How Mars 400 Ceph Storage Protects Enterprise Data Against Ransomware
Recently we heard many hackers hijacked enterprise storage by encrypting their data and asking ransom payment to decrypt them.
By 2021, ransomware will attack a business every 11 seconds, and the global damage caused by ransomware will reach $20 billion. (ref. Cybersecurity Ventures research)
Besides enhancing network security, enterprises shall have a solution to restore their data from the backup storage if you are hijacked by ransomware.
Mars 400 Ceph Appliance for Enterprise Storage Data Protection
Data stored in the Ceph storage is protected by replication or erasure code to prevent data lost against hardware failure. IT users can use the Ceph distribution algorithm CRUSH rule to tell Ceph to store your data and its replications in different storage nodes or nodes installed in different racks. This smart algorithm controls the data failure domain and avoids residing more than one replicated data in the same failure domain. The CRUSH rule provides a data protection mechanism that can protect data against host failure and rack failure.
The ceph storage cluster can't avoid your data from being attacked by hackers. However, you can use some Mars 400 ceph appliance advanced features to recover your data when data has been encrypted by ransomware.
Mars 400 Ceph Features to Protect Enterprise Storage Data from Ransomware
Object Storage supports WORM on S3
Starting from Ceph Nautilus 14.2.5 release, Ceph supports the Object Lock for its S3 compatible object storage to allow for a WORM (Write Once Read Many) model. You can create an object lock enabled bucket with a specified retention period. Users can not delete and make any change to data put in the bucket.
The object lock provides two retention modes:
- Governance mode: users can only delete or overwrite an object version or change the lock setting when they have special permission.
- Compliance mode: Users include the root user, can not delete or overwrite an object before the retention period. The retention period can't be shortened in any situation.
You can use Mars 400 Ceph storage appliance to create the immutable S3 buckets and use it as the Veeam backup capacity tier. Veeam Backup & Replication utilizes the S3 object lock and versioning to make the backup data temporarily immutable. All backup data stored in the immutable bucket can not be modified and deleted without a special authentication. Thus Mars 400 protects your data from malware attacks. If your primary data is encrypted, you have a backup to restore your primary storage.
Block and File System supports Copy-On-Write Snapshot
*Note: The copy-on-write operation happens only for the first time data is changed.
Figure 1 is an example of the ceph snapshot and rollback.
Data Protect Solution supported by Mars 400 ceph appliance for Ransomware
- Object Storage: Object Lock (WORM)
- Block Storage: Snapshot
- Filesystem: Snapshot
- Related Products
- Related Technology