Data Resiliency OR Data Protection! Which should you choose?
Data resiliency and data protection are terms that bear a close resemblance and can be easily be confused. While both seemingly achieve the same goal – they serve customers very differently.
What is Data Resiliency?
Resiliency refers to data’s ability to “spring back” in situations where it is compromised. It ensures that lost data is recovered as quickly as possible so operations don’t stop due to the unavailability of the data. Data Resiliency can take several forms – like snapshots, replicated or mirrored data copies, etc. Features like the Recycle Bin or Recoverable Items that Microsoft offers in Microsoft 365 are also ways of achieving data resiliency.
What is Data Protection?
Data protection is a process that focuses on safeguarding data from corruption, compromise, or loss. It typically relies on a data backup whose primary focus is to ensure that the backed-up data always stay safe. The backed-up data is usually stored in an immutable form and is separated from the primary copy – so any negative impact on the primary data won’t contaminate the backed-up data. Data protection is critical to satisfying regulatory compliance like Sarbanes Oxley, HIPAA, or the GDPR.
Is Data Resiliency alone enough?
Most mechanisms that are traditionally used to achieve data resiliency have one downside to them. And that is, the secondary copies of the data they create, to a large extent remain dependent on the primary or source copy. They either get immediately affected when the primary copy goes through any change, or they are geographically so proximate to the primary copy – that they become as vulnerable to damage as the primary copy is. For example, if the primary or source copy is encrypted by a ransomware attack, there is a strong possibility that the secondary copy will also be compromised in the same manner.
In cases like Microsoft 365 retention settings, there isn’t even a secondary copy! The same primary copy is just kept invisible and maintained by the software. Therefore, with almost all data resiliency approaches, there is always a fear that looms large over enterprises and that is “What if the primary copy gets corrupted? How resilient is the data after that?”
How about data backups then?
Backups work differently. They focus predominantly on making a second copy of the data which is different and insulated from the primary copy. Additionally, backups are taken offsite to ensure geographical separation of primary and secondary copies and thus increase insulation. The insulation essentially protects the secondary copy even in case of an attack on primary copy and can help immensely in cases of data recovery from attacks such as ransomware and malicious insider deletion.
In the fast-evolving business world, enterprises have also started backing up to the cloud. This approach automatically achieves geographical separation and insulation. Additionally, backups are an important way to prove regulatory compliance. Most regulations (like Sarbanes Oxley, HIPAA, or the GDPR) require businesses to protect their data, and to achieve this, a robust data backup solution is critical.
There is a question of speed when it comes to recovering data from backups. Can a backup also restore data as quickly as data resiliency solutions? This is not always guaranteed because backups are not necessarily designed for resiliency.
Data Resiliency and Data Protection: The power of two!
While it is indispensable for enterprises to comply with regulations and defend against attacks like ransomware, it is also critical for them to be able to bounce back easily from data losses. So, while data protection is important, data resiliency can not be overlooked.!
Some questions to ask before investing in a Data Protection or Data Resiliency solution:
- Does the solution notify or alert the enterprise in case of ransomware attacks?
- In case of a ransomware attack, does it allow the enterprise to go back in time and recover the older data (data before the occurrence of an attack)?
- Can it identify lost data between the time of the attack and the present – and allow a curated recovery of just those affected files or emails?
- How safe is the backed-up data?
- Is it geographically separated and insulated from the primary copy?
- How does it safeguard data against ransomware attacks?
- Can it recover data quickly?
Parablu can offer businesses the best of both worlds
1. Unusual activity detection
Parablu provides a dashboard that proactively identifies anomalies and detects any activities that could be indicative of a ransomware attack. Comparative, automated analysis of historical data allows Parablu to identify unusual activity and alert administrators accordingly.
2. Immutable backup copies
Parablu is also designed to ensure that the backed-up data copies are kept safe with appropriate barriers against alteration, deletion, or tampering of any kind. This property of a backup to maintain an unalterable copy of data is called immutability. Users do not have direct access to the backup data and cannot alter the content of their backups – even if it is for their own data. This means that even if the primary copy is damaged, the backed-up copy remains insulated and unaffected.
3. Virtual air-gaps
Parablu also protects data from ransomware threats with a virtual air gap. A virtual air gap ensures that a series of technology barriers need to be surmounted before the backup data becomes accessible. The technology barriers could include (but may not be necessarily limited to) methods such as having a separate API and authentication mechanism to access the backups that are different than how users authenticate into their system. The idea of creating such a gap is to ensure that only Parablu is able to surmount this gap when required (like to perform a backup or a restore), but not other users or malicious programs such as ransomware.
4. Versioned-back in time restores
With Parablu’s built-in capability to version all backed-up data, users and administrators can control and track changes across multiple users and devices. It also has the ability to turn back the calendar or the clock and bring back data as it looked from a previous point in time. Parablu can not only bring back all data as it existed prior to an attack (like ransomware) but can also bring back any data that was impacted from the time of the attack until the present time – eliminating corrupted versions, and bringing back the previous good version of each file.
5. Data and Device quarantining
Managing a ransomware attack is much more involved than simply recovering data from backups. IT teams will also need to find the root cause of the infection, plug the vulnerability that caused the attack to happen etc. – a process called incident management which involves forensic investigation into the events that occurred. This will need to happen even as they’re struggling to get high-value users back in action – by recovering their data from their backups. During the incident management process, it is possible that infected systems and the original payload that caused the infection are to be isolated. Such systems and files will need to be ‘quarantined’ or prevented from being restored. Parablu can provide both device and file quarantining capabilities that could be important to help businesses navigate their way out of a ransomware attack.
Parablu can provide both device and file quarantining capabilities that could be important to help businesses navigate their way out of a ransomware attack.
6. Curated recovery
What if after a ransomware attack, backups continue to run and Parablu has backed up data that ransomware encrypted? This is where Parablu’s curated recovery comes in, using which it can identify exactly which files were removed by ransomware during the period of time when an attack started – to the current time. And then surgically bring back only that data. This can also be highly useful in the case of an insider attack or malicious deletion.
7. Quick recovery
Parablu offers a dual copy mechanism that can make a backup copy simultaneously both on-premises as well as in the cloud. With this, enterprises have the cloud copy for a geographically separated backup, but a local copy for a quick recovery to ensure data resiliency.
Parablu can also restore the cloud backup copy to a cloud destination so that users get access to their data faster. For instance, with our cloud-to-cloud restores, backups can simply be placed back into a users’ OneDrive folder for them to retrieve the data as required.
8. Zero-knowledge encryption
With zero-knowledge encryption, Parablu ensures that access to backed-up data remains only with the customer at all times. The data remains private without Parablu (as the SaaS vendor) having to read the data, or with the cloud provider having to read the data. The customer alone is the sole party with the ability to decrypt and recover their data.
9. Data shredding
Parablu also uses another measure to create a barrier designed to keep your data safe from potential attackers. The technique, called data-shredding, means that every file Parablu handles, is automatically broken up into smaller chunks before being recorded to the backup storage target. And each is encrypted separately. This method essentially creates a digital jigsaw that is practically impossible for an attacker to decipher and piece back together. Parablu’s algorithms can re-assemble the data quickly when requested – but only when requested by an authenticated and authorized user.
10. Zero trust
Parablu’s solutions are built to work on the principle of Zero-Trust, a network security model that doesn’t rely just on firewalls – but rather uses a strict identity verification process. It makes use of a centralized identity management solution coupled with safeguards such as multi-factor authentication. It espouses the principle of least privilege (i.e. give every user access to only the resources they need to get their jobs done, but nothing more), and can be highly effective in reducing an organization’s attack surface. Parablu’s solutions integrate with Active Directory, Azure Directory and Okta. They have built-in role-based access mechanisms, and well as multi-factor authentication capabilities.
What we’ve listed above are just a few of the data protection and data resiliency features in Parablu’s products. Parablu has successfully layered data-resiliency features on top of our strong, core data protection solutions which we offer as part of the BluVault family of products. BluVault can protect enterprise data in all the ways described above – and much more.