IBM is announcing Safeguarded Copy for file/object data. This new capability is available now at no additional cost for IBM Spectrum Scale software 5.1.5 and IBM Elastic Storage System (ESS) models. As cybercrime continues to be a major concern for business there is a growing need for a comprehensive secure solution for file and object data and not just for primary storage. Cyberattacks have both an immediate impact on business and a lasting impact if the business is unavailable for a long time.1 Although attacks need to be prevented, it the is how fast organizations can respond and recover that needs more attention. Extended detection and response (XDR) technologies have helped save an average of 29 days in breach response time.1 Typically file and object data its been more difficult because of the amount of data that is under protection but IBM is now able to recover PBs of data with this new capability and recover quickly with a single command.
To overcome these challenges, IBM provides a framework to address the pre-attack, peri-attack, and post-attack needs of an organization with the goal of delivering capabilities to prevent, monitor, and recover from an attack.
From a pre-attack posture, IBM can help organizations reduce their attack surface reduction with a free consultative cyber resilience assessment engagement. This one-to-one working session is between our subject matter experts and the customer’s security experts. The goal is to identify gaps in the data and security strategy with respect to the IT infrastructure components responsible for hosting the critical and operational data and workloads, regardless of their sensitivity or levels of organizational risk.
The attack the defense strategy for data stored on file and object storage systems including non-IBM Storage (when attached to IBM global data platform) can be achieved with our new product for file and object data, IBM Safeguarded Copy. Safeguarded Copy, first released in 2015 and actively used today by Fortune 50, 100 and 500 companies worldwide, takes regular application consistent and immutable space efficient copies of data. Those copies are stored in a secure isolated recovery environment on the same storage system. Because it is secure and isolated, ransomware can’t modify, delete, or access the protected data. Likewise, special access credentials, or roles, determine the degree of control you have and actions you can take on the safeguarded data copes. IBM also has other security services and functionality that help prevent security vulnerabilities such as data at rest and data in flights. With PB+ of data is becomes difficult to monitor activity on a file-by-file basis. Customers can leverage IBM add on services such as IBM Storage Insights to monitor suspicious capacity changes and Spectrum Discover to monitor and tag to the file level critical data and analyze for unusual activity or problematic data such as improver security levels.
As a Peri-Attack strategy, IBM’s security software and services supplements the organization’s attack prevention posture/strategy, specifically, IBM QRadar and IBM Guardium. QRadar actively monitors the machine-to-machine communications and interactions looking for anomalous activities that fall outside of defined and learned norms. Should one or more anomalies be determined, QRadar can automate the creation of a safeguarded copy. The same is true for IBM Guardium where that solution is monitoring the normal operations between humans and machines.
Finally, to support a Post-Attack strategy, IBM’s Safeguarded Copy becomes a first point of near-instant data restore/recovery. Because Safeguarded Copy’s secure isolated recovery environment exists on the same array as the source of the data, organizations, and institute and immediate restore to the impacted source, or to a new volume where the source is being preserved for forensic analysis. This approach reduces the amount of downtime associated with an attack.
Safeguarded Copy is the first step toward a Cyber Resilient solution. Focusing mainly on the feature set from a client’s view, we need to address the following 3 pillars: Separation of Duties, Protected Copies, and Automation.
Safeguarded Copy (SGC) is a feature or solution that allows you create point-in time copies (“Granularity”) of active production data that cannot be altered or deleted (so that is “Immutability” or protected copies). It requires a user with the right privilege access to modify the SGC expiration settings (i.e., “Separation of Duties”).
- Separation of duties –
- Traditional Backup / Restore capabilities are normally storage admin controlled and do not protect against intentional (e.g. rogue employee) or non-intentional attacks
- Ability to treat primary and backup differently. Protecting my current backups, or securing and hardening current backup, doesn't solve the problem
- Protected copies of the data –
- These backups must be immutable (e.g., hidden, non-addressable, cannot be altered or deleted, only usable after recovery)
- Our copies need to deliver a higher level of security while meeting industry and business regulations
- Automation –
- It starts off with setting and managing of policies (e.g., # of copies, retention period) through…
- Automating, managing, and restoring of those copies
IBM Safeguarded copy provides key capabilities to protect against and recover from a cyber-attack. With up to 256 immutable point-in-time metadata enhanced copies of data. IBM provides fast recovery of data and prevents modification or deletion of sensitive point-in-time copies due to user error, malicious destruction, or ransomware attack.
There are three key features that IBM provides:
Immutability is largely defined by how easy it is to change, corrupt, or destroy data. Protection against all forms of corruption becomes more and more critical, because beside hardware or software failures, corruption can be caused by inadvertent user error, malicious intent, or cyberattack. Recent incidents show that cyberattacks are rapidly growing in number and sophistication. Every few months, there are headlines in the news or on the internet about attacks on enterprise data from ransomware, malware, insider threats, or other destruction of data. With this new technology, businesses can prevent data tampering or deletion for any reason by enabling the creation of up to 256 multi-PB immutable point-in-time copies of data for a production volume. These recovery points are called Safeguarded Backups and are stored in a secure file system that cannot be modified.
Isolation is a term which means that the protected copies of data are isolated from the active production data so that they cannot be corrupted by a compromised host system. Safeguarded Backups are invisible to hackers, hidden and protected from being modified or deleted by user error, malicious destruction, or ransomware attacks. The data can only be used after a Safeguarded Backup is recovered to a separate recovery volume. Recovery files can be accessed using a recovery system and then used to restore production data. Safeguarded Backups are a trusted and secure source of data that can be used for forensic analysis or a surgical or catastrophic recovery. For increased security, a Safeguarded Copy provides dual management control and can be integrated with different disaster recovery and high availability configurations.
Access Restrictions includes separation of duties between different administration staff to create a checks and balances approach. We will look at this more when we look at the details of our capabilities.
At IBM Storage for scalable file and object solutions, we recognize that IT teams face new challenges in preventing data loss and responding rapidly and effectively in the event of a breach. We believe the new data-resilience capabilities we are announcing today can help clients achieve those objectives.
Learn more about IBM Spectrum Scale and Elastic Storage System (ESS):
 Source: IBM Institute for Business Value 2021 Cost of a Data Breach report, https://www.ibm.com/security/data-breach