Ransomware attacks have continued to surge in 2021 as more companies moved to remote work, increased cloud adoption and made other structural and technology changes. No sector has been left untouched, and attacks are getting bigger and more expensive. It’s estimated that ransomware attacks will cost its victims around $265 billion annually by 2031, according to Cybersecurity Ventures, with a new attack perpetrated every two seconds on average. Governments including the U.S. are becoming increasingly involved in preventing and pursuing ransomware actors, so this topic has visibility globally at the highest levels.
Anti-ransomware solutions have been available across the data center IT stack for several years now, spanning from the network-layer to applications and servers, and down to the ultimate resting place for data – the storage layer. Ransomware attacks should now be considered inevitable – not an “if,” but a “when.” Since ransomware attacks are typically long-lived, over the course of weeks or months, enterprises should be prepared for early detection, protection and recovery from these attacks.
This is an area of concern in IT that indeed requires solutions that span across the entire stack, since there are a variety of threat “vectors” that must be considered here. As ransomware and malware attack sophistication increase, the innovations needed provide new solutions must also rise accordingly. In today’s post, I’ll focus on innovations in data storage that help across the full spectrum of prevention, detection and ultimately – recovery from an attacker taking data hostage.
3 ways object storage protects your data
- App-centric vs. user-centric limits hackers: Access to data is through APIs, typically http/https based RESTful protocols, the most popular being the Amazon S3 API. These interfaces are typically more application-centric than user-centric – thereby limiting (to some extent) access to more technical malware actors.
- Built-in data recovery: Data can be written, overwritten entirely or deleted – but not modified in a granular manner, such as with a file in a file system on Windows, Mac or Linux hosts. Moreover, implementations of the S3 API in the cloud and in on-premises storage solutions often provide object-versioning. That limits the ability of the ransomware attack to truly destroy the original data, rather than to create a new version of it. This provides a built-in form of data recovery, although by itself it’s not impervious to attacks.
- Sophisticated permissions and authentication keep bad actors out: Solid implementations of object storage provide user authentication through key-based protocols, to ensure that only authorized users can access data. They also provide granular access control so that administrators can deny/allow access to certain data, for specific users (or groups of users), and can even disallow writes (to overwrite data), or deletes entirely. This can provide a higher degree of protection to some attack threats (although they are defeatable by internal bad actors).
Locking data to avoid modification or deletion
To truly help ward-off ransomware attacks that modify data through encryption techniques, new capabilities are being introduced to provide true “data immutability” into object storage. In simpler terms, this means that data – once stored – can be made impervious to any modification or deletion. The AWS S3 protocol now specifies an Object Lock API, that allows administrators to configure locks on object data for specific retention periods. Once set, these object locks prevent anyone – including internal users and admins – from modifying or deleting data until the retention period expires. This may be a period of months or years, as desired by the business.
Find object storage solutions that are validated to protect the most sensitive data
Both of Scality’s storage solutions ARTESCA and RING now offer enhanced ransomware protection with support for Amazon S3 Object Lock API, which renders data immutable by preventing it from being deleted or overwritten for a period of time. This capability also enabled Scality to pass the prestigious Cohasset Associates SEC 17a-4 compliance validation for retention of sensitive financial data in banks, brokerage firms and insurance companies. (Learn more about that validation here.)
Ransomware protection features are now critical pre-requisites when it comes to choosing backup platforms. To ensure our customers get the support they need to protect their valuable data, our Scality ARTESCA solution is now certified as Veeam Ready Object with Immutability – which means we now offer comprehensive ransomware protection across our product portfolio.
ARTESCA, which we launched in April, is our lightweight, cloud-native object storage software that’s built for the new world of Kubernetes. It’s designed for a new generation of applications that includes machine learning, artificial intelligence and big data analytics. ARTESCA also provides replication capabilities which can be used in conjunction with versioning and object locking, to provide incredibly resilient deployment options for companies looking to protect data against a wide variety of threats, including ransomware. We’ll continue to innovate in areas of ransomware detection and recovery to provide these comprehensive solutions.
While object storage (and storage in general) is part of an overall secure infrastructure stack, the object storage layer should also provide capabilities to help protect and recover from attacks. With Scality’s portfolio and our work with Veeam, our customers and partners can feel confident they’re getting best-of-breed ransomware protection features in their backup solutions.