Learn how to maintain access
to your most critical enterprise data and remediate your data estate after a cyberattack.
This article was originally published on the Delphix website here March 10, 2021.
Ransomware made history in 2020 after a cyber attack on a German hospital led to the death of a patient. Hackers invaded 30 servers at University Hospital Düsseldorf, crashing systems and forcing the hospital to turn away emergency patients. A woman in need of urgent care was rerouted to a neighboring hospital 20 miles away but did not survive.
The healthcare industry, specially, is highly targeted and vulnerable because personal health information (PHI) can sell for hundreds of dollars per record and the security of health systems is typically driven by compliance rather than proper security hygiene. Threat actors are keenly aware that these organizations are willing to pay, and pay quickly, for fast recovery.
"Terabytes of data are flooding the dark web and being exploited almost entirely by cybercriminals and the sort of people security experts and pundits love to wring their hands about," DDoSecrets' cofounder Emma Best told Wired.
Enterprise applications and databases hold critical business data that are rife for theft. Traditional backup solutions don’t provide enough coverage for high transaction change rates.
Enterprise teams need continuous data protection—the ability to continuously capture data from source applications and databases in near real-time and ultimately enable data recovery from any time, down to the second or the transaction boundary. With 85,000 seconds in a day, businesses can’t afford to lose a day or two of customer and revenue transactions.
And continuous data protection can be achieved with programmable data infrastructure (PDI). PDI is the encapsulation of all the automation benefits that have helped launch software agility to new heights—applied to data. Various data operations, such as profiling data for compliance or security risk and selecting the specific version or time of data, can be programmatically configured, triggered, and monitored via APIs.
Here are 3 ways programmable data can help maintain access to your most critical enterprise data and remediate your data estate after a cyberattack.
1. Incident Analysis
The first step when firms encounter cyberattacks is to analyze the incident. Programmable data gives software teams API access to data-ready environments. Teams can provision data to multiple environments from a single footprint for root cause analysis, break-fix testing, and pre- and post-release environments. API access allows operations teams and site reliability engineers to quickly recover from system failures, data corruption, and data loss.
PDI also enables immutability in data, so teams have access to and can build a continuous record of production data changes over time, retain the data efficiently, then provision environments from any point in that timeline. Data immutability is important as all change data is written to new data blocks (even data encrypted by ransomware). Therefore a good data record is completely unchanged and quickly accessible.
2. Automated testing and validation
Analytics from storage or backup engines leave enormous blind spots after cyber attacks. Manual provisioning, testing, and validation is expensive and time consuming, leaving risks undetected for weeks or months.
A programmable data infrastructure platform like Delphix sources data from all applications across the multi-cloud, including SaaS, private, and public clouds, and provides virtual databases and files for tens to hundreds of environments. At that point, teams can automatically provision data, test for data consistency and integrity, and run scripts for data validation. To properly diagnose issues, teams need data observability. The APIs enable integrations with monitoring and automation tools, such as Splunk and Jenkins, for real-time alerts and automated remediation.
3. Air Gap Data Isolation
The best defense against cyberattacks is to mitigate data breaches in the first place. With PDI, IT operations can move data across locations with replication. The flexible replication configuration allows teams to isolate data and provide a highly secure network implementation as well as advanced security for identity and controls—enabling a cyber data air gap to prevent data loss and tampering.
This approach ensures ransomware recovery time objectives (RTO) and recovery point objectives (RPO) that are 100x better than backup solutions. Alternative backup solutions do not validate the data before copying or restoring. Consequently, teams can set up the application and data to perform checks before they are replicated to the remote location.
Programmable data infrastructure provides superior data granularity and coverage, space efficiency for long retention windows, and superior recovery time and point objectives. With the ability to perform deep data analytics for early detection and integration using monitoring and automation tools like AppDynamics, organizations can rest assured that their data is safe.
Learn how to automatically discover data integrity breaches and quickly recover from ransomware and cyber attacks in this solution brief.