Originally posted by: TonyPearson
IBM Master Inventor, Senior IT Architect, and Event Content Manager
(Guest Post: This is a guest post written by Tony Sater, IBM.)
Cyber resiliency is an organization’s ability to continue delivering the intended outcomes despite adverse cyber incidents. Cyber resiliency, Business Continuity and Disaster Recover share a common goal of protecting your data. Where cyber resiliency stands out is the confidence that the copy of revenue producing data, that would be used to restore a business from a cyber incident, has not been modified since it was ingested and can be reliably used to reduce the impact of a business outage due to a compromising attack.
Organizations are beginning to understand that traditional device-centric and technology-centric security measures, such as firewalls, fail to provide security in a Hybrid Multicloud cyber ecosystem. Moving forward, one must take a holistic approach across their data, applications, and the entire infrastructure to defend against and recover from a cyber-attack.
In order to more effectively deal with cyber events, the National Institution of Standards and Technology (NIST) provides a policy framework of computer security guidance for how organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. This framework is an industry accepted methodology for building a plan to develop and implement safeguards to ensure delivery of critical business services.
Storage has for a long time played the role of “data custodian” in enterprise operations. In addition to providing containers where data goes when not in main memory, the system storage layer has traditionally provided protection solutions to recover from unusual events such as natural disasters, deliberate cyber-attacks, or accidental data loss or corruption. Over time, the range and sophistication of storage-based cyber resilience solutions has grown:
- Backup. Since the 1960s, storage has allowed application users to save a version of data on separate media to protect from accidental deletion, corruption, or primary device failure.
- High availability. Starting in the 1990s, storage began providing ways to keep data and systems available after failures, such as multi-path access, multi-server access, and duplication of data copies.
- Disaster Recovery. From the late 1990’s on, storage has provided designs to create replicated copies of active data at distances sufficient to protect from power outage or regional disasters like earthquakes, floods, or fire.
- Fast recovery on-line data recovery. And within the past 10 years, storage began providing snapshot copies of data for rapid recovery from accidental deletion or data corruption. IBM Storage provides all these traditional cyber resilience capabilities, but new data security threats are constantly surfacing. For example, Logical Data Corruption (LDC) through cyber-attack from ransomware and other rapidly evolving technologies presents a new set of protection considerations. To provide the needed level of protection, IBM Storage cyber resilience solutions leverage the storage tools already in place for backup and disaster recovery, plus many new storage innovations that improve on traditional technologies and address new threats.
Let’s take a look at some of the IBM Storage for Cyber Resiliency capabilities and solutions.
IBM DS8880 Safeguarded Copy prevents sensitive point in time copies of data from being modified or deleted due to user errors, malicious destruction or ransomware attacks. Here’s how it works. Safeguarded Copy provides functionality to create up to 500 recovery points for a production volume. These recovery points are called Safeguarded Backups. The Safeguarded Backups are immutable, hidden and non-addressable by a host. The data within these backups can only be used after a Safeguarded Backup is recovered to a separate recovery volume providing a "logical air gap" functionality. Finally, these recovery volumes can be accessed using a recovery system and used to restore production data, providing a rapid and operational recovery capability.
IBM Tape Storage offers a cost effective, long term backup and archive WORM storage, with a true physical air gap and total separation from ransomware and cyber-attacks. Tape is used to optimize data protection costs and mitigates the risk of ransomware for data-centric organizations. At a cost of less than a half a cent per GB (Gigabyte), it is also an extremely cost-effective solution.
IBM Spectrum Protect and IBM Spectrum Protect Plus can store backup data in all storage pools such as disk, tape, object and more. IBM Spectrum Protect Operations Center using backup data analysis can alert admins for any suspicious activity. Our Spectrum Protect portfolio delivers pervasive, end to end encryption capabilities. Customers utilize Spectrum Protect Node replication to replicate the spectrum protect data to the isolated location such as WORM Tape media. Furthermore, these backup copies can be sent to a physically secure off-site location. IBM Spectrum CDM also supports snapshots as well, which is the traditional backup and recovery method that delivers the lowest RTO (Recovery Time Objective).
IBM delivers four key capabilities of cyber resiliency that delivers across block, file, object, tape, software-defined storage, and cloud.
- Isolation is the degree of separation of snapshot or backup data from the rest of the network. Isolation can be achieved though logical means by utilizing DS8000 Safeguarded Copies or IBM Cloud Object Storage (COS) with IBM Resiliency Orchestrator. Isolation can also be achieved through a physical air gap with IBM Physical Tape and Spectrum Protect.
- Immutability, or tamper-proof storage, prevents any attacker, external or internal, from changing or deleting data. IBM offers multiple WORM (Write Once, Read Many) storage solutions such as DS8000 Safeguarded Copies, WORM Tape, Spectrum Scale Immutable file sets, IBM COS retention vaults, and Spectrum Protect for data retention.
- Performance is an important capability of the cyber resilience framework. How fast can your organization recover from a cyber-attack? While tape excels at isolation and immutability of your backup data, it can take several hours for recovery. For those companies that need to recover in minutes instead of hours, IBM offers high performing recovery options with DS8000 Safeguarded Copy and the Spectrum Protect family.
- Ease of reuse or the ease of access to your backup data is important for testing recovery procedures, validating backups, and restoring data into a sandbox environment to find a valid recovery point in the event of a ransomware incident. DS8000 Safeguarded Copy and Spectrum Protect Plus provide instant restore capabilities to get your organization back on its feet.
The pain points that organizations face are evolving as cyber-attacks increase. There is a need for a more precise, immediate response to cyber events. This response, to be effective, needs to be planned, prepared and tested well before experiencing a live attack, where the stress and pressure of the attack overwhelms the organization as it tries to recover. Data storage systems and technologies lie at the heart of efforts to build IT environments that are resilient to logical data corruption in all its forms. IBM Storage offers a broad spectrum of market-leading cyber resilience solutions that help 21st century business survive and thrive.
For more information about IBM’s Storage for Cyber Resiliency, please read [Mainframe Storage for IBM Z].