Cyberstorage Series Part I: A New Category of Ransomware Protection

Part I - Cyberstorage Emerges

One of the biggest risks to business growth today is data breaches.¹ The old saying, “it’s not a matter of time, it’s a matter of when,” seems to apply more and more to ransomware attacks and other cyber incidents targeting access to and extraction of data. As ransomware itself has evolved and changed the way it is monetized from simple locking of files via encryption to the far more nefarious double extortion tactic whereby stolen files are published in retaliation for unpaid ransoms,² SecOps teams have been left with a gaping hole in the underserved data storage security market. While many solutions exist to bolster perimeter defenses - endpoint protection, firewalls, authentication - little focus has been paid on how to better secure the data itself. Yet with the ransomware threat evolving and aggressively targeting primary unstructured data that businesses manage and access daily, solutions are finally emerging to fuse high-performance security technology with accessible storage to keep day-to-day operations running. The term for this data-first security approach is cyberstorage.

Gartner recently recognized cyberstorage as a new category of emerging technology in their Hype Cycle for 2021 Innovation Trigger section. Cyberstorage, according to Gartner, “protects storage system data against ransomware attacks through early detection and blocking of attacks, and aids in recovery through analytics to pinpoint when an attack started.”³ Essentially, cyberstorage is the broad term for a layer of technology that sits between the system infrastructure and the data storage systems and focuses on protecting the data itself instead of the network perimeter that holds it.

Cyberstorage Adoption Estimated to Grow by 6X

The cyberstorage category, while young, is quickly gaining traction as the need for proactive data defense intensifies. With a notable 13% jump in attacks that utilize data exfiltration last year, the need for protection at the data level is palpable and growing.⁴ The focus on data protection is shifting from prevention/recovery to addressing the inevitability of an attack. Businesses today need creative solutions to secure the data, even during a breach. Today, only 10% of businesses require integrated ransomware defenses on their data storage but that number is estimated to jump to 60% over the next three years.⁵

Cyberstorage on Backup

It’s not just the actively used unstructured data that needs a cyberstorage layer of protection. Backup data, largely seen as a safety net by organizations against ransomware and thus largely overlooked for security upgrades, is now becoming a primary attack target. In fact according to a recent Veeam report, 72% of organizations experienced attacks on their backup repositories in 2021.⁶ Compromised backup systems lowers the organization’s resiliency and strips its ability to recover, not just from a ransomware attack but also natural disasters, equipment failure, and outages. Securing backups with a data-first cyberstorage solution strengthens a company’s overall security posture by ensuring that the data remains accessible and protected against all incidents.

On-Prem and Cloud Repository Targets

The subject of data security inevitably leads to a debate of cloud versus on-premises data storage. The rate of successful data attacks started to accelerate as more and more businesses moved their data management to the cloud.⁷ This caused many IT teams to halt the migration of their most sensitive data sets and continue to house them on-prem. However, cyber criminals understand this trend as well and know that gaining access to on-prem, even air-gapped systems, represents a goldmine of private data. Attacks specifically targeting on-prem servers started to emerge through a variety of creative measures including CVE exploits, backdoor vulnerabilities, even electromagnetic signals to gain access to air-gapped systems.⁸

Cyberstorage - Addressing the Critical Flaw

Data - no matter whether it is managed onsite, in the cloud, in an air-gapped environment, or in a backup repository - is vulnerable because it is largely processed and stored in the same way, and while there likely are safety measures in place to protect the network on which the data is housed, there remain few, if any, safeguards on the actual data itself. Data, such as files or documents, remain in a folder in their complete state and often without trigger warnings to alert when they may have been compromised.

In creating a new category for data security, Gartner essentially challenged the industry to do better and find more secure solutions to protect the data, beyond perimeter defenses. It is a call to attention to focus on what happens once the perimeter has been breached and the data has been accessed. Is there a way to ensure that it stays protected even against such an attack?

Emerging vendors in the cyberstorage space would say yes. At Calamu, our data-first security approach was purpose-built to protect the data against theft and exfiltration, even in the event of an attack by transforming how data is stored. The focus with Calamu is protecting the data at the data level, and turning it into useless Digital Sludge if it falls into the wrong hands.

Learn more about Cyberstorage. Part II defines cyberstorage features, how it works, and overall benefits. Part III provides an overview of how to implement, where cyberstorage fits into your existing architecture and answers many common questions.  

¹ Forbes | ² Calamu | ³ Gartner | ⁴ Security Magazine | ⁵ Gartner | ⁶ Veeam | ⁷ BitSight | ⁸ Calamu