The positive side of ransomware for data transformation

Hear from CIOs, CTOs, and other C-level and senior executives about AI data and strategies at the Future of Work Summit on January 12, 2022. Learn more


By Pritesh Parekh, Vice President of Engineering, Chief Security and Trust Officer, Delphix

We all know the evils of ransomware, but let’s talk about its bright side for a change.

To be brief: there aren’t many positives … except one, and it’s important: the horror of ransomware is causing a long-awaited fix in the way companies manage their data. And that’s a very positive result.

While most cyberattacks are a problem for security teams, the huge commercial impact of ransomware has woken up the entire C-suite. In fact, with seven attacks every hour In the United States alone, ransomware is now considered a national security threat.

An attack can potentially paralyze a business for days, leading to lost revenue, reputational damage, and lost customers. Not only does it give victims two options: pay or stay offline indefinitely, the first option doesn’t always work. For example, on average, only 69% of data from healthcare organizations could be restored even after they gave up and paid for the decryption key.

As a result, the threat of ransomware is making a systemic preemptive response across the enterprise more urgent than ever. On the bright side, these changes will not only protect against ransomware, but will also provide the necessary foundation to prevent cyberattacks of all kinds. In addition, they will allow companies to take advantage of the opportunities opened by the new scale and intelligence of the data.

Ransomware and Responsive Data Architecture

Ransomware provides a much-needed boost to modernize an organization’s data infrastructure architecture. This will help developers proceed as quickly and agilely as they want, confident that their efforts are protected at the optimal pace for their workflow, even near real-time when appropriate.

Modernization must begin with a change in the data processing architecture to make it more responsive and more secure.

The new architecture should be more sensitive and interact with business data through an intelligent API that can automate the processes by which data is sourced, merged, transformed, secured, and delivered, all without users having to submit a request to the data team. It should work with application data generated outside of the data warehouse and programmatically combine it with data from either side of the wall, as well as sources outside the organization. It must also be fully programmable, eliminating the need to predetermine exactly what data will be combined with what data.

The “intelligence” of this smart API means that users can make requests for data that may seem simple to them but trigger complex automated processes that deliver data in seconds or minutes, not days or weeks.

One of the important functions of this API should be to perform automated backups on an optimized and context-aware schedule, including fast backups to the cloud, as well as slower backups to internal or remote physical media. Such a system will allow companies to say “No, thank you” to cybercriminals who demand a payment to undo the damage of their ransomware on a company’s data.

It is important that a company’s data is backed up according to what makes the organization fully resilient, rather than the constraints of traditional storage schedules and limitations. That includes application data, the data closest to the people working on a project. If that is interrupted, the project stops. If it leaks, it can bring with it the competitive advantage of an innovative project. And if the app data can’t be shared, the organization won’t get the full value from it.

Protection through air gaps

Ransomware attacks take advantage of what until relatively recently seemed to be an obvious and inescapable fact about backups: Backups are files written and read by the same network operating system that the organization uses for its daily work. Yes, backup files are different from other files – they are compressed, they are redundant, they are probably kept in remote mirrors, and they have many permissions, but for a cybercriminal installed on the ransomware installation, they are only one login away.

But if you create a virtual data application that extracts the backups from your organization’s normal file system and installs separate locks and controls, you have made the cybercriminal’s job much, much more difficult.

The virtual appliance must also be designed to work with an intelligent data API. Of course, you should be able to move files to your company network and store backups on local or remote physical drives, in the cloud, or anywhere else you want DevOps. But even if you are the system administrator of the company and have root access to the company network, you should not be able to access the data managed by the device without special authorization protocols.

The overall business network system will never be secure enough to thwart dedicated hackers because it must remain open enough for workers to be productive. Putting an “air gap” between that system and the backup system greatly minimizes the risk to backups. With a data appliance that virtualizes much of its data, an organization that wakes up to find that cybercriminals have encrypted its business network can restore its production data in minutes and get back to work.

You give too much credit to the criminals behind ransomware to say that they are the reason why organizations are changing the architecture of their data systems. CSOs and CIOs are leading the charge for an infrastructure that better meets the needs of people who use data to innovate, to do their jobs as safely and efficiently as possible, and to achieve a level of operational excellence simply never before. possible – all while achieving a new level of security against cyberattacks of all kinds.

Ransomware may be the spur of this data transformation, but the benefits extend far beyond that. That’s literally the only good thing about ransomware.

Pritesh Parekh is the Vice President of Engineering, Chief Trust and Safety Officer at Delphix with 20 years of experience in creating and leading product development, trust, development and quality control teams.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data technicians, can share data-related information and innovation.

If you want to read about cutting edge ideas and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read more from DataDecisionMakers

Leave a Comment