How Going Back to Basics Strengthens Your Data Storage Security

MARCH 3RD, 2022

By Byron Horn-Botha, Lead, Arcserve Southern Africa channel and partnerships

I think we all approach a new year with a fairly large degree of optimism and trepidation, with a few resolutions thrown into the mix as we attempt to change how we do things.

Criminals engaged in ransomware are no different. It is increasingly apparent that they dedicate their efforts to causing the most significant damage in the shortest possible time.

IDC has identified this trend with the observation that ransomware attackers have learned that eliminating the possibility of data recovery by attacking the data backups can maximise the attack's impact on primary data.

Just to put it into perspective, as far back as 2014 and based on industry surveys at the time, Gartner estimated the cost of network downtime was typically around US$5,600 per minute, which extrapolates to well over US$300 000 per hour. I'm sure I now have your attention!

Forbes reports that the recent six-hour-long outage of the Facebook family of apps cost the company nearly US$100 million in revenue. Worse, it drove millions of social media users to Twitter as people couldn't view their Facebook feeds, exchange WhatsApp messages, or post Instagram reels. To add insult to injury, it sparked a derisive meme feast that didn't do much for the brand.

None of us need to be reminded that the damage from ransomware can have a profound and lasting impact on organisations. If it is to be defeated, the solution should appear obvious: IT organisations need to architect a system that assures data recovery without paying a ransom. This may appear to be a tall order, but the good news is that it has been achieved.

Many CIOs are familiar with the old ‘3-2-1’ rule when it comes to data protection, namely: three copies of data (primary and two backups); two copies stored locally on two formats (NAS, tape, or local drive); and one copy stored offsite (cloud or secure storage).

But this is now somewhat outdated due to the importance of protecting the backup. Today, the 3-2-1-1 strategy is recommended to safeguard data, with the extra ‘1’ being immutable storage.

Immutability is a critical element of successful ransomware protection. It is when data is converted to a write-once, read many times format, which cannot be altered. Unlike data encryption, there is no key, so there should be no way to ‘read’ or reverse the immutability.

If ransomware gets into an admin system, it can spread like wildfire and even infect secondary storage.


The latter is also crucial when paired with other data protection elements, such as continuous data protection, which can capture data on each write at rapid intervals measured in seconds. If that data is stored in immutable form, the customer can then have a ‘snapshot’ of data that cannot be altered.

Having the right technology in place, augmented by sound and well-rehearsed recovery practices, is essential. But adding immutability means you can access and restore data to its unaltered state and get back into operation within minutes of a breach. What CIOs and CTOs do not want to keep the lights on and be up and running within minutes of an attack?

Breaking Down 3-2-1-1 vs. Traditional 3-2-1

Let's take a look at what the traditional 3-2-1 rule entails. In essence, as noted, it recommends that you keep at least three copies, store two of them on different media and store at least one additional copy at an offsite location.

While it sounds like having two copies onsite means the business automatically has quick access to its backup if its primary storage fails, that may not always be the case. What happens when disaster strikes and takes both of the onsite devices down?

If ransomware gets into an admin system, it can spread like wildfire and even infect secondary storage. These scenarios are played out every day in businesses across the world.

For example, what if both data copies are compromised? The first thing the company does is shut its systems down and put its backup and disaster recovery plan into motion. That's when it turns to offsite backups. This is precisely where the problems commence.

With secondary storage primarily built for backup security and scale at a relatively low cost, these systems can impair recovery if they can't quickly transfer the vast amount of data that typically needs to be recovered. That could add a considerable amount of time for applications and data to come back online after a disaster, which is, of course, very costly.

In a nutshell, the 3-2-1-1 rule comes into its own in this last example, with at least three backup copies of data and two stored on different storage media while placing one of them offsite.

Immutable storage is the key to successful ransomware protection because the company’s data is converted to a write-once, read many times format that can't be altered. Essentially, the data cannot be changed or deleted once it is written.

Learn More

Find out how going back to data protection basics and adding immutable storage strengthens your data storage security by talking to an Arcserve expert technology partner or contact us for more details.