image_pdfimage_print

What do Cisco, the Los Angeles Unified School District, and the San Francisco 49ers all have in common? They’ve all recently suffered ransomware attacks with varying levels of disruption and downtime for data and services. 

That’s bad news for many stakeholders, including business leaders and customers, who fear downtime the most, according to research from ESG that was shared by senior analyst Christophe Bertrand during a Pure//Accelerate™ Digital session.

What’s clear from the ESG research is that tolerance for downtime due to any reason has plummeted. Fifteen percent of IT professionals told ESG that they can’t tolerate any downtime at all or loss of any data; 23% said they could tolerate no more than 15 minutes, and 39% said they could tolerate no more than two hours. 

Given the enterprise-wide disruption that can occur in the wake of a ransomware attack, how can any organization respond to demands for fast and flawless data access? Panelists, along with Bertrand, shared their insights on this challenge. Their takeaway? It’s not about figuring out how to accelerate backups. It’s about using a resilency architecture with ransomware SLAs to restore data as faster as or faster than it can  be backed up.

ransomware

Zero Tolerance for Data Loss

The distaste and frustration for downtime and data loss is no surprise to Justin Brasfield, senior storage architect at Netspend, which offers prepaid debit cards. “Data is money, and time is money,” he said. “As soon as something goes bad, people ask, ‘How fast can we get back to work?’”

For the people in charge of data and storage, like Brasfield, the pressure is through the roof when ransomware, other cyberattacks, or even just maintenance take down data resources. “You can’t have any data loss,” he said. And if data and other resources are unavailable for several hours—way past what people say they can tolerate—you can be sure they’ll remember how inconvenienced they were, Brasfield adds. It’s not the way you want workers to be viewing the IT and data teams.

The more mission-critical your data and services are, the bigger your headaches are in the event of a ransomware attack or even something more benign. At Sinai Health System, Thomas Vecchio, director of information technology infrastructure, has to ensure that massive datastores can be restored quickly. At the same time, he has to keep budgets from careening out of control—in an environment where lives are at stake every day.

“The idea of restoring data rather than relying on backups makes sense when you’re managing 10 years of data and you don’t want to maintain infinite amounts of backups with finite budgets,” Vecchio said. It also makes sense for a busy metropolitan hospital to rely on data restore instead of backups for continuity planning since restore is a faster process, he added.

The Value of Immutable Data Snapshots

What matters most after a data breach or loss caused by ransomware or some other threat? First, it’s the availability and accessibility of “immutable snapshots,” created with Pure SafeMode™. This data protection feature is built into FlashBlade® and FlashArray™. SafeMode snapshots can’t be changed or stolen, and most importantly: snapshots are immutable and cannot be deleted. They’re protected with multifactor authentication and safe from hackers. This is what sets SafeMode apart from any other data protection solution. 

That’s Thing #1; Thing #2 is the ability to take these snapshots and bring them back up lickety-split. SafeMode and FlashArray can complete restores 10 to 20 times faster than the competition

As I explained during the session, modern organizations see legacy backup solutions as slow and complex, leading them to seek faster options. Stakeholders don’t particularly care whether data returns via backups or through restore—they just care about speed. 

“The way we do backups isn’t usually visible to anyone but IT,” says Brasfield. “All people care about is how fast they can have the data and when the last backup was. As long as we’re maintaining our backup schedule, we’re fine.” 

The complexity of the data landscape is another reason for favoring restore as backup, Brasfield added—like the web of point solutions and appliances generating data in silos. This complex mix of data sources is what slows down legacy backups. “We’re doing more transactions than we’ve ever done, and people are more mobile than they ever were before,” he said. “With Pure, we’ve been able to improve data restore by leaps and bounds.”

In healthcare, the stringent regulations governing data management require that organizations show their ability to restore data, Vecchio explained. “That’s why improving one’s ability to restore data is now a hot topic,” he said.

Ransomware is Making Resilience a Priority

During our session, I asked my fellow panelists: Why has it taken so long for everyone to understand that the most important part of data protection is restore—not backup? From Bertrand’s POV, ransomware may be the biggest driver. 

“It’s also about the way the landscape has changed with virtualization, WANs, which means there tends to be a much bigger impact of downtime,” Vecchio said. “That’s what percolated the restore conversation to the top. When an event like ransomware comes, the C-suite wants to know why can’t you restore from backup—even though you’re dealing with 15-server systems with 50 terabytes of data.”

As organizations realize that ransomware attacks are becoming more common—and that they may be the next victim—it’s logical that the conversation turns to the speed of recovery. 

Learn how to Build a Resiliency Architecture with Pure and how our Ransomware Recovery SLA helps you bounce back within days of a ransomware attack.