Coming Back from a Cyberattack

As a tech trend, hierarchical data management for production environments didn’t last very long. Almost as soon as the tech industry developed tools to automatically move data from one storage tier to another based on use, storage costs dropped so dramatically that most IT leaders decided it was just as affordable — and often a lot simpler — to just expand their storage. 

Yet, there’s one area where storage tiering is actually becoming almost essential: backup and recovery. 

When I talk to customers about their recovery needs for the first time, their knee-jerk response is usually that everything in their environment needs to be recovered instantly. But I don’t think I’ve found a single organization for which that’s actually true. One healthcare customer recently insisted that every bit of its data needed to be backed up to the last second and recoverable at a moment’s notice — up until the moment when IT and business leaders learned that this would result in an eight-figure storage bill.

In reality, almost all organizations rely on a mix of data that is urgently needed; data that is needed for business, but can wait a minute or two; and data that essentially collects dust.

Historically, storage tiering hasn’t been a high priority for disaster recovery and business continuity. That’s because organizations can leverage replication and high availability to fail over to a secondary data center in the event of a natural disaster. However, in the case of a cyberattack, such replication means that the malicious code usually exists in both primary and secondary environments. And because of the dramatic rise in cyberattacks — especially ransomware — IT leaders must now plan for scenarios in which they’re able to recover their entire environment from an uninfected backup. 

This is only really possible through storage tiering, which most organizations aren’t yet doing. That’s probably because storage tiering for disaster recovery represents a relatively recent mindset shift, brought on by the new reality of cyberattacks. Industry observers seem to have given up their previous trend of labeling each new year the “Year of Ransomware,” but that’s because attacks are still going up, not down. According to Panda Security, reports of ransomware increased 62 percent in 2021.

To implement storage tiering in their disaster recovery environments, IT leaders must first recognize that not all of their storage has the same value — or, at least, not the same level of urgency. 

Remember the healthcare customer that was staring at exorbitant storage costs? Part of the hang-up there was the organization’s Active Directory data. While that information is obviously critical to the organization’s operations, IT leaders eventually came to see that it wasn’t essential for the data to be backed up every millisecond. They realized that if they were hit by ransomware and had to use a day-old version their Active Directory data, things would be just fine. While Active Directory is a relatively small amount of data, it served as a catalyst for the organization’s leaders to spur the type of thinking needed to effectively tier their data.

Similarly, many organizations store data that is almost never accessed; it’s usually retained solely for regulatory or legal reasons. Obviously, it’s not necessary for these records to be kept on more expensive flash storage. If it takes a day to recover files that haven’t been accessed in three years, no one is likely to notice. 

An effective storage tiering strategy requires a thorough assessment of business-critical applications and their interdependencies. A Tier 0 application might not work effectively if it can’t access data from certain Tier 2 and Tier 3 programs. After conducting such an assessment, most organizations find that they can move a great deal of their backup data to less expensive spinning-disk storage, or even to the public cloud. 

In the case of our healthcare customer, we were able to bring down the price tag of the planned backup environment by more than two-thirds, while ensuring that business-critical applications could be brought back almost instantly after a cyberattack. That’s the power of storage tiering.

Story by Jason Cray