04.12.2024
CompTIA A+ Certification: Your Comprehensive Guide
Posted by Marbenz Antonio on October 18, 2022
Today’s environment makes it challenging for administrators to protect data against a range of cyberattacks, and the advent of ransomware attacks against businesses is an increasing worry. If attackers can breach organizational defenses and encrypt the enterprise’s important business data, these attacks could cost businesses significant amounts of money.
Many anti-ransomware defense strategies make an effort to protect data via isolation technologies, which move copies of data backups to inaccessible areas of the network. Similar techniques, like physical air gapping, force the owner of the data to maintain backup copies on storage devices that can be disconnected from the network and stored offline. Some data security providers offer systems that only allow outgoing traffic APIs to access backup data and block all incoming traffic. These are all add-on technologies that make the enterprise’s data infrastructure more complex. There are, however, some simple methods for ransomware data protection.
With its created support for object versioning, the IBM Cloud Object Storage (COS) service provides a much more simple method of avoiding ransomware. Any business using object storage for application backends, NSF gateways, or some other use cases can utilize this approach (such as cloud object storage for short- and long-term backup storage).
Versioning as a strategy of risk mitigation only relies on appropriate security procedures, with Role-Based Access Control (RBAC) policies for separation of responsibility and expiry to control data usage creep and offline protection of administrator credentials.
The idea behind the method is simple. To stop ransomware from encrypting by now objects in the object store, first, activate versioning on storage buckets. Any application (like an NFS gateway) that uses the object store as its back-end data storage will only write new versions of objects to the object store after versioning is enabled, as opposed to replacing the old object with a newly encrypted one.
Ransomware can only add an encrypted version of the file on top of the clear copies of the file in the file history tree. During a ransomware assault, file systems targeted by the ransomware that is mounted using NSF gateways will still appear to have fallen victim to the attack. The object storage still includes unencrypted files. Administrators just need to delete the object’s encrypted version. This will allow business operations to continue normally.
It is clear from these and other examples that IBM’s versioning system has the advantage of not complicating already complex procedures. The object store is notifying the NSF gateway that new versions of objects are being produced. As usual, the gateway will keep adding items to the bucket. According to user policies, IBM Cloud Object Storage will save old versions of the items in buckets. Policies can be specified on the bucket to keep older versions of things for a specific number of days before they expire, among other factors.
Due to file updates producing new versions of the files during routine operations, these policies can assist administrators in keeping the bucket’s data usage from spiraling out of control. The policies can be established so that there is enough time to identify and stop the attack before any real data is lost.
Splitting the credentials that give authorization for important bucket activities (object administrator credentials) from the credentials that grant permission to read and write objects to the bucket is the second important factor of our ransomware protection strategy (object user credentials). The user’s credentials can be given to staff or automated business workflow processes, but the administrator’s credentials should be kept secret in an offline storage device. With the help of common roles in IBM’s cloud storage accounts, this ransomware protection strategy may be put into action.
With this method, administrators can set up a situation where, even if ransomware is successful in attacking the business, the data can be quickly recovered without having to comply with the ransomware’s requests to decrypt the data. This method also reduces the possibility that even after the ransom was paid, the opponent had no intention of providing the data access keys.
The IBM Cloud Object Storage, the REST API, or the SDK can all be used to enable versioning on IBM Cloud Object Storage buckets. See Versioning Objects in the IBM help pages for information on how to enable versioning on buckets. Versioning can aid in data deletion and other forms of data protection.
Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.
For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com
