[Preamble: I have been invited by GestaltIT as a delegate to their TechFieldDay from Oct 17-19, 2018 in the Silicon Valley USA. My expenses, travel and accommodation are covered by GestaltIT, the organizer and I was not obligated to blog or promote their technologies presented at this event. The content of this blog is of my own opinions and views]
Another new announcement graced the Tech Field Day 17 delegates this week. Dell EMC Data Protection group announced their Cyber Recovery solution. The Cyber Recovery Vault solution and services is touted as the “The Last Line of Data Protection Defense against Cyber-Attacks” for the enterprise.
Security breaches and ransomware attacks have been rampant, and they are reeking havoc to organizations everywhere. These breaches and attacks cost businesses tens of millions, or even hundreds, and are capable of bring these businesses to their knees. One of the known practices is to corrupt backup metadata or catalogs, rendering operational recovery helpless before these perpetrators attack the primary data source. And there are times where the malicious and harmful agent could be dwelling in the organization’s network or servers for long period of times, launching and infecting primary images or gold copies of corporate data at the opportune time.
The Cyber Recovery (CR) solution from Dell EM focuses on Recovery of an Isolated Copy of the Data. The solution isolates strategic and mission critical secondary data and preserves the integrity and sanctity of the secondary data copy. Think of the CR solution as the data bunker, after doomsday has descended.
The CR solution is based on the Data Domain platforms. Describing from the diagram below, data backup occurs in the corporate network to a Data Domain appliance platform as the backup repository. This is just the usual daily backup, and is for operational recovery.
The CR solution introduces another Data Domain platform, which is the box on the left of the diagram. An “air gap” is created in the middle between the boxes, and data is replicated at a periodic time from the Data Domain on the left to the Data Domain on the right. This “air gap” could be a firewall, or anything that separates the first Data Domain in the corporate network from the second Data Domain in the Cyber Recovery Vault. Heck, this could even be a secure private network with IPSec tunnel with the right access credentials but the idea is to have an secure Isolated Zone for the target Data Domain and the data. Network traffic for data replication is one-way from the corporate network to the Isolated Zone. The target Data Domain creates immutable copies of data that is validated and sanitized. We were informed that only DDOS 6.0.x or higher is supported.
It is also important to consider that only strategic and mission critical corporate data to be replicated so that when Recovery is required, it meets the required RPO and RTO. To get an insight of strategic data to be replicated to the Isolated Zone, some sort of data classification, ranking, or tagging should be considered. I was fairly surprised that the DellEMC folks mentioned about this strategy but did not offer a solution for the data classifications. Customers are left to their own devices for this one.
As part of the solution, the CR solution incorporates a workflow engine and data link orchestration end-to-end, and introduces automation to enhance the entire solution, reducing security risks. In the Isolated Zone, the CR Vault also provides a sandbox for data validation in which Index Engines is applied to analyze the data heuristically for a near pristine copy of the data. The validated and tested copy of the data is released for recovery and it is assured that the copy of the data is clean and relevant. The organization can confidently deploy the recovery data back to production after that. A flow diagram is shown below:
I am not a security guy. I have poor knowledge and experience in security, but I am aware of some of the security practices and housekeeping in large enterprises. I am indifferent about the solution at this point. I used the word “solution” rather than technology here, because I felt the Cyber Recovery Vault solution like a retrofitted solution wrapped with an nice dashboard and management UI.
In fact, the this DellEMC Cyber Recovery solution was initially offered as a DellEMC professional consulting service, previously presented at Storage Field Day 14 almost a year ago. Today, the CR Solution together with the CR Vault, already version 18.1, has a new Index Engine component and further includes:
- Workshop: During this one-day workshop, consultants share Dell EMC best practices for business resiliency with a strong focus on cyber recovery.
- Advisory: The advisory service builds on the Workshop by adding development of a high level cyber recovery strategy. The customer’s current and desired state is analyzed to create a tailored strategy for cyber recovery preparedness.
- Advisory & Roadmap: The advisory & roadmap builds on the advisory service with a deeper dive into customer’s cyber recovery strategy to recommend an optimized implementation roadmap. This includes developing a cyber recovery maturity model report, which benchmarks the customer’s current state against industry best practices. Also included is a critical materials workshop and information session to collect data on the customer’s applications to understand criticality to the business. These considerations will help drive recommendations of data and applications which should be protected by the Cyber Recovery Vault.
- Deployment: New deployment services help maximize the capabilities of Dell EMC Cyber Recovery Solutions. They can be added to the ProDeploy Enterprise Suite or purchased separately and are available in two variations to fit customer needs.
- Implementation: Dell EMC Services can also customize the implementation of the Cyber Recovery Solution to account for a variety of additional use cases. This can include hardening of additional Dell EMC technology, developing detailed operational procedures and implementing custom dashboards and reporting.