Over the years, Backup Continuity Planning and Disaster Recovery (BCP/DR) has evolved from a focus on organizational resilience in the face of natural disasters and unintentional or accidental disruptions to programs that can guarantee uptime, availability, and minimal data loss from sometimes-targeted and often-orchestrated cyber attacks or ransomware. This evolution is a consequence of digital transformation: Big data, data-as-currency, mobile workforces, anytime/anywhere access, and the widespread adoption of cloud have all caused the massive reliance on digital data which, if lost, altered, or unavailable, could result in financial, operational, legal, or reputational repercussions.
It is therefore no surprise that providers once focused on the back end of data and systems management—storage and recovery companies, specifically—have looked upstream and started to include data protection capabilities in their offerings.
Implicit in the ability to protect data is knowledge: knowledge of what systems and data your organization has, how an attacker could access them, the sensitivity/criticality of individual systems and data sets, the controls in place to prevent unauthorized access and abuse, how well those controls are functioning, what it would mean to your organization should certain data be lost or systems remain unavailable for a given time, and more. Without this insight, it would be impossible to protect the data on the front end and recover from a cyber attack on the back end.
Continuity Software, a 15-year old company out of Israel, is using their expertise in IT infrastructure and resilience management to secure data backup and storage and thus help companies recover from cyber attacks. With the growing trend of cloud storage, Continuity Software’s team centers their efforts on what they call the “unspoken protection gap.” During a recent conversation with Yaniv Valik, VP of Product Management, and Iris Zarecki, VP of Marketing, we discussed how cyber attackers are taking advantage of the Cloud Shared Responsibility Model. While major cloud and storage providers offer excellent protection of their environments, the responsibility for protecting the data falls to customers using the environment. This means the customer maintains governance over everything from initial configuration to applying data encryption and implementing appropriate access controls. Whether it’s due to confusion over who manages what, lack of time, lack of skills, preponderance of systems to provision, or even laziness, misconfigurations in storage and backup systems and failure to validate security and access controls have led to unnecessary exploit.
“We started seeing attackers going after our customers’ storage systems to access critical data,” said Valik, “and the results could be catastrophic. Data deletion and theft, intentional outages, and ransomware are all possibilities. When it comes to storage systems holding petabytes of data, we just weren’t seeing the tools on the market that could validate that these systems were configured in a secure way, were meeting regulatory compliance, or were vulnerable to known exploits.”
Based on what they saw as a gap in the market, Continuity developed Data Security Advisor and RecoverGuard, which enable automated scanning of storage environments, on premises and in the cloud. Coverage includes arrays, switches, servers, storage virtualization, appliances, storage area networks, and more. The platforms are agentless and use a built-in knowledgebase to look for misconfigurations, known vulnerabilities, and compliance with industry standards like NIST and vendor-recommended best practices. The scan evaluates numerous categories, including authorization, authentication, admin permissions, encryption, logging, and services in use (Telnet, FTP, RSH, SSH, SMTO, SNMP, etc.), replication, backup, isolation, immutability, SLAs, copy hygiene, and restorability.
Once the scan is complete, users receive a customized topology map, which is delivered in real time via a dashboard. From the dashboard, admins can view details about each found issue and review recommended remediation steps. Automated alerts can also be configured, or admins can automatically forward data from their dashboard to their SIEM, incident management system, or other IT operations deployments, making it easy for users to see everything in one place and take appropriate actions when necessary.
The space Continuity Software plays in includes a few big-name companies and crosses several traditional categories: vulnerability management, configuration management, and IT resilience—which is really just a newer term for BCP/DR with an emphasis on the front end of data protection. The idea is that recovering from a cyber attack is more complicated than recovering from a standard disaster—because of intent. With intent comes the possibility of an attempt at foiling backup and/or recovery solutions, as we’ve seen when ransomware has gone after data backups.
Continuity has a healthy background in the BPC/DR space. If the company continues to focus on adding capabilities which make it easier for companies to respond to vulnerabilities, be it a misconfiguration or missing data encryption for highly sensitive data, they should have a bright future. Enterprises are constantly looking to create efficiencies and ensure data and system availability (vs. “stop cyber attacks”), thus, the IT/cyber resilience space is certain to grow. Look for companies like Continuity Software to push the industry forward and help IT, operations, and security teams prevent costly incidents before they become a disaster scenario.