Modern ways to protect your data, or things I learned from floppy disks

By Marc Huntley

Think about that grandparent, uncle, or distant relative that believes things were better in the “old days.” I’m not sure I would want to go back to the days of walking to school uphill, in the snow, both ways, but I’m sure there are things that people look back on nostalgically and think, “it was better that way.”

Today, the space and power consumption of storage and compute technology take up a fraction of what their predecessors did and do so with minimal service interruption. Yet, lessons can be learned from the past that are directly relevant to today’s IT challenges.

Yesterday and today: Data Isolation and air-gap storage

For many years, most IT organizations backed up their data to physical tape. Imagine a robotic arm moving cassettes between the tape drives in the library and the slots they lived in when not actively being written. On top of that, once the tape was removed from the tape library, it was physically inaccessible to any compute process – the original “air-gap” solution!

With less robotic action, and more human hands, this sounds like a floppy disk – For those unfamiliar, these coincidentally resemble the Save Icon. This marvel of a bygone era featured a simple bit of plastic in the corner you could slide in and out of place, thereby preventing anything new from being written to it.

Today, we would use WORM (Write Once, Read Many) to describe that simple but effective function; acronyms always make things better, as the IT profession was founded on a TLA. InfoSec now has more advanced tools to discuss threat vectors, malicious actors/threat actors, and means to track/audit the extensive damage to an organization’s critical data. In order to prevent these damages, an elegant solution in simplicity is found in the “better” technologies of days gone by.

Be Ready for cyber threats

Today, an organization must be “Ready” and develop a plan to protect and recover from a potential attack. As technological advances over the past decades have been amazing for unlocking the value of a company’s data, they have also made it easier for criminal actors to exploit that data. This is especially true of backups – as a final line of defense against potential attacks, organically-grown air-gapped solutions are fewer, as are easy-to-implement physical protections.

To prevent the Bad Guys from exploiting your data and compute environment, step back and evaluate the situation differently.

  1. What needs protecting?
  2. What happened / what is happening that I do not want to happen?
  3. What is the airspeed velocity of an unladen swallow?
  4. What tools are available to me?

Backups, once set into motion, should be transparent to an environment – invisible to most consumers of technology. Restore processes, however, are inherently disruptive. When, not if, the need for a restore arises, the method needs to be as frictionless as possible. Stealing an expression I heard recently, “The cure is to have a plan.”

Data is valuable to threat actors because the data is valuable to you. In stepping back and asking “What needs protecting,” the question also becomes “what is valuable?”. To this, the answer becomes “The integrity of the data.”

Ransomware: long fuse, big boom

Ransomware comes through and destroys the data integrity and tries to do so in a fashion that is unnoticed until it is too late – in that we find the answer to the second question. Jumping to the final question on our list, we review what we have available to solve for keeping the Data at Rest intact. Long gone are the days of flipping a tab on a solid piece of plastic housing a thin layer of magnetic media, yet the concept remains the same. Modern technology has moved these process controls to a more virtual level. As the audience for the data widens, the availability of “look, but not touch” needs considered.

Commvault helps enable you to be Ready

One of many technologies provided by Commvault is tying into a scaled-up version of that floppy disk. Microsoft Azure and Amazon Web Services offer storage that is available, accessible, scalable, and is easily leveraged by Commvault to provide a level of integrity that will help you feel confident that the Data at Rest is as you left it.

Enabling a WORM copy of the data slots nicely into a 3-2-1 strategy and being able to flip that “write” bit from 1 to 0 once the data is committed creates another difficult wall for threat actors to scale. Additional compensating controls need set in place to ensure only authenticated writes are authorized to place the data onto this modern floppy disk, such as which hands may perform the initial touch and keeping a watch out for which hands attempt to manipulate said data (audit controls).

Making Ready a “Known Known”

Contact Commvault to see how a Commvault Readiness Assessment can help evaluate the integrity of your backup solution and its ability to meet your organization’s data protection requirements. Tell them I sent you – they’ll recognize my name.

Commvault provides the resources and expertise to accelerate returning to normal business operations after a data loss event or a successful ransomware attack through the proper design, implementation, management, and support of your environment. Learn more about Commvault Readiness Solutions.

There’s the old man from scene 24!

My closing thought is to answer #3: According to research done by reputable sources, an unladen 20-gram European swallow travels at approximately 20 Miles Per Hour or 9 Meters Per Second