Recent ransomware attacks like WannaCry make it clear that the current data storage deployment strategy of many organizations is antiquated. While some types of companies are more likely to be targeted, for example, the services sector, no business or organization is immune. And, more often than not, it is a lack of resources to keep up with patch updates and human error that open the door to these attacks.
The chart below from Statista provides information about who is affected by ransomware attacks and details the leading causes of ransomware infection.
Putting aside resource and human elements, what factors in your storage infrastructure increase the risk of ransomware attacks? Storing data on file systems, such as direct-attach storage (DAS) or on network-attached storage (NAS), makes your storage susceptible to viruses that take advantage of a file server’s tightly coupled disks and standard file systems that are tightly integrated into operating systems (OS).
One alternative that offers significant isolation and protection beyond what a traditional file server can offer is software-defined storage (SDS) that is object-based with integrated WORM (Write Once Read Many), versioning and independent access control, like Caringo Swarm. For years, the deployment architecture of storage has been tightly coupled with the OS, such that anyone with access to the OS can get to the data with ease. The paradigm offered by Caringo Swarm is true object storage and offers multiple avenues of protection:
- Swarm is a black box software appliance that does not require an installation of an OS or a file system as a precursor. You cannot log into or access Swarm from outside, only interface through its RESTful protocol. There are no “under the cover” paths to the data.
- Swarm supports Write Once Read Many (WORM) data. So even if the virus has access to the data via the HTTP interface, it can not overwrite or perform transformations on the data.
- Swarm’s native interface is HTTP 1.1, which means that the storage is isolated loosely coupled from the OS and can not be accessed via an infected OS or file system and be compromised.
- Swarm supports versioning, which can be used to protect your non-WORM data. Even if a virus could encrypt or corrupt a file, there will always be a pristine version that can be recovered.
- Swarm does not sit on a file system. The disks are managed by the system and do not provide a file system or block interface which would open the door to data corruption should the virus have access privileges.
- Swarm supports IP address blocking so that only IP addresses of your choice can communicate with the system.
- Encryption of data is an option. Even if the virus gets to the data, the user has the ability to encrypt the data at rest so it can’t be read and misused. Further protection from theft.
If you have a Windows File Server or NetApp filer, leveraging the protection of Swarm is seamless with our FileFly Secondary Storage Solution. Data transfer from both platforms is automated and leverages versioning so you always have access to content, even if your primary server is compromised. And, features like WORM and versioning are built in, not add-ons.