How snapshots — point-in-time copies of data — can improve data security.
Teams responsible for developing scalable enterprise applications need efficient approaches to protecting data. Snapshots are a good way to improve resilience, protect against ransomware and speed recovery.
Jump to:
Snapshots are point-in-time copies that provide near-instantaneous data protection. By copying storage metadata rather than on the data itself, they provide a record of where each block of data is stored. Not only does this not take up much space, but it can also typically be done in a few seconds.
Here are a few ways to use snapshots to enhance data security.
Snapshots can augment backups for data protection. For those wishing to reduce their recovery point objective without spending a fortune, snapshots are one option. Backups can recover data anywhere from a day ago to a week or more, depending on when the last backup was done. Anything later than the last backup is lost. Snapshots can take the RPO down to an hour or so, depending on how often they are done. Some businesses run snapshots more often than once an hour due to the sensitive or financially lucrative nature of the data they process.
As well as augmenting traditional backups, snapshots can also be used as an additional safeguard against ransomware, according to Jerry Rozeman, an analyst at Gartner. This should not be interpreted as saying that snapshots take the place of other security measures that are designed to reduce the chances of a ransomware infection. Firewalls, intrusion detection, ransomware protection systems and other cybersecurity tools remain vital. But regular snapshots of databases and storage can provide another, and perhaps a last, line of defense in case other cybersecurity protections are breached.
Rozeman explained that storage technology is not always well protected. “Unstructured data platforms like network-attached storage, scale-out file systems and object storage provide inadequate protection from malicious deletion, encryption and data exfiltration, making it an easy-to-attack target,” Rozeman said.
Immutability is creating a copy of data that can’t be encrypted by hackers, can’t be corrupted and can’t be altered in any way. One way to achieve immutability is to send data to a tape archive that remains offline. That air gap means that cybercriminals can’t cause any mischief as there is no direct networking connection to the data. But there are other solutions to immutability — some better than others. Some try to pass off cloud storage as being immutable. In reality, it is just cloud storage with extra layers of protection.
Pure Storage is one vendor that has put together some immutability features that make snapshots more valuable. If snapshots are done with its SafeMode feature turned on, the resulting snapshots cannot be deleted by anyone. Even if hackers infiltrate the network and get into the system, they may cause damage, but the snapshots remain unharmed.
“SafeMode makes it impossible to delete data snapshots,” said Anthony Nocentino, principal field solutions architect at Pure Storage. “These snapshots protect against rogue administrators, compromised credentials or attempts to delete backups and snapshots.”
Just as important as preventing breaches or alternations of data is being able to recover data quickly when data loss occurs. If the volume of data is compromised, held to ransom or lost in some other way, snapshots can play a part in getting key systems up and running fast.
For instance, when dealing with huge databases or data sets, it can take a long time to find the right backup copies and transmit that data from the cloud, from tape or from a deduplication appliance to where it is needed. Even with snapshots, if the size is very large, it can take a while for recovery to occur. The solution is to take snapshots of segments of datasets and databases. This might be data from one particular application or database, or taking snapshots of each database, so you can pick and choose the most critical snapshots to use for recovery. Those key segments can then be fully restored while IT labors away to restore everything else via backups. Further, if one segment is compromised by hackers, the others may remain uninfected.
Snapshots don’t replace other cybersecurity or data protection technologies, tools and actions. IT should continue to implement best practices with regard to safeguarding data and maintaining a tight security perimeter.
Snapshots, though, are another tool to add to the protection arsenal. By implementing snapshots in the various ways noted above, organizations can keep their data more secure and recover it faster when they need to.
Read next: Become your business’s cybersecurity expert (TechRepublic Academy)