Ever since business computing went mainstream in the 1960s, technology leaders have been working on securing their IT systems against incoming cyberattacks. Doing so requires continual refinement of tools and practices, to protect assets from ever more advanced threats.
Storage security and cyber resiliency are both key focus areas within such efforts. Storage has long been a key area for security because without the right level of protection its data might be compromised by a cyberattack or outage.
What is cyber resiliency?
Cyber resiliency is creating a system of protection against attacks that implements layers of barriers to stop suspicious activity. It enables you to recover data quickly even if there was a breach. How cyber resiliency looks in practice will differ for every company and storage setup, but the core concept of protecting your systems as much as possible remains the same.
Such resiliency is important because cyber threats are everywhere. Worldwide, the cost of cyber attacks amounted to $6 trillion where the largest breach costs a company $9.45 million according to a 2020 study by McAfee.
Less than half of the attacks (48%), according to Ponemon, that happen are due to criminal acts. The rest of the root causes of cyber attacks are due to human error (27%) or system glitches (25%). Cyber resiliency provides a way to protect against risks of all kinds.
Every business wishes they had the capacity to protect their data from attack all the time. One major step toward doing so is to put resilient storage infrastructure in place, so that data can bounce back quickly.
Your data and storage are what your company is built on. To make this information vulnerable to attack or manipulation means putting your entire company at risk. Cyber resiliency helps keep it safe.
How to protect your data
The best defense starts with a procedural approach to finding and testing weaknesses in your data systems. Consider multiple tiers of protection and implement checks for the current state of your company’s security.
The NIST (the U.S. National Institute of Standards and Technology) framework is a great place to start. This body has published a framework entitled “Framework for Improving Critical Infrastructure Cybersecurity” that highlights their recommendation for protecting your data asset. The steps include:
It begins with assessing the IT operation in a risk management framework. Make a list of the key assets of your data and the best ways to protect them. Determine which ones could be rebuilt, which are foundational or high value and how much the cost for protection is for each asset.
Next, evaluate any additional safety measures that you can put in place, like tiered access. This step encourages you to find different areas of storage for your assets and where they will live in the case of one copy getting exploited.
Create automation systems for categorizing each asset into an appropriate storage location, such as through network isolation or putting them into an immutable format. The key is to ensure that these copies cannot be deleted either accidentally or through system error.
Now that the assets have copies and safe places to live, it’s important to implement a checking system that detects unusual activity that may indicate the beginning of an attack. This system should react to minimize damage.
Set a dedicated response team including personnel that is trained to respond to any breaches and protect as much data as possible.
Finally, recover any files that you may have lost and replace them with copies. Run any analysis needed to determine how severe the attack was and diagnose where the system failed.
Implementing reliable storage solutions to back up and protect your data assets is vital to proactive cyber resiliency. IBM provides a resiliency management solution that delivers awareness of the overall replication topology and server integration. This system also includes IBM GDPS logical corruption protection capability for IBM Z servers and the IBM iPowerHA toolkit.
The IBM Spectrum Protect is a highly effective storage and backup solution. They used WORM media to create copies and backup files and data to a reliable source - protected from overwriting or deletion. The IBM Spectrum Project includes several other types of resiliency modules that will be the perfect solutions for your asset protection.
If you have questions or want professional help to implement these solutions, contact the InfoSystems team today to get started.