The World Economic Forum’s (WEF) 2020 Global Risks Report rated cyberattacks as one of the top risks to human welfare. 75% of those surveyed by the WEF said they expect the risk of theft of data or money from cyberattacks to increase, while 76.1% also saw an increased risk of disruption of operations.1
In 2021, cybercrime damages might reach US$6 trillion — what would be equivalent to the gross domestic product (GDP) of the world’s third largest economy.
- Seventh most likely and eighth most impactful risk.
- Second most concerning risk for doing business globally over the next 10 years.
- Large-scale cyberattacks cause large economic damage, geopolitical tensions or widespread loss of trust in the internet.
Organizations affected by a breach run the risk of having their normal business operations disrupted, as well as losing valuable data, customers and reputation within their industry. Over the last decades, most organizations have concentrated on developing and implementing high availability (HA) and disaster recovery (DR) solutions to protect their enterprise data against hardware and software failures or data center outages, but these measures may no longer be enough protection against cyberattacks. Today, companies become increasingly concerned about accidental or intentional logical corruption.
In this context, logical means that the all-hardware components are working as expected, but data becomes destroyed or corrupted on a content level. This form of corruption can range from deletion, to encryption, to selective manipulation.
Logical corruption cannot be prevented with traditional HA/DR solutions, which are not content- aware. In fact, continuous replication solutions, such as Metro Mirror or Global Mirror, which are often used for DR, would quickly propagate any content level corruption to all copies, because for the storage system, it would just be another I/O.
We need a paradigm shift from a pure availability mindset to cyber resilience (CR). Cyber resilience aims at the ability of an organization to continue to operate with the least amount of disruption despite cyberattacks and outages. Cyber resilience expands the scope of protection, covering both cybersecurity and business continuity. A significant part of cyber resilience is the ability to recover from a logical data corruption event.
Logical Corruption Protection (LCP) is a type of data protection that provides secure, point-in- time copies of production data that can later be used for identification, repair or replacement of data that has been compromised by either cyber or internal attack, or corrupted by system failures or human error. LCP facilitates a number of data analysis and system restoration processes that can prove invaluable for achieving effective and efficient data protection
The IBM DS8000 storage systems provide a wide range of data protection capabilities, mostly based on the proven IBM FlashCopy and Peer to Peer Remote Copy (PPRC) technologies. They were, however, not designed for today’s logical corruption protection demands. IBM Safeguarded Copy functionality is introduced to fill this gap.
After a cyberattack occurs, you don’t want to discover that your sensitive point-in-time copies are corrupted or missing. Safeguarded Copy provides immutable points of data recovery that are hidden and protected from being modified or deleted due to user errors, malicious destruction or ransomware attacks. These immutable copies are a secure source of data that can be used for a forensic analysis, or a surgical or catastrophic recovery. With Safeguarded Copy, storage administrators can ensure that data is kept safe, secure and recoverable in a way that is transparent and easy to manage. Safeguarded Copy is secure and efficient, and offers a number of important advantages:
- It provides up to 500 backup copies per volume to restore data in case of logical corruption or destruction of production data.
- The backup volume is a hidden, non-addressable volume that does not consume any of the regular volume addresses.
- Copies can be maintained at either production or recovery sites.
- Storage targets are protected against malicious actions with additional security provided through unique user roles.
- Safeguarded Copy capacity is allocated in the best performing storage tier available, minimizing performance impacts from writing backup data.
- For capacity optimization, safeguarded backup uses thin provisioning and may also use thin- provisioned Extent Space Efficient (ESE) recovery volumes.
- Safeguarded Copy can be integrated with different disaster-recovery and high-availability configurations.
- Different user roles and authority levels can be used to manage production source volumes, backup capacity and recovery volumes.
- For maximum security, administrators need at least two interfaces in order to create, enable and manage Safeguarded Copy
IBM Safeguarded Copy functionality substantially expands the repertoire of data protection strategies that enterprises can deploy to keep their businesses in the ballgame and their customers coming back. This is what data security means in the 21st century, and this is what IBM delivers.
1“Global Risks Report 2020.” World Economic Forum, Geneva, Switzerland, January 2020 https://www.weforum.org/reports/the-global-risks-report-2020