The positive side of ransomware for data transformation

Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

By Pritesh Parekh, vice president of engineering, chief trust and security officer at Delphix

We all know about the evils of ransomware, but let’s talk about its positive side for a change.

To keep it short: There aren’t many positives … except for one, and it is important: Ransomware’s awfulness is bringing about a long-overdue correction in how enterprises manage their data. And that is a very positive outcome.

While most cyberattacks are a problem for security teams, the enormous business impact of ransomware has woken up the entire C-suite. In fact, with seven attacks each hour in the United States alone, ransomware is now considered to be a threat to national security.

An attack can potentially cripple a business for days, leading to lost revenue, reputational damage, and customer churn. It not only gives victims two choices — pay up or stay offline indefinitely — the first option doesn’t always work. For example, on average, only 69% of healthcare organizations’ data could be restored even after they gave in and paid for the decryption key.

As a result, the threat of ransomware is making a systemic, enterprise-wide preemptive response more urgent than ever.  On the positive side, these changes will not only protect against ransomware, but will also provide the necessary foundation to ward off cyberattacks of all sorts. They will additionally enable enterprises to seize the opportunities opened by data’s new scale and intelligence.

Ransomware and responsive data architecture

Ransomware is providing a much-needed impetus to modernize the architecture of an organization’s data infrastructure. This will help developers proceed as quickly and agilely as they want, with the confidence that their efforts are being protected at the optimal pace for their workflow, including in near real-time when advisable.

Modernization should begin with a change in the data processing architecture to make it both more responsive and more secure.

The new architecture should be more responsive and interface with enterprise data via a smart API that can automate the processes by which data is fetched, merged, transformed, secured, and delivered, all without users having to put in a request to the data team. It must work with application data generated outside the data warehouse and programmatically combine it with data from either side of the wall, as well as with sources external to the organization. It must also be fully programmable, eliminating the need to predetermine exactly what data is going to be combined with what data.

The “smarts” of this smart API means users can make data requests that may seem simple to them but that set off complex automated processes that deliver data within seconds or minutes, not days or weeks.

One of the important functions of this API must be to perform automated backups on an optimized and context-aware schedule, including rapid backups to the cloud as well as slower backups to physical media in-house or remote. Such a system will enable enterprises to say, “No, thanks” to cybercriminals demanding payment to undo their ransomware’s damage on a company’s data.

It’s important that an enterprise’s data is backed up according to what makes the organization fully resilient, rather than according to the limitations of traditional storage limitations and schedules. That includes application data — the data that’s closest to the people working on a project. If that’s disrupted, the project grinds to a halt. If it leaks, it can take an innovative project’s competitive advantage with it. And if application data is not made sharable, the organization will not be getting full value from it.

Protection via air gaps

Ransomware attacks leverage what until relatively recently seemed to be an obvious and inescapable fact about backups: backups are files written and read by the same networked operating system that the organization uses for its day-to-day business. Yes, backup files are different from other files — they’re compressed, redundant, likely kept on remote mirrors,  and are heavily permissioned — but for a cybercriminal set on installing ransomware,  they’re just one login away.

But if you create a virtual data application that takes the backups off the organization’s normal file system and installs separate locks and controls, you have made the cybercriminal’s job much, much harder.

The virtual appliance must also be designed to work with a smart data API. It should, of course, be able to move files onto the enterprise’s work network and store backups on local or remote physical drives, in the cloud, or anywhere else devops wants. But even if you’re the enterprise’s system admin and have root access to the enterprise network, you must not be able to access the data managed by the appliance without special authorization protocols.

The overall enterprise network system is never going to be secure enough to thwart dedicated hackers because it has to remain open enough for workers to be productive. Putting an “air gap” between that system and the backup system vastly minimizes the risk to the backups. With a data appliance that virtualizes much of the data, an organization that wakes to find its enterprise network has been encrypted by cybercriminals can restore its production data in minutes and get back to work.

It gives the criminals behind ransomware far too much credit to say that they’re the reason organizations are changing the architecture of their data systems. CSOs and CIOs are leading the charge for an infrastructure that better meets the needs of the people who are using data to innovate, to do their jobs as safely and efficiently as possible, and to achieve a level of operational excellence simply never possible before — all while achieving a new level of security against cyberattacks of all sorts.

Ransomware may be the spur for this data transformation, but the benefits extend far beyond that. That is literally the only good thing about ransomware.

Pritesh Parekh is the vice president of engineering, chief trust and security officer at Delphix with 20 years of experience in building and leading Product development, Trust, devops, and quality-assurance teams.

Originally appeared on: TheSpuzz