James Blake, Field CTO Security EMEA at Rubrik, looks at defining data assurance and explains how businesses can ensure an architecture that supports it going forward.
Data is at the heart of every modern organization; without it, business applications, systems and processes simply can’t function. It’s become mission-critical for almost every business on the planet, so it’s no wonder that it’s highly sought after by cybercriminals.
But what makes data so desirable? Some have learned to collect data and metadata from every corner of their organization, using it to make informed decisions, save costs, or predict what’s around the corner and prepare accordingly. Hackers, meanwhile, have mastered the fine art of ransomware, holding that very data hostage to those who need it most in exchange for one hell of a payday.
According to a recent survey by IDC, over a third of organizations globally have experienced a ransomware attack in the last year, with an average ransom payment of nearly US$250,000. In the UK, ransomware attacks doubled in the first half of 2021 compared to the same period in 2020. It’s clear that the traditional ‘perimeter’ approach to security is no longer working.
To combat this, modern businesses need to be data assured. This means not only ensuring that they are accurately collecting data and correctly analyzing it for maximum impact, but that that very data is also protected when the worst happens. Sounds easy enough, but how do organizations achieve that, how can they best protect the lifeblood of their infrastructure, and what solutions can help along the way?
It’s time to rethink data protection. It’s time for an inside-out security strategy, whereby the data is not only the last line of defence but the first line of defiance. It’s time to become data assured.
Data assurance, explained
Simply put, data assurance is the act of understanding and correcting errors throughout the data communication process, such as between a host and a storage array. In doing so, data assurance improves the integrity of data across a storage system by enabling the storage array itself to check for said errors, appending error-checking codes to data blocks in order to determine errors in transit. If and when corrupted data is recognized, it is corrected before it reaches its next destination.
However, for data assurance to thrive, the organization must first adopt the concept of zero trust. A zero trust architecture assumes all users, devices and applications are untrustworthy and can be compromised. In other words, it means trusting nothing and verifying everything. In doing so, permissions are significantly limited, data is only accessible via multi-factor authentication, and therefore the likelihood of anyone or anything maliciously impacting that data is removed.
An architecture designed around zero trust must employ immutable backups to further ensure data security. Immutable backups cannot be modified, deleted or tampered with in any way – intentionally or otherwise, while every attempt to read the data is subject to authentication. So, if you find yourself suddenly exposed, you know at the very least that you have clean, immutable data to reinstate.
As well as requiring certificate-based mutual authentication for secure communications as part of its zero trust cluster design, immutability is built upon filesystem distribution and API authentication. It provides tight controls over which applications can exchange information, how data is transacted, and how it is arranged across physical and logical devices, and requires authentication to all endpoints to allow any of this to happen. With all this in place, security teams can rest in the knowledge that they are on the right track to true data assurance.
In short, being data assured allows security teams to know exactly where their data is, rest easy that it’s stored immutably, and confidently leverage said data to initiate recovery operations or run attack forensics in the wake of a ransomware attack.
- Changing lanes: connected cars shift up a gear for data ‘driven’ comfort
- Crowds deliver diverse data sets to produce effective AI
- The future of SaaS and unstructured data
- Data mesh in practice: how to set up a data-driven organization: Interview with Max Schultze
The final piece in the data assurance puzzle is deploying a modern backup solution that can enforce all of the above. Traditional solutions simply aren’t built with data assurance in mind, and therefore don’t offer the visibility and governance capabilities needed to effectively monitor the data flowing through an organization.