Business continuity keeps many IT professionals up at night. And no wonder. From cyber attacks to natural disasters, there are more threats—and more sophisticated attacks—than ever to worry about. Fortunately, losing all your data and IT infrastructure can now be an inconvenience rather than an existential threat – provided you have the right technology in place.
Today, we’ll explore the key considerations when procuring solutions for the following:
The power goes down unexpectedly. A fire or flood damages your servers. Someone deletes critical data. The list goes on. These events can incapacitate some organisations. Is yours one of them? It’s time to talk RPOs and RTOs…
In 2021, 66% of organisations were hit by ransomware attacks, 65% of which resulted in data being encrypted. How much would you pay to get your data back? There are significantly cheaper ways than paying a ransom…
Let’s dive in.
Many managed service providers (MSPs) rely on backup software for disaster recovery (DR), but realistically what are your RPO times using this? Can you achieve 30 mins?
A disaster recovery-as-a-service (DRaaS) backs up your data and IT infrastructure in a third-party cloud computing environment and provides Disaster Recovery (DR) orchestration—all via SaaS—to help you quickly recover data and restore functionality when your infrastructure goes down.
DRaaS solutions take regular 'snapshots' of your data and IT infrastructure. When disaster strikes—such as floods, earthquakes, equipment failures, power outages, cyber-attacks, terrorist attacks, etc.—organisations can run selected snapshots in their service provider's environment. Users may experience some latency depending on where the provider's infrastructure is located, but it's a small price to pay.
DRaaS enables organisations to keep business-critical operations running and restore compromised in-house systems faster – reassuring customers, shareholders, investors, and regulators alike.
When selecting and implementing a DRaaS solution, there are a few questions you’ll want to consider:
Customers can choose between traditional subscription models and pay-per-use. The right one for you will depend on several factors, including :
● Recovery Point Objective (RPO)—what’s the maximum amount of data you’re prepared to lose (measured in terms of time)?
● Recovery Time Objective (RTO)—what's the maximum time you could accept before your infrastructure is restored?
● Data retention period—how long and far back do you want your data stored?
It depends on what disaster(s) you're preparing for. Normally, closer providers mean lower latency – which is preferable if you have to use them. However, you risk their infrastructure being impacted by the same event, such as an earthquake. In these cases, it's best to have a provider that's sufficiently geo separated (i.e. one that's far away enough to be unaffected by the same disaster). Sometimes the choice is made for you. Industry-specific regulations, such as DORA and PRA, determine the minimum distance between customer and provider locations.
DRaaS comes in three main flavours: managed, assisted, and self-service. The correct choice will depend on the size and experience of your team, your existing infrastructure, and the nature of your business.
If you need help answering any of these questions, that’s great – we’ve got experts waiting to answer them.
Ransomware attacks are multiplying at an alarming rate, with a new attack occurring every 11 seconds. They’re also getting more sophisticated and harder to combat. The financial repercussions can be severe – IBM estimates the average cost of an attack is $4.54M (and that’s before paying a ransom). To make matters worse, some insurers refuse to cover cyber-attacks deemed nation-state-sponsored.
Meanwhile, organisations are ever more dependent on data and IT infrastructure. This only adds to the pressure to ensure business continuity in the event of a successful ransomware attack.
of ransom-paying organisations fail to regain
access to their data1
global cost that ransomware could reach by 20312
Recovering from ransomware can be significantly more complicated than recovering from other disasters for the following reasons:
Most ransomware attacks use what’s known as ‘fileless’ techniques – these don’t require an executable file on the target machine. Instead, malicious code runs in memory (RAM) rather than from storage and can remain dormant for 12 months before the attack is initiated. For this reason, recovery techniques must go beyond typical file scanning.
In a typical attack, ransomware often sits undetected for months even up to a year before taking action. Security teams must therefore assume that primary datasets and backup copies have already been infected. Manually testing each backup before finding a suitable, uninfected copy to restore from can be incredibly laborious and may itself take weeks or even months.
The risk of reinfection from an infected backup is ever present, so organisations require a safe environment to test in. These are known as isolated recovery environments (IREs) and can quarantine workloads and prevent lateral movement of malware.
Ransomware attacks pose an existential threat. However, it's rare for organisations to possess the highly specialised skills to deal with them in-house. In the majority of cases, the most effective way to recover from a ransomware attack is with the help of a partner that can handle every piece of the puzzle.
In the next blog, we’ll explore what makes VMware’s ransomware recovery and DRaaS solutions the best on the market .
If you’d like to hear more about how you can implement ransomware and disaster recovery into your security framework, Insight are the right people to talk to. Click here to speak to one of our experts.