backup and recovery operations
• A zero-trust framework that delivers cyber resiliency by design

Veritas provides multiple recovery options and the flexibility to recover from anywhere to anywhere including:

• Instant VMware recovery
• Instant rollback
• Instant access to recovery points for VMware, Oracle and MSSQL
• Granular recovery of full VM, individual VMDK, file and folder, full application, file download, application GRT and AMI conversion
• Checkpoints derived from real-time replication of your production data that can be used for recovery purposes
•  Cloud-native snapshot backups

You can use these recovery options to customize your recovery strategy based on business needs.  As an example, you could preserve your business-critical application backups on infrastructure with sufficient resources capable of hosting thousands of instant access and instant recovery instances to bring your most critical business applications back online in minutes. Your less critical business applications can be protected using more cost-effective storage.

When it comes to recovery, you need to ensure that you have a clean copy to recover from.  Veritas includes malware scanning for your backup data to ensure you recover a clean copy.

Whether you store your backups in the public cloud or on-premises, Veritas has multiple layers of security built into the zero-trust architecture that help: 

• Block system access
• Prevent unauthorized user login
• Limit user and process permissions
• Highly restricted access to destructive operations

Veritas also delivers the ability to easily create isolated recovery environments to ensure immutable copies of your backups exist in an isolated network environment for recovery.  From here, you can choose to recover back to the production environment, a different environment, or to systems within the isolated recovery environment.

A detailed resiliency plan and rehearsal are essential in ensuring a successful ransomware recovery. This helps:

• Ensure successful data recovery
• Calculate recovery times
• Help quickly restore business operations during an actual event

Veritas provides orchestrated automation solutions with resiliency and evacuation plans (runbooks) allowing for automated recovery at scale between data centers, or to the cloud. Veritas makes it easy to configure a digital runbook that can leverage where the backup data is so you can orchestrate recovery for any data – granular recovery from a single application all the way up to an entire data center.

Any plan is only as good as its last successful test. Veritas makes it easy and efficient to test plans with single-click recovery rehearsals that can leverage nonproduction resources such as network and sandbox environments.