Cloud First Disaster Recovery Could Save the Day—Here’s Why

Disaster recovery (DR) plans are not one-size-fits-all. There’s no silver bullet, and without a clear understanding and some level of customization, a DR plan done wrong will have detrimental effects on an organization’s operations and business.

And let’s not forget the wrecking ball a bad DR plan delivers to the VAR or MSP who designed and executed it. Loss of business aside, there’s guilt, reputation damage, and potential lawsuits. It’s not a good day.

Notwithstanding those who lack the expertise to execute a DR plan—and you know they are out there—we are facing two myths that MSPs must be clear on so they can effectively bring an organization back from the brink:

Myth #1: Cloud-first protection is not viable for enterprise backup and DR.

Busted: Cloud-first data protection is not only viable for enterprise backup and DR, but in many cases it is preferred, and here’s why:

1. It reduces your attack surface. Leaving backup copies and the backup application on the same network as the data they are supposed to protect dramatically increases risk. Attackers look for backup infrastructure so they can destroy it. Having backup copies and the backup application offsite is not only smart, but it is also what cyber insurance questionnaires probe for. Cloud-first data protection offers these exact benefits.

2. If you have a good cloud / SaaS provider you will benefit from quick security patch turnarounds, which keeps your backup infrastructure more secure. Contrast that to an on-premises backup infrastructure where you have to rely on four or five vendors each patching their piece of the stack. You will inevitably fall behind and increase your exposure.

Related Product

Cove

Tenha backup primário na nuvem e recuperação de desastres para servidores, estações de trabalho e dados do Microsoft 365.

Find out more

Myth #2: Instant recovery is the key to successful DR.

Busted: Instant recovery is not the key, especially after a cyber-attack. Why? Because if you don’t know what type of attack you are under, putting instant recovery into play could cause even more damage and delays. Here’s why:

1. If you restore data into production instantly how do you know you are not restoring malware back into production? It is best practice to restore data into a sandbox environment where the data can be scanned first before restoring back into production. 
2. Is your DR plan aligned with security? A proper cyber recovery strategy is governed by an incident response strategy. Any instant restore without an explicit handshake with the incident response team directly undermines the entire point of the exercise.
3. Are you contaminating the crime scene? The network and attached endpoints where a cyber-attack occurred should be treated as a crime scene. It is often used for criminal investigation. Instant restore of data into that network cannot guarantee that the crime scene is not contaminated by that data. This is another reason why a sandbox on a separate network is a good idea.

The difference between disaster recovery and cyber recovery

With these two myths busted, let’s move on to the reality of recovery. It’s important to note the significant differences between disaster recovery and cyber recovery.

Recovering from natural disasters

Natural disasters have a much different impact on a network infrastructure and data center than a cyber-attack would. And those who’ve done their homework know different solutions specialize in recovering from various types of disasters. Some only remediate traditional disasters—floods, earthquakes, or power outages. In these instances, the damage is more localized.

The impact could be in a data center located in an affected area. An MSP can pluck the data from that distressed topology, transfer it to another location that wasn’t impacted by the disaster, and resume operations from the copies of that data.

Recovering from cyberattacks

Cyberattacks, on the other hand, have very different restore parameters. You need to do more than cull copies of data and push it to another location. You must also assume all copies in all locations were a part of the attack vector, which is why the instant recovery mindset is dangerous. 

Suppose your backup infrastructure sits on the same network as the malware or ransomware, and you attempt to restore files and data from that backup schema. In that case, you open yourself up to other maladies such as credential harvesting, extortion, and legal and compliance issues. 

In addition, highly connected data copies and arrays allow malware to move through the network. So not only is your first copy corrupted, but every other copy on the network is also corrupted. 

So, again, immediately restoring your data without confirming what TYPE of attack you or your client has suffered is bad for business. In the event of a cyberattack, you need a completely different architecture.

This premise is where a cloud-first enterprise architecture such as Cove Data Protection comes into play. It takes a “left of boom” or breach approach to be alert, ready, prepared, and able to respond before a cyber-attack happens. 

A cloud-first architecture also removes two key attack vectors: The place where the backup copies live; and all the metadata needed to restore files and applications.                                                                                       

Benefits of taking a cloud-first approach to protecting the attack surface

The three key benefits of taking a cloud-first approach to protecting the attack surface are: 

1. Safeguarding data: Moving some or all your workloads to the cloud can significantly reduce the time and risk associated with restoring that data.
2. Increased agility: Rapidly deploy unaffected copies of applications and data back into your network quickly, safely, and effectively.
3. Cost savings: Reduce the number of employees an MSP needs to manage an infrastructure, which will free the team up to focus on more strategic and value-add tasks, which drives up operational efficiencies and revenue.

For these reasons and more, taking a cloud-first approach is more effective than a network-first approach. Perimeter control, good hygiene, and patching are essential for data protection and recovery. Still, when a digital disaster strikes, whichever kind, MSPs are on the hook to recover and restore data as quickly and safely as possible.  

With a cloud-first architecture, this can be done AND you can remove or reduce the attack surface, which also reduces the recovery time, keeps data in a safe place, and minimizes the investment and complexity of data protection.

Find out more about how Cove Data Protection’s cloud-first approach can help you help you protect your network and your customer’s networks.With robust disaster recovery capabilities, you can feel assured that you’re ready for all types of disasters.

Stefan Voss is VP, Product Management at N‑able