All posts by amyhawthorne

Mind the backup gap: Protecting born in the cloud data in Office 365

Applications such as Exchange, Sharepoint and OneDrive are the oil that keeps the wheels of commerce turning. Adoption of Office 365 is growing at such a rate that even Microsoft has been taken by surprise. The company estimates that during FY2019 it will reach the point where two-thirds of its office business customers will have migrated to the software-as-a-service platform which, it says, is about a year ahead of expectations.

Businesses are understandably looking for the agility and scalability of cloud-based applications, but in the rush to migrate for convenience and efficiency, the balance of responsibility for security and backup is also shifting and as such requires close examination. Organisations need to be aware that, while they can now rely on Microsoft to protect and guarantee availability for these mission-critical applications and underlying infrastructure instead of having to carry out that activity themselves, responsibility for protecting the sensitive company data that resides in those systems remains firmly in-house. This means businesses need to ensure that their data is fully backed up against common threats to security and productivity and that any backup gaps resulting from the hand-off between themselves and the platform provider, are closed.

Given the rapid penetration of Office 365, we’re seeing more businesses looking closely into their backup situation as they strive to balance productivity, data protection, security and compliance. It’s therefore worth examining some of the key reasons that additional backup for Office 365 is essential.

Office 365 offers backup – to a point

Unsurprisingly, Microsoft knows its users pretty well, and Office 365 does have a number of backup safety nets built in to spare users’ blushes. Accidentally deleted mailboxes in Exchange can be recovered, and files in OneDrive that have been deleted, encrypted by ransomware or inadvertently overwritten can be restored to a point in time prior to the incident. However, in both these cases, data recovery has a time limit, and 30 days is the magic number. If the user doesn’t notice the error for a month, then those emails and files are gone for good.

Fixing the issue for users who’ve owned up to genuine mistakes in time is one thing, but how about users who don’t have the business’ best interests at heart? According to the Verizon Data Breach Investigations report, the second most common cause of cyber security breaches is privileged misuse or insider threat. A disgruntled employee who decides to delete mission-critical files and data won’t be publicising the fact and if 30 days pass before the crime is discovered, there’ll be no way of restoring those files unless that data is protected elsewhere.

A further issue lies around standard events, such as an employee leaving the company. Office 365 will keep their emails for 30 days, but after that, all the valuable historical intelligence left behind by that employee will be lost.

Potentially, the most compelling argument for creating independent backups is compliance. Companies that are subject to regulations requiring them to retain deleted data for extended time periods will not be able to comply if that data resides only in Office 365.

Ultimately, the data managed, shared and stored via Office 365 is mission-critical, so it is common sense to back that data up to the same level that you back up all your systems, rather than risk a gap that could result in damaging data loss.

Protecting born-in-the-cloud data – modifying the 3-2-1 rule  

Once organisations have identified the need to backup Office 365 data, they face the decision of how best to tackle this.

I mentioned at the beginning that the balance of responsibility for security and backup is shifting, and that’s also true of the best-practice approach to backups. Previously, the accepted rule was that organisations should retain three copies of their data in two different media, one of which is typically kept on-premise, with one copy stored off-site. The cloud has changed all that. With data that’s born in the cloud it no longer makes sense to keep a backup copy on-premise for two key reasons. Firstly, bandwidth is at a premium and streaming backup data to your own data centre causes unnecessary congestion. Secondly, restore times could prove unacceptably long. Instead, it’s logical to create backup copies in two different cloud locations, with each copy stored in a different geographic region as proof against regional disasters.

An Office 365 backup solution needs to overcome the shortcomings of the native backup features. Unlimited storage and retention, point in time recoverability for all data, including email, and full visibility for ease of management, as well as audit and compliance purposes, are all critical features. Plus, it goes without saying that, should the worst happen, you must be able to find and restore the data you need quickly and easily.

Since businesses first started looking for Office 365 backups, there has been an issue around finding a single solution that comprehensively covers Exchange, SharePoint Online and OneDrive for Business. It’s therefore important, though seemingly obvious, to check that the solutions you’re evaluating cover all the applications to the same degree.

At iland we’re seeing growing numbers of organisations who are looking to close the gaps in Office 365 backup with a single solution. This single solution gives peace of mind that the data keeping their business in action is backed up to the same high standards they apply to other systems and data.

The balance of responsibility for security and backup may have changed, but the importance of protecting mission-critical data is as high, if not higher, than ever before.

https://www.cybersecuritycloudexpo.com/wp-content/uploads/2018/09/cyber-security-world-series.pngInterested in hearing industry leaders discuss subjects like this and sharing their Cyber Security & Cloud use-cases? Attend the Cyber Security & Cloud Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

Protecting your company’s crown jewels: Building cloud-based backup and DR into ransomware defence

It’s a sad fact of life that whenever someone owns anything of value, there’s someone else out there who wants to get their hands on it illegally. Today’s corporate crown jewels are the critical data on which organisations depend and the highwaymen are cybercriminals, who have built a lucrative industry from ransomware attacks that disrupt businesses, steal data and aim to extract payment from their victims.

Tackling this scourge is a critical challenge for IT managers on several levels, but when it comes to the crunch, putting solid cloud backup and disaster recovery (DR) plans in place can help businesses keep hold of the aces and hang on to their crown jewels.

Ransomware is on the rise again and it’s getting smarter

Recent figures show that, after a slight lull towards the end of 2017, ransomware attacks have once again accelerated in the first half of 2018, reaching a reported 181.5 million incidents. This rise has been driven by the emergence of ransomware-as-a-service, which now means that almost zero technical expertise is needed to perpetrate an attack – just a target and a willing ransomware provider. 

As well as increasing in volume, attacks are also evolving to become more sophisticated, seeking out and encrypting remote network drives and servers and hunting down and removing shadow copies and backup files. The rationale behind this evolution is simple: to lock down the victim’s recovery options and increase the chances of a ransom being paid.

This alteration in tactics, combined with the risks of business disruption, financial loss and reputational damage associated with cyberattacks, means that IT managers are under greater pressure than ever as they strive to defend against ransomware. And there’s no silver bullet. The various attack vectors and strategies employed by adversaries means that a multi-layered approach is needed, requiring IT managers to wear a number of hats, from psychologist to detective to – in the final event – emergency services.

The psychologist

A large proportion of ransomware is launched via the actions of an innocent user who trustingly clicks on apparently genuine emails, links and websites. User training that helps employees understand the psychology of ransomware and the tricks attackers might use to target them is the first line of defence for businesses. Awareness of ransomware among the public has increased, partly due to the high profile Wannacry infection, but at the same time social engineering and phishing techniques have grown more sophisticated, so it’s important to keep users up to date and alert to the ways they could become vulnerable.

The detective

In an ideal world, users wouldn’t be exposed to ransomware attempts in the first place, and that’s where prevention and protection comes in. By ramping up endpoint detection capabilities, ensuring newly identified vulnerabilities are quickly patched and operating robust anti-virus and anti-malware software, businesses can detect and mitigate attacks before they can do any harm.

The emergency services

Despite these defensive tactics, the sheer volume and growing sophistication of attacks means businesses need to assume it’ll be a case of when, not if, an attack makes it through. A solid emergency response plan is essential. Three key tools, used in conjunction, can bolster the company’s arsenal, ready to swing into action in the event of a successful attack, to protect access to the organisation’s most valuable data and restore operations with minimal disruption:

  • Snapshots: A SAN/NAS-based snapshot is effectively a point in time image of your data. Snapshots can be programmed into the routines of practically any application or storage device and are completed isolated from the data itself, so there’s no way malicious code – whatever its level of sophistication – can detect or remove them. 
  • Backups: There are a raft of important reasons why businesses should use back-up in ordinary operations, but it is also a great place to have up your sleeve when you want to avoid paying the ransom and instead recover your data from your own sources. Follow the 3-2-1 rule: three copies of your data, on two different media types, with one copy off-site in the cloud. This off-site copy is your insurance policy. It’s “air-gapped” from the business so there is no way that it can be compromised by malicious code that seeks to delete or encrypt locally hosted or networked back-up files.
  • Disaster recovery: While it’s not a flood or a fire, a successful ransomware attack could be just as devastating for your business. In fact, given the volume of attacks in progress right now (figures suggest that a company is hit by ransomware every 40 seconds), you’re actually far more likely to find yourself with a ransomware disaster on your hands. With disaster recovery set up in the cloud, you can have your systems back up and running in that environment right back to the moment that the attack locked the system. This isolates your data from the event and minimises both recovery time and data loss – mitigating both the hard and soft costs of system outages and data breach.

Internal and external security threats to companies are occurring with increased regularity, with malware and viruses a constant challenge. This is why companies need a recovery solution that mitigates the risk of critical data being lost or destroyed, in the event of a breach, that can easily restore mailboxes to an instance before the attack. Backing up your data would be quite a long process if it had to be done manually. Fortunately, over the years, CSP providers like iland have adapted their solutions so they can be included directly in widely-used software suites such as Microsoft Office 365. This means that by automatically backing up your data once a day, the solution eliminates the risk of losing access to and control over Office 365 suite data including mail, SharePoint and OneDrive – so that users’ data is always hyper-available and protected, therefore avoiding any major disruption to your business.

The layered defence approach should also be applied to backup and recovery. The structure of that strategy revolves around classifying the value of your different data or application tiers and establishing your appetite for disruption for each tier. If you only back up your data overnight, say at 7.00pm, and the ransomware attack takes place at 6.45pm, your business loses a whole day of data. Is that acceptable? If not, you need to modify your schedules to match your risk appetite for the different classifications of data.

Testing is critical. If you don’t test your emergency plan regularly, how do you know it will work when it matters? It should be possible to fully test without interrupting the normal flow of business. It’s also worth remembering that ransomware attacks (and indeed other kinds of disaster) don’t happen quarterly, or during office hours, so your testing schedule needs to reflect the real world rather than an artificial timeframe to offer you the best information about the security performance of your system. Finally, take advantage of your cloud provider’s expertise and get them to advise you on the right kind of set-up for your needs – that’s what they’re there for.

Ransomware looks likely to remain the bane of the IT department for the foreseeable future and with attacks growing more sophisticated, it’s time to put cloud-based backup and disaster recovery in place to safeguard your data crown jewels and keep your business up and running.