Sanity News

Modern Data Protection 101

Monday, November 27, 2017

The goal of data protection over the past decade has not changed. That stated goal is to protect and preserve the integrity of an organization’s data assets. Data protection for an organization is predicated by compliance requirements, internal retention policies and the value of long tail content data.  Data protection should entail an aggregated process based on multiple defense mechanisms and not a singular response to an event that places corporate data under duress.  

What has changed during the past ten years is the source of these threats that the administrators must face on a daily basis. Traditional data protection schemes have included fundamental backup procedures such as disk to disk to tape architectures, virus scanning, single authentication and perimeter security. These methods have proven to lack comprehensive success against a growing and ominous series of vulnerabilities.  The ancillary benefit of a traditional backup architecture, such as utilizing LTO media, is its ability to insert an air gap as a defense mechanism to current attacks from threats like ransomware. The drawback to this older design is the slow restoration of data. This dependency on an antiquated method of data protection highlights the issues of developing mechanisms of protection that are not developed on the tenants of a Business Impact Analysis, or BIA.

The BIA should always be the point of origination when developing the structure to secure corporate data. The effort applied to a BIA will highlight critical business needs and dependencies. Without this document in place first, IT departments are left to make assumptions on business needs such as data criticality, Restore Point Objectives (RPO) and Restore Time Objectives (RTO). Partnering with the business unit leaders allows for a comprehensive game plan in handling data duress issues. The value of IT leadership is presenting new technological methods to achieving the desired business objectives that have been laid forth by the BIA.  

Coinciding with new threats, there are also new tools available for the administrator to leverage. The most prominent of the new age toolset is Software Defied Networking or SDN. The advent of SDN allows an administrator to implement a well-defined topology of access to critical applications and data based on an end user’s role. Since most ransomware attacks are initiated at the edge by an unsuspecting end user, limiting their access to critical components of the architecture is key. Often times, the number one threat to an organization’s data is still the rogue insider. The application of a well-planned SDN topology could also potentially mitigate these types of attacks from within by segmenting access to only portions of the network that is applicable to an end user’s role.

In addition, SDN can be a very valuable tool in instituting air-gap type topologies to disk targets and cloud based targets.  Retaining backup data on a disk or cloud based target offers the obvious benefit of immediate restoration techniques. Previously potentially exposed disk or cloud targets can now be essentially cordoned off through an automated process allowing access at only specific times during a backup window. During normal hours of operation, those data assets are kept off the network by shutting down their network port access, thus safeguarding the data from the impact of ransomware based attacks.


The reality of today’s connected business environment is that intrusions are nearly impossible to stop. The previous ideologies of perimeter security and single authentication achieved mixed results. The advent of micro-segmentation of the network, automation of network shut and no shut functions, dual authentication and the use of machine learning threat detection appliances like Darktrace in conjunction with perimeter security, have proven to be a more successful approach to holistic data protection within a corporate environment.

Contribution by Sanity Solutions CSA, David Stalcup.


Comments