Unpredictable Events in Cyber – Anything Can Happen!
Unpredictable Events in Cyber – Nassim Nicholas Taleb calls them “The Black Swans”. With this image, the statistician evokes unpredictable events which we do not expect.
Recent times have seen plenty of these swans. Endemic ransomware attacks that spare no one, a data center fire, a gaping hole in a messaging system widely used by businesses…
Most often, all these events result in the loss or disclosure of damaging data. To avoid these negative consequences, there are some best practices to protect data that can be applied daily…. but in theory only!
Here is the theory: read the contracts carefully if you outsource data, whether in the Cloud or elsewhere, to better understand the commitments of each party, apply the 3/2/1 backup rule and implement a recovery plan or DRP (Disaster Recovery Plan).
A report commissioned for Oracle by Dan Hubbard, CTO of Lacework, a security solution for cloud environment providers, shows that only 10% of security managers in the US companies understand the legal notion of shared responsibility.
Put simply, the service provider retains responsibility for the security of an identified portion of the infrastructure and leaves the rest, including data protection, to the customer. It is therefore necessary to implement processes to ensure that this protection is effective and properly managed.
Recently, an example hit the headlines with an improperly configured database on a public cloud provider’s infrastructure. The responsibility was for the company that had performed this operation.
Some figures provide an even better understanding of the consequences of not implementing these crucial measures: 25% of companies have critical or sensitive data from cloud platforms to personal or insecure workstations. And 52% of cloud service users have had data stolen (see the report mentioned above).
The same is true with respect to certain compliance rules such as GDPR or data privacy. For many industries, localization of data is key. It is important to consider where the data is stored and where it is processed. It is also wise to figure out which court has jurisdiction in case of a disagreement on these points.
Best practices to cope
Implementing best practice processes such as the 3/2/1 rule can prevent major setbacks. This basic backup rule means that you should: keep at least three (3) copies of your data, store two (2) backup copies on different storage media, keep one (1) copy of the backup offsite.
Create 3 copies of your data (1 master copy and 2 backups). Store your copies on at least 2 types of storage media (local disk, network share/NAS, tape drive, etc.). Store 1 of these copies offsite (in the cloud). For this last copy, it is also strongly recommended to have it stored on a fully air-gapped medium that is not connected to the network making it inaccessible to hackers.
Implementing such a practice also requires establishing data backup frequencies; have fully-fledged procedures for administering and executing backups to avoid protocol errors; deciding on access restrictions to backups, which are crucial for controlling possible leaks; and reinforcing the entire backup policy. To do this, it is ideal to plan restoration tests and destroy the media that contained the backups. This policy can be strengthened by encrypting data in transit and at rest.
Plan for recovery
If it is important to protect data, it is even more important to be able to recover it and keep the business running. It is vital to plan how the recovery will be organized after an incident. This plan, known as the Disaster Recovery Plan or DRP, implements the procedures and the equipment, technological and human resources required by the company to deal with a disaster. To implement it, first make an inventory of the existing hardware and applications.
Then, it is a matter of defining a priority to restore applications and define the recovery infrastructure (remote data center, Cloud, external service provider). This plan must accompany the changes made by the company to its hardware and application choices. It is also essential to regularly evaluate the DRP to examine the technical, logistical, or human difficulties that could occur in case of an IT switchover. It is necessary to test the plan as in a real situation and not be satisfied with documentation that will only be read once the incident has occurred.
These traditional notions will do nothing to prevent incidents that are most often inherent to IT production, but they are solid foundations to avoid suffering irreparable consequences if “The Black Swan” lands in your data center. Atempo’s solutions provide answers and tools that meet these best practices for all sizes of business.
Miria, Tina and Lina, solutions labeled ‘As Used by French Armed Forces’ and ‘France Cybersecurity’, provide the 3/2/1 rule of backup and end-to-end protection from the client workstation to the Cloud. The recent partnership between Atempo, IBM and OVHcloud includes advanced erasure coding integration added to the full support of “air gap” with cost-effective, high-performance tape storage technologies to avoid compromising backups.
Unpredictable Events in Cyber – Anything Can Happen!