Whether they are caused by human error, system glitches, or malicious criminal acts, data breaches are among the gravest and most expensive threats to businesses today. In the past, most organizations have developed and implemented high availability (HA) and disaster recovery (DR) solutions to protect their data, but these measures are not enough for protection against cyber-attacks in the present. According to the 2020 Cost of Data Breach Report, a recent Ponemon Institute study, the average cost worldwide of a data breach in the preceding 12 months was $4 million, an adjusted average total cost. Organizations affected by a breach also run the risk of having their normal business operations disrupted, as well as, losing valuable data, customers and reputation within their industry. According to the same report, lost business costs accounted for nearly 40% of the average total cost of a data breach, increasing from $1.42 million in the 2019 study to $1.52 million in the 2020 study. Organizations all over the world are facing significant data protection and cyber security challenges. Based on a survey of 500 CEOs in 11 key markets, the 2021 CEO Outlook Pulse Survey, CEOs of the world’s most influential companies identified their greatest risk to company growth over the next 3 years. Among the key trends, cyber security risk emerged as the number one risk, rising dramatically from fifth place in August 2020. This is further evidenced by recent events highlighting increase in cybercrime. The Colonial Pipeline, JBS and Kaseya cyber-attacks are the latest episodes, amongst others, that organizations all over the world are facing.
It is imperative that IBM is not only protecting your business from the traditional failures that we have grown accustomed to, but also be on the lookout for any sort of cyber-attack and help you build resiliency and quick recovery into your operations. Cyber resilience aims at the ability of an organization to continue to operate with the least amount of disruption despite cyber-attacks and outages. Cyber security and business continuity are current data protection strategies and cyber resilience expands the scope of data protection to cover logical data corruption events. Because this unrelenting tide of data breaches is driving increased interest in providing secure authentication across hybrid cloud environments, Spectrum Virtualize offers the powerful data security functionality of IBM Safeguarded Copy.
The new Safeguarded Copy solution that will be available with IBM Spectrum Virtualize software in an upcoming release is the latest cyber resilience feature on IBM FlashSystem family and SAN Volume Controller (SVC) storage systems. Safeguarded Copy provides the ability to create safeguarded backups that can be used for identification, repair and restoration of your production data, if needed, in case the data has been compromised by a cyber-attack, internal threat, corrupted by system failures or human error. These safeguarded backups are an extra layer of protection building on existing FlashCopy technology and are space efficient point-in-time snapshots of active production data that cannot be accessed by host. They are immutable snapshots with extra user role security restrictions designed to keep your data safe. The security restrictions are implemented via strict role based access control on configuration options and are designed to prevent a storage administrator from compromising the safeguarded backups in any way: by affecting the storage pool, the FlashCopy relationships, or the backup volumes directly.
Safeguarded Copy on IBM FlashSystem family and SVC storage systems integrates with IBM Copy Services Manager software, leveraging its automated, built-in copy and retention scheduling, testing and ease of recovery capabilities. IBM Copy Services Manager also coordinates Safeguarded Copy function across multiple systems. If you do not have an existing IBM Copy Services Manager license, we recommend purchase of the IBM® Copy Manager for IBM Spectrum® Virtualize software license, which includes the IBM Copy Services Manager software. This license option is slated for availability in the same time frame as the IBM Spectrum Virtualize software release that includes the Safeguarded Copy function. IBM® Copy Manager for IBM Spectrum® Virtualize software license will be available through iERP/AAS, Passport Advantage®, or your IBM Sales team.
Figure 1: IBM Cyber Resilience Safeguarded Copy solution - for illustrative purposes only
Key functions of Safeguarded Copy include:
- Logical Corruption Protection to prevent sensitive point in time copies of data from being modified or deleted due to errors, destruction or ransomware
- Create up to 15000 immutable Safeguarded copies of production stored in Safeguarded backup capacity known as a Child Pool that are not directly accessible to any server or application
- Data is accessible only after a Safeguarded copy is recovered to a separate recovery volume
- Recovery volumes can be used for data validation, forensic analysis, and restoration of production data
Additionally, Safeguarded Copy is integrated with IBM QRadar – the Security Information and Event Management (SIEM) system that helps security teams accurately detect and prioritize threats across the enterprise. Using analytics and AI, IBM QRadar analyzes log events and network flow data to detect suspicious events in real time and aggregates related events into prioritized alerts. IBM QRadar and IBM Spectrum Virtualize Safeguarded Copy solution combines the proactive threat monitoring and detection capabilities of IBM QRadar and the data protection and recovery functionalities of IBM Spectrum Virtualize Safeguarded Copy to bolster cyber resilience of your hybrid cloud storage environment.
Figure 2: IBM Security QRadar is integrated with Safeguarded Copy
Note: Safeguarded Copy will not be supported on FlashSystem 50xx, Storwize 50xx, V7000G2/G2+ models. Customers running on these storage systems and interested in Safeguarded Copy are advised to upgrade. Please refer to the IBM Spectrum Virtualize Family of Products Upgrade Planning for IBM Spectrum Virtualize software release and storage platform support details. Alternatively, the Safeguarded Copy function can be used via the SAN Volume Controller (SVC), if affected FlashSystem 50xx or Storwize 50xx system is virtualized behind SVC.
To learn more, check out the following valuable assets and resources: