Why Isolated Recovery Doesn’t Prevent Ransomware - Nasuni
Blog

Why the Windmill Defense Does Not Protect Against Ransomware Attacks

Air-Gap-Windmill-webOne of the great things about working for a growing company is that you have to earn every customer. Our sales team does not have the luxury of walking into a conference room, flashing the logo of a long-established brand on the screen, and instantly enjoying a head start. This is a challenge on many levels, but it forces the entire team, from engineering to sales, to stay sharp and focused on what we are building and how we help our clients. It also keeps us from trying to force companies to buy solutions they do not need.

This is not always the case with legacy hardware providers. Although it has always been one of the driving principles here, for the next few weeks we are going to focus a little more closely on the problems that result from relying on traditional file storage hardware, as opposed to a cloud-native file system like Nasuni. In this post I will analyze the difference as it relates to ransomware – a unique and growing threat to the enterprise – and the route that one major storage vendor has suggested as a means of protection. I call it the windmill defense, and I’ll explain why this windmill defense does not apply to ransomware attacks.

Now that ransomware targets backups as well as primary file systems, this vendor suggests purchasing an isolated recovery target in the form of another data center. This air-gapped will be the third facility, in addition to the existing locations for primary and backup storage. In other words, an isolated recovery target is really just backup for your backup. Not only is this a wildly expensive solution, but it means more gear to manage. That might be good for the vendor, but adding infrastructure complexity rarely helps IT.

The Problem With Scheduled Air Gaps

Unfortunately, it gets worse, since the proposed solution itself is flawed. The premise behind this ransomware protection scheme is based on a concept known as “scheduled air gaps” – this means that the backup data center and the new facility or isolated recovery target are not physically connected. In theory, then, a ransomware hack cannot work its way through from the second data center to the third. But a scheduled air gap offers about as much defense as the windmill on a miniature golf course. Sure, it will work occasionally, but in miniature golf, a precisely timed and well-struck shot will easily slip past the blades and roll towards the hole. The same holds true for air gaps and data protection. The data still needs to move from one facility to the other –during scheduled windows and hackers will always find a way to slip past such defenses.


“Several of our customers have used Nasuni to recover quickly from ransomware incidents.”


Why pitch such an expensive and fundamentally flawed data protection scheme? Because they can and some people will buy the extra gear. Now contrast this approach with our answer to the ransomware threat. First, we do not ask our prospective or existing clients to buy anything extra. You do not even need an extra disk with Nasuni, let alone another data center. With Nasuni’s WORM-based, cloud-native file system, your files are never deleted, and changes are continuously and securely streamed to the resilient cloud. Our isolated recovery target is the georedundant cloud, so your data protection mechanism is separate and safe from ransomware.

Experiences with our clients taught us how well Nasuni’s built-in data protection performed against ransomware. Several of our customers have used Nasuni to recover quickly from ransomware incidents. Another was hit while they were still migrating files to Nasuni, and they ended up accelerating the migration to get the rest of their files protected as quickly as possible.

If you want to buy data protection for your data protection, or a third facility to protect the first two, just know that you are spending a lot of extra money and not eliminating the risks. Ransomware is a new kind of threat that requires a new kind of solution. A cloud-native file system can deliver the complete suite of Enterprise File Services, including enhanced data protection, for a fraction of the cost of traditional hardware. So if you are concerned about the threat ransomware poses to your files, consider waiting before you buy another data center. Send us a note to see if we can help.

 

Leave a Reply