HITS

Cloud storage has a perception problem but, fortunately, it is a problem that can be easily addressed with the right education, according to Wasabi Technologies.

Once you understand how cloud storage can be absolutely secured, it becomes clearer how you can meet compliance regulation requirements and mitigate the threats of data loss or malicious alteration, Wasabi says.

“When you are storing your data in the cloud, you need to know that your cloud service provider adheres to, meets, if not exceeds, certain governance or certain regulatory compliance standards,” Drew Schlussel, senior director, technical product marketing at Wasabi Technologies, said during the recent webinar “Critical Compliance Qualifications for Cloud Storage Security.”

Viewers who watched the webinar learned about: market forces driving the increase in compliance regulations; the data security regulations you should know and understand; and what “immutability” is and how it factors into compliance requirements.

“We’re going to talk about cloud storage security. We’re going to dispel the perception that cloud storage is not secure, and we’re going to make sure that you understand that, once you work with a secure cloud storage provider, you can meet your compliance regulations and mitigate the threats of ransomware,” Schlussel said.

“We’re going to talk about some of the market forces that are driving the increase in compliance regulations. We’re going to talk about data security regulations that you should know and understand and, specifically, we’re going to talk about immutability, also known as object lock and, as part of a feature set, how that factors into compliance requirements,” he noted.

He turned the discussion to ransomware, saying: “I’m with you. I’m tired of hearing about it. But it’s just not going to go away. Pointing to an article on that from Wired magazine, he noted that the article talked about how ransomware attacks were “on the rise again.”

But ransomware attacks are “starting to take different forms,” he warned. “In some cases, they’re becoming more aggressive. They’re asking for more ransom but it’s still fundamentally the same problem. They break in, they take over your systems, they steal sensitive data – data that is not supposed to ever be exposed publicly.”

The attackers also “encrypt data in place to prevent you from carrying on business as usual,” he said, pointing to an attack on Japan’s largest port as one example.

Noting there’s been a “massive spike in ransomware activity,” he said: “Can you imagine going to a hospital? You need to have some kind of surgery, perhaps elective, perhaps lifesaving, and they come and tell you that it’s just not going to happen today because ‘our systems are down; there’s an attack and we can’t reliably operate our systems to ensure your health.’”

He added: “This has to stop. But the attacks won’t. Techniques for mitigating the threats: Those are getting better.”

There is also “pressure coming from” cyber insurance, he noted, explaining: “What we’re seeing is that, just like the pullback for insurance companies in states with massive forest fire danger or hurricane danger, underwriters’ insurance companies are pulling back on their cyber insurance policies. It’s either becoming really expensive to get a policy or you just can’t get one at all.”

Citing Veeam data, he said 21 percent of organizations last year discovered that ransomware was “specifically excluded from their business insurance policies.”

In the same study, 85 percent of companies indicated they had been attacked by ransomware. So, we are starting “to see that the problem is definitely accelerating and, without cyber insurance, companies are now scrambling to figure out what they’re going to do if something happens,” he said.

What it largely comes “down to [is] training your people to be aware and look out for the bad actors, look out for the phishing attacks and so forth,” he said. After all, he said: “It’s not a matter of if you’ll be attacked but when.”

Those running organizations need to know how well they can “bounce back from an attack and how quickly can you restore the systems that are critical to your operations and restore the data that you need to get up and running quickly ,” he said.

He went on to suggest companies “always have three copies of your data,” with the first copy being the working copy, the primary data set, and “then you should have at least a first backup and a second backup or a copy of that first backup.”

Also, he said: “Those backups should be on at least two different types of media. Typically, the first copy is on-prem, on a high-speed disk or flash system. That way you have the best recovery time objective as well as the recovery point objective.”

Cloud storage is the second type of storage for many companies and “that comes with … certain advantages because, when you have cloud storage, you now have a secure offsite copy,” he said. “When you use cloud storage that supports object lock, that second copy of your backup data can be set to be immutable, meaning that nobody can take it away from you and do bad things to it. They cannot encrypt it out from under you. They cannot get into the system and delete it…. In most cases, that data is also sitting encrypted by at least one key, possibly two or three – and so you really have a strong fundamental framework here for protecting your data.”