I find it blasphemous that with all the rhetoric of data protection and cybersecurity technologies and solutions in the market today, the ransomware threats and damages have grown proportionately larger each year. In a recent report by Kaspersky on Anti-Ransomware Day May 12th, 9 out of 10 of organizations previously attacked by ransomware are willing to pay again if attacked again. A day before my scheduled talk in Surabaya East Java 2 weeks’ back, the chatter through the grapevine was one bank in Indonesia was attacked by ransomware on that day. These news proved how virulent and dangerous the ransomware scourge is and has become.
And the question that everyone wants an answer to is … why are ransomware threats getting bigger and more harmful and there are no solutions to it?
Today, all we hear from the data protection and storage vendors are recovery, restore that data blah, blah, blah and more blah, blah, blahs. The end point EDR (endpoint detection and response) solutions say they can stop it; the cybersecurity experts preach depth in defense; and the network security guys say use perimeter fencing. And the anti-phishing chaps say more awareness and education required. One or all have not worked effectively these few years. Ransomware’s threats and damages are getting worse. Why?
It takes a village
This blog switches back to my favourite topic – Data Management. Today we find that many data protection vendors, both from the backup and restore side and the cybersecurity side talking about data recovery and guarding the access to the data respectively.
The NIST Cybersecurity framework, one that I have mentioned a few times in previous blogs, has 5 pillars that many solution technology vendors apply to ply their trade.
We see many of these vendors designate their technology to one or maybe two of these 5 pillars. We also see that, in recent years, several technology vendors started “merging” their solutions into a “combined” one. The flavours are pretty much the 2 data protection twins of the backup & restore and the cybersecurity kind.
For instance, Acronis, under its Cyber brand, has Cyber Protection and Cyber Backup solutions. Barracuda Networks®, previously only known for their cybersecurity products, now has added SaaS backup to its solutions portfolio. Rubrik, which started as a secondary hyperconverged data protection platform, has pivoted with a strong cybersecurity messaging. Its rival a few years back, Cohesity, has also added strong data security enhancements to its DMaas (data management as a service) offering. One data protection company, Commvault®, has resisted the trend.
Here are a few interesting takes from the backup and restore vendors’ side:
- [ December 2020 ] Asigra Cloud Backup piles on extra layer of cyber defence
- [ April 2022 ] Arcserve® enhances key ransomware defense solution
- [ May 2022 ] Rubrik charts data security path
- [ June 2022 ] Commvault® CEO: We’re a data protection, not security, company
Many of the cybersecurity vendors I know have added a backup and recovery solution to its stable, and likewise the backup and restore vendors are mixing its portfolio with a heavy dose of cybersecurity. Yet the threat and the damage of ransomware keeps on coming … and growing!
Ransomware is Data Management problem, not a Data Security problem
My friend and renowned GigaOM analyst, Enrico Signoretti, is absolutely spot-on. He highlighted in his article “Ransomware: Why it’s time to think of it as a Data Management Problem” 2 months ago. He articulated that data, which is what ransomware is targeting, must be consolidated as a single domain.
For many of us who have been in the storage industry for many years, this is an untold skill of how we view data. The cybersecurity folks that I have engaged for decades, with no disrespect, often view the ransomware from a networking perspective. The storage folks, on the other hand, view it from the data infrastructure point of view. That is why data management encompasses a more holistic inclination towards the triage in dealing with the ransomware problem.
Without stealing Enrico’s thunder, ransomware should be viewed and handled as a data management problem and tackled with a data management mindset and approach.
Metadata at Data Conception
I have been a big fan of metadata since I learned about the COMET project at Hitachi Data Systems® in 2013. That project never saw the light of day but it lighted the spark in me. Metadata can be a powerful ally in fortifying data, especially at conception.
At the moment the data is conceived or received into the ecosystem of the organization, it should be given an identity with security credentials and requirements. Metadata helps achieve the identification of the data. After all, metadata is data about the data.
With the identified piece of data, tagged, the data state can change as it finds its ways through the different data networks and data repositories within its data lifecycle of the organization and beyond. I documented some of my thoughts in my blog a year ago – Rethinking File Security Fundamentals. In that blog, I mentioned about iRODS (Integrated Rule Oriented Data Systems), an open source data management software in use with many different organizations around the world.
I am not a practitioner of iRODS. I have no experience with it but from time to time, I read its articles and most importantly its architecture in the training notes. I find iRODS extremely capable to extend what I have described but in my data universe, it is still a blip waiting for its turn to shine. I am sure that in another data universe, iRODS is massive.
Mindset change. More work to do
I am not preaching a total solution against ransomware. So far, whatever we have thrown at it does not appear to be working effectively. Reports after reports; threats after threats; impacts after impacts. Each one more damaging than the one before. The business of ransomware has become industrialized. If ransomware was a business (it is now!), its year-on-year growth is incredible and it offers better returns than the volatile Bitcoin! [*sarcasm*]
We often see the threat of ransomware as the enemy at the door. We also assume that the threats are outside our walls, and we apply defenses to keep it out. But these threats are more sophisticated as ever, and they are evolving, multi platforms, and the hurried approach that many organizations take to build and achieve digital transformation has diluted the mindsets to protect the data first.
For decades I have been designing storage architectures and solutions with my own framework. The A.P.P.A.R.M.S.C framework that I frequently brought into my blogs. While it wasn’t obvious in the early years, I have come to realize that this framework is a Data First framework. It combines the data infrastructure needs and the data management requirements into one.
I am preaching this different approach. The approach of using the Data Management mindset to tackle this ever menacing scourge. I believe it will lead to better outcomes in the battle to combat ransomware.