Enterprise Disaster Recovery and Ransomware Protection in the Cloud

AllCloud Blog:
Cloud Insights and Innovation

Ransomware is a type of malware (malicious software) that blocks access to an infected system’s data or threatens publication of that data—that is, unless a ransom is paid. 

In ransomware efforts, data is typically blocked via encryption and ransoms are paid through Bitcoin. Because Bitcoin lacks central oversight and its transactions can be difficult to trace, this cryptocurrency makes an ideal means for ransomwares to be paid. 

Ransomware is a particularly pernicious threat that must be taken seriously—it is spreading indiscriminately around the world, and has infected systems across all industries, including medical and research systems. Ransomware infections have resulted in healthcare providers being locked out of data required during life and death situations, and have impeded systems being used in vaccine development.

How AWS is Raising the Bar on Data Protection and Security

AWS recently released an excellent series of webinars, whiteboard videos, and even an eBook that discuss disaster recovery and ransomware protection in the cloud. Each asset covers a lot of ground on the topic and runs anywhere from just a few minutes to 50 minutes in length.

AWS uses a holistic approach to combating ransomware and its methods span information security best practices. The benefits of this approach go far beyond ransomware protection alone, including a heightened security posture, more efficient operations, protection from regional disasters, and application resilience. 

Here’s what you can do to reap these same benefits:

  • Isolate workloads into separate VPCs—or better yet, separate AWS accounts
    This provides a reduced “blast radius,” which means that if there is a security breach affecting one of your workloads, other workloads will be unaffected because they reside within separate security boundaries.
  • Stay adherent to the principle of least privilege
    Here we’re referring to the practice of limiting the access rights of any given user, program, or service to the absolute minimum. This way, the effects of compromised security principals are limited because they lack the full system-level privileges highly valued by attackers.
  • Keep all software fully patched
    Doing so makes it more difficult for attackers to launch successful attacks against your systems and also reduces the success of malware attacks (as they often use system vulnerabilities as their initial infection vector).
  • Develop a modern application architecture, such as de-coupled microservices
    This design pattern isolates services from one another, which means that, in the event of a compromise, your system will inherently be protected from any individual service.Use Infrastructure as Code (IaC)
    Doing so will help you deploy cloud infrastructure in an automated, repeatable, and standardized manner. 

Implementing a Disaster Recovery Solution at the Enterprise Level

Having a disaster recovery (DR) solution in place is critical in the fight against ransomware. A strategic DR solution provides organizations the ability to recover from regional disasters, yet  many overlook DR due to cost or a lack of internal technical resources. 

The unprecedented rise of advanced persistent threats (APTs)—savvy threat actors including nation states and state-sponsored groups—have  resulted in even the most secure systems being at risk. This is why, now more than ever, having a tested and proven DR solution in place should be considered mandatory.

Fortunately, CloudEndure Disaster Recovery enables cost-effective DR in the cloud, without the operational complexity of traditional DR solutions. With CloudEndure, organizations are  no longer required to duplicate their infrastructure in a secondary location—they only pay for the storage space used and resources can be provisioned dynamically in secondary regions, as needed. 

With CloudEndure, DR testing and failover operations can be automated without affecting primary systems, which drastically reduces the cost, operational impact, and staffing requirements typically required in DR efforts.

If you need assistance protecting your workloads from ransomware or have more general requirements around strengthening your security posture, modernizing your applications, or implementing DR, contact AllCloud—our experts are here to help. If you are looking to evaluate the efficiency and value of your existing infrastructure, our AWS Disaster Recovery Quick-Start Program can help.

Justin Mungal

AWS Solution Architect

Read more posts by Justin Mungal