A last line of defense against ransomware
Object First unveils Ootbi: a ransomware-proof and immutable solution designed to deliver simple and powerful backup storage
Sponsored Feature The impact of cyberattacks around the world continues to escalate at an alarming rate, even after reaching "an all-time high" last year, new research warns.
The latest IBM Cost of a Data Breach Report 2022 estimates that the average cost of a data breach hit $4.35 million in 2022, with some 83 percent of organizations found to have had more than one breach during the year. Business downtime can have devastating impacts on reputation and financial performance, and sixty percent of the surveyed organizations stated that they had been forced to hike the price of their services or products because of a data breach.
Ransomware cyber-crime remains "by far" the most common tactic employed by cyber criminals, with this type of attack launched approximately every 11 seconds according to calculations from Cybersecurity Ventures. These attacks can involve encrypting an organization's backup data then demanding a fee for its decryption. Payment of these ransoms, David Bennett, Object First's CEO, told El Reg, has been widespread among those desperate to get compromised businesses back up and running when they are unable, or don't have sufficient time, to hunt down and restore previous versions of their data held on premises or in the cloud.
And the impact of the global ransomware problem is huge. IBM's study estimates that, for critical infrastructure organizations (which the report defines as financial services, industrial, technology, energy, transportation, communication, healthcare, education and public sector industries), the cost of an attack is an eye-watering $4.82 million, considerably above the average. Some 28 percent of these were found to have been targeted with a destructive or ransomware attack, while 17 percent experienced a breach because of a business partner being compromised.
Bennett doesn't mince his words when describing the potentially devastating impact of such ransomware attacks: "What can go wrong for your company if you are hit by a ransomware attack? The answer is everything. It doesn't matter whether you're a small company or a big company."
"You need to consider all aspects of your business operations," he continues. "How do you collect money from your customers, for example? How do you pay your employees? What happens if your ability to pay your employees or pay your suppliers is impacted? If you can't collect cash, or you can't pay cash, your business is out of business.And of course, there are all the other essential functions outside of just the financial operating ability of the company to consider."
Ransomware scaling up and out
The scale of the danger is evidenced by the wide variety of global companies and organizations that have fallen victim to ransomware attacks over recent years. The WannaCry strain is reported to have affected telco Telefónica and other large Spanish companies for example, as well as the British National Health Service (NHS), FedEx, Deutsche Bahn, Honda and Renault, as well as the Russian Interior Ministry and the Russian telecom company MegaFon.
However, Object First's Bennett notes that reported attacks represent just the tip of the ransomware iceberg given that so many organizations are typically very reluctant to admit being hit: "Unless they have a legal requirement, organizations are concerned about disclosing their vulnerability to cyber attacks," he says. "The risk of reputational damage that can come from a data loss incident is enormous."
Even the most robust traditional IT security measures – such as intrusion prevention, network protection, VPNs, DNS, and endpoint protection – cannot guarantee that mission crucial systems will remain beyond the reach of determined cyber criminals.
"It doesn't matter what security systems you have put in place," explains Bennett. "In the end, cyber attacks like ransomware are inevitable. The only way to deal with the situation is to be fully and properly prepared and know how to recover. The absolute minimum that any organization needs to have is an effective disaster recovery strategy."
Three to one rule aids protection
Adhering to best practice may also mean abiding by the "three-to-one rule" which stipulates there are always three copies of data: one in production, one stored on different types of media, and one type which is immutable. This is exactly where, according to Bennett, Object First's solutions can help by protecting object storage assets and making it impossible for ransomware-touting cybercriminals to encrypt an organization's backup data.
Object First's Ootbi platform has an unusual name, but is an abbreviation of "Out of the Box Immutability", Bennett explains. It's designed to be a ransomware-proof and immutable out-of-the-box solution which can deliver secure, simple and powerful backup storage for mid-enterprise organizations.
"We actually provide an immutable copy of our customers' backups," says Bennett. "This is important because historically, immutable copies were media like tape, or optical devices. And a lot of people offloaded their data to public cloud. You can have an immutable copy in the public cloud, be that AWS or Azure. But what happens if you must recover data that supports business critical systems from the cloud? It doesn't happen very fast, and can you afford all that down time? If you have to rebuild all your systems it can take weeks or even months, and you must pay hefty egress fees."
What Ootbi enables is a local immutable copy on-prem with a data separation from the storage control layer, which is the backup and recovery software, on Object First hardware. By separating the two and hosting them on-prem, customers can quickly recover, without high cloud egress fees.
Avoid paying the ransom
Bennett points out that, at a corporate level, Object First enjoys a long and close relationship with Veeam, a leading provider of modern data resiliency software and systems designed to deliver secure backup and fast, reliable recovery solutions. Ootbi is specifically designed for Veeam and Veeam only, which creates the experience of a near integrated storage appliance that combines all the necessary software, hardware and data management in one package. So, if a company already knows Veeam, they can implement an immutable storage solution without any previous experience.
Ootbi's three-year subscription model with 24/7 support included means no surprises with fees in the long term. By delivering cheaper-than-cloud costs in a far more secure on-prem package, Object First argues that its customers can avoid paying the ransom and save money while doing it. Capacity and performance of the Ootbi locked-down Linux-based appliances scale linearly, supporting backup speeds up to 4.0 Gigabytes per second with up to half a petabyte of storage space.
This range of features made Object First's Ootbi the perfect solution for Mirazon, a North America-based IT consulting specialist that helps customers with everything from basic helpdesk to complete infrastructure redesigns through managed services, consulting, and product sales.
"Mirazon required a solution that would not allow backup copies to be deleted or encrypted should they, or their customers, fall victim to a ransomware attack," stated Brent Earls, chief technology officer, Mirazon.
The company also recognized the need to be able to properly secure not only its primary data, but also its backup data. As a result, it sought an effective ransomware-proof solution that would be simple to deploy and manage. Earls explains that cloud-based backups, while flexible, can be limited by bandwidth constraints: "Scale-out backup repositories are the only way of getting back-ups into the cloud, storage has either had to be re-architected to follow for smaller repositories to sync only critical data to the cloud, or the entire backup repository had to go all at once, which again, causes bandwidth issues," he said.
"Implementing an on-premises device would solve the limited bandwidth issue while also eliminating the unpredictable and variable costs of the cloud."
Choosing a solution that was both incredibly robust, but also simple to use and deploy was very important for Mirazon: "There was no existing product on the market that would solve the immutable issue that was also simple to deploy and operate which also fell within budget — until now. Object First has given us confidence that the solution will deliver everything it said it would."
This focus on ease of deployment and use was also an overarching priority for Object First's solutions, according to Bennett: "I've been in the data storage industry for 20 years and the industry hasn't really moved forward with the times. Historically, products are hard to use, hard to manage, hard to set up and you will need a storage management team to deal with managing backups. How many companies have a separate data storage team these days?"
"From opening the box to racking and stacking and getting it set up takes only 15 minutes. But in practice, most users have been able to do it in well under 15 minutes," Bennett explains. "The hardest part is lifting the unit out of the box because it's 180 pounds. But actually, implementing and getting up and running is super simple."
Sponsored by Object First.