When ransomware and GDPR collide

Source: Veeam

The IT industry loves a hot topic. Cloud, hyper-converged infrastructure and machine learning are all great conversation pieces, but two of the hottest topics that are currently debated around the IT watercooler are ransomware and the European Union’s (EU) General Data Protection Regulation (GDPR).

As hot as these topics are individually, what happens when two of these ideas collide? I was recently asked the question, “What is the impact of ransomware when it comes to the GDPR?” and it created the rare occurrence of a topic collision in IT.

Is there an impact?

The answer is most certainly yes. GDPR exists to protect our personal information. Therefore, if we are holding information regarding an EU citizen, then our primary concern is to ensure that we look after that data and make sure it is secured, protected and accessible.

As part of our requirements under GDPR, it is crucial that we ensure we avoid a data breach. What do we mean by breach? It is described within the GDPR articles as follows;

‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

If we look at the statement above, it becomes clear how ransomware leads to a potential breach under GDPR. By definition, ransomware is a malware that can prevent or limit victims from accessing critical data or even their entire systems.

So far, the response to a ransomware attack has been relatively straightforward — Either you have ensured your data Availability and can quickly recover compromised data, or you are exposed to losing data. If you don’t have a trusted data recovery solution in place, your options of resuming your business operations with no data loss are limited. Keep in mind that paying the ransomware is strongly advised against by all technology and cybersecurity experts, as well as government officials.

GDPR introduces a new challenge, as well as new opportunity to the cybercriminal. Rather than worrying about the pesky technicalities of ransomware, your friendly neighborhood cybercriminal now has a new threat in their arsenal. They can expose a ransomware-based breach of your data to relevant authorities — exposing your organization to heavy fines or other sanctions.

What are we to do?

What does GDPR demand from organizations? If we look at Article 32 we get some guidance on our key responsibilities as data owners to have:

  • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

While GDPR is not a technical regulation or an IT problem to solve, it requires an increased commitment from IT departments to ensure data security strategies exist, solutions are up to date and all stakeholders are well informed of their responsibilities. There are certain areas in which IT commitment is key:

  1. Helping ensure data integrity
  2. Helping ensure the Availability of data
  3. Providing a platform for effective and flexible testing

What would an appropriate technology look like then?

The reality is that no single technology is going to provide all that you need, but it is good to be aware of the types of technology that can help.

Ideally, a solution stack would include a level of intelligence to spot ransomware activity, with the ability to quickly shut it down and identify any datasets affected. IT would provide an option to take the information about compromised data sets and present it to my recovery solution to automate the recovery process. It would also include a recovery solution that can quickly recover data and maintain Availability, while also providing us the ability to build test environments, so we can practice our response to data destruction incidents such as a ransomware attack.

Does Veeam help?

While Veeam is by no means a GDPR compliance tool, or even a ransomware identification solution, the Veeam Availability Suite can play a significant role in ensuring your compliance program is effective in dealing with not only issues such as ransomware, but a wider range compliance program challenges.

However, the ability to interact with third-party tools for quick identification of, and recovery from, a potential breach brings tremendous value. If we consider Veeam’s overall strategy of ensuring Availability across multiple repositories, both on-premises and in the cloud, in order to maintain compliance and Availability of data across the entire infrastructure regardless of location, then this is valuable and essential to a modern business compliance strategy.

Summary

We began with the question, “What impact does ransomware have on GDPR?” Now we’ve answered that question by discussing how the impact and risk of ransomware needs assessing and mitigating, as with all other potential compliance risks.

Hopefully this has provided some useful background and ideas to ensure you can meet the need of your business compliance strategy.

Read more

The post When ransomware and GDPR collide appeared first on Veeam Software Official Blog.

When ransomware and GDPR collide

How to maximize your profit from Disaster Recovery investment

Source: Veeam

Sometimes, it can be difficult to get budget to enhance or upgrade Disaster Recovery (DR) resources. Organizations are hesitant to spend money on things that do not get used often, or even at all if you are lucky. Unfortunately, in today’s IT climate, DR is more important than ever. In the last few years, many organizations have become acquainted with disasters, whether they be natural or man-made, like the dramatically growing incidents of ransomware attack.

One of Veeam’s newest solutions, Veeam Availability Orchestrator, or VAO, can help increase the usability of a DR environment in many ways. First and foremost, VAO enables businesses to reduce the time, cost and effort associated with planning for and recovering from a disaster. Unlike most DR tools, it also produces highly-detailed, customizable documentation which can be automatically sent to key stakeholders and can be used for DR compliance.

At the heart of VAO is something we call the Failover Plan. The Failover Plan is the steps that will be taken for a group of Virtual Machines during a disaster. VAO comes with many Plan Steps out of the box, such as verifying applications like IIS, SQL, Exchange, and SharePoint. Custom Plan Steps can also be created, which means existing DR scripts can be leveraged as needed for all other applications critical to your business.

After a Failover Plan has been initially configured, a Readiness Check can be performed immediately, as well as scheduled to run on a recurring basis. The Readiness Check ensures your environment is ready for failover and alerts you to any issues preventing failover for remediation. If that wasn’t enough, we can take testing one step further by leveraging Veeam DataLabs, a secure, isolated virtual environment ideal for testing and troubleshooting, without impacting production.

VAO has the ability to start a Veeam DataLab on-demand, or on a scheduled basis. There are several use cases for this, first of which is the aforementioned testing. By running and proving a Failover Plan in a completely isolated DataLab, you can ensure that real world failovers will happen seamlessly in the event of a disaster. Upon test completion, a custom report is generated detailing the steps taken during running the test and the outcome, verifying the Failover Plan has been successfully executed. DataLab testing and documentation is perfect for delivering peace of mind to business continuity stakeholders, as well as proving DR compliance.

After a fully-functional copy of the production environment is proven, the fun can truly begin. Because DataLabs are so easy to run with VAO — just a few mouse clicks — it is possible to leverage these copies on a regular basis. This can enable using DR resources for many things such as:

  • Patch testing
  • Application upgrade testing
  • Security auditing and testing
  • DevOps
  • Analytics
  • And more!

Often, applications critical to the business are the most vulnerable. It is imperative to protect them in the event of any type of disaster. With Veeam, it’s possible to protect these applications and the business they support at a level that was previously unachievable by conducting frequent testing of critical security patches and application upgrades in a fully-isolated environment. This also extends to providing these isolated environments to security teams for auditing and testing.

It is often easy to underinvest in DR environments with old or slow hardware since they “probably won’t even be used,” ultimately resulting in a compromised DR strategy. By extending DR capabilities beyond traditional concepts and methods, sourcing funding for DR environments and initiatives becomes much easier. With VAO, instead of letting resources sit idle, your DR investments can now be easily leveraged to provide additional value to the business, all while ensuring the continuity of IT service should disaster strike.

Read more:

 

 

The post How to maximize your profit from Disaster Recovery investment appeared first on Veeam Software Official Blog.

How to maximize your profit from Disaster Recovery investment

Unleash your storage with DataLabs

Source: Veeam

The ability to back up your data and recover is one thing, but let’s also consider the opportunity to leverage that backup data or even the ability to leverage the investment you made further with your production storage. Enabling other parts of your business to benefit from that data is even more important as we are in a world that is critically reliant on data.

Some of the areas that could really prosper from near-live copies of the production data on performant and efficient storage are security testing, IT administration tasks, DevOps and Analytics. Why take complete copies for these purposes? Why potentially affect the production workloads whilst running analytics or other processes against production workloads?

Veeam DataLabs allows for this, the ability to use backup files or even replicas, and run a copy of the instance in an isolated network to perform any task outside of the production environment. Also included, is the ability to leverage application-consistent storage snapshots from the many storage integrations vendors support today.


The diagram shows isolation between production and data labs

For example, you can provide self-service for developers to spin up copies of the data as they design new features.  You might provide sandbox environments for IT Operations to test new patches and updates before they are rolled out across the company.  The Security and Forensics teams may use copies of the data to test for security vulnerabilities without disrupting the production systems, or for performing forensics on an event that was picked up through their security incident and event management platform.  Or maybe the compliance and analysis groups need to provide statistics and analysis on data growth or data types.

On-Demand Sandbox

In order for this to work, we need to create three things in Veeam Backup & Replication. This can be achieved in the user interface or via PowerShell.

This process requires the following:

  • Virtual Lab
  • Application Group
  • SureBackup job

Once these three components have been configured, you can begin taking advantage of Veeam DataLabs. It’s a one-time setup.

Virtual Lab

The Virtual Lab is a small Linux appliance that runs within your environment and provides a gateway to your “lab” environment, allowing nothing to pass back through to the production environment. This appliance will run within the target environment within the virtual infrastructure.

Application Group

The concept of an Application Group is that many workloads do not work alone, they require multiple instances to truly be able to test functionality of the overall application. The Application Group will group together all of those components and dependencies. This Application Group can be selected from storage snapshots, backups or replicas, and they can be mixed to allow for different tiered instances to be included in the isolated environment.

SureBackup job

The SureBackup job is the policy-based schedule and group of when and where we want the sandbox environment to run. This job brings together the Application Group and the Virtual Lab. For example, you may have multiple Virtual Labs configured for different sites and locations. You may also have multiple Application Groups for different test and development cycles.

Storage snapshot integration

The particular process that I would like to cover is when using the storage snapshot integration.

  1. Veeam will detect the latest storage snapshot for the VM(s)
  2. Veeam will then trigger a copy of the storage snapshot, this will ensure that the snapshot will remain the same during this process.
  3. The snapshot copy is then presented as a new datastore to the environment where the virtual lab has been configured.
  4. Veeam will then reconfigure the configuration files. Start the VM(s) at this point. The sandbox environment is ready to perform the required tasks.
  5. Once the process is complete, and the copy and environment is no longer needed, Veeam will automate the following procedures: Power off, clean up, unmount datastore and the final power off of the virtual lab. The final task is to remove the storage system snapshot copy.

I think you would agree this process is above the everyday backup and recovery that is essential in all businesses today. The ability to reach additional touch points within the business and offer the value of data without affecting the day-to-day running of a production system is a real value to many.

The post Unleash your storage with DataLabs appeared first on Veeam Software Official Blog.

Unleash your storage with DataLabs

VeeamON 2018 Day 3 Summary

Source: Veeam

Today was the last day of the VeeamON 2018 conference — the end of three busy days for an amazing experience.

Day three started immediately with breakout sessions, and the first one I took part in was Establishing a business-centric approach to data management, presented by Dave Chapa, global evangelist at Veeam. Dave showcased that for too long IT has been focused on what it means to IT to keep a system running. Instead, we should focus more on the business’ goals and objectives and how we use the technology we have available to meet those goals.

Later in the day, I went to the 18 tips to prevent ransomware attacks for 2018 session, held by Veeam’s Rick Vanover and Joe Marton. One of the tips they talked about is the 3-2-1 rule and I can’t stress enough how important this is for fighting ransomware. Having three different copies of your data, stored on two different media, one of which is off-site can address almost any failure scenario and works for all data types and all environment types (physical and virtual).

Rick and Joe also tackled the scenario in which users are storing data locally and explained how these endpoints can be protected from ransomware using the Veeam Agents.

The session room was a full house:

The closing general session was moderated by Jeff Gianetti, SVP of Americas Sales at Veeam. Jeff introduced our keynote speaker, Kenneth Cukier, Data Editor of The Economist who talked about the importance of data and how it’s going to change every aspect of our lives. “More data isn’t just more, more data is different.”

Veeam Innovation Award 2018

VeeamON 2018 marked the debut of the Veeam Innovation Award (VIA), recognizing innovative solutions powered by Veeam. There were many nominees with amazing projects, but we only celebrated the lucky winners during the keynote. Veeam’s Product Strategy Sr. Director Jason Buffington, Co-Founder Ratmir Timashev and President and Co-CEO Peter McKay presented the awards to the four winners: Probax, SIS, Merrimac Solutions and iland.

After three full conference days, I can say VeeamON 2018 was quite an experience! I had great talks with IT folks from all around the world, and I learned a lot from the breakout sessions and Hands-On Lab. Moreover, I saw some of the great innovations that industry leaders such as Hewlett Packard Enterprise (HPE), Cisco, VMware, NetApp, IBM and Microsoft are preparing, and I can only say that we live in a great time!

And the learning doesn’t stop here. Over 200 attendees also signed up for VMCE training, which takes place in the next three days.

Tweet of the day

We are now heading to the VeeamON party, arguably the best party in the industry. Don’t forget to check our social channels (Facebook | Twitter | Instagram) for more news from VeeamON 2018, and I hope to see you again next year at VeeamON.

Read also

The post VeeamON 2018 Day 3 Summary appeared first on Veeam Software Official Blog.

VeeamON 2018 Day 3 Summary

VeeamON 2018 Day 2 Summary

Source: Veeam

Hello from the Windy City! Today was the first full day of VeeamON 2018 dedicated to all attendees, and there were great sessions and speakers!

The first thing on the agenda was the general session, held by our President and Co-CEO Peter McKay, who showcased our new vision of providing the most complete Hyper-Availability Platform for Intelligent Data Management, which ensures business continuity, reduces risk and accelerates innovation.

The general session was followed by breakout sessions, which were a gold mine for every IT expert at VeeamON Chicago.

With the General Data Protection Regulation (GDPR) coming into effect this month, I was interested to learn more about it. I attended both Regulatory Compliance Considerations sessions, held by Veeam’s Michael Cade, Mike Resseler and Mark Wong. They were very informative about the steps organizations need to take in order to be compliant, insisting on the fact that being compliant is not a one-time action, but a continuous process of implementing a set of principles.

DataLabs

One of the key capabilities highlighted this year is Veeam DataLabs. DataLabs is the new name for Veeam’s virtual labs. The new name comes from the many innovations since 2010 when virtual labs were first introduced.

DataLabs are capabilities in Veeam Availability Suite as well as Veeam Availability Orchestrator. They are a combination of critical application backups and network configuration that provides a safe environment for testing, audits, analytics, simulation and more.

One of my favorite innovations over the years with DataLabs is that now they can be run from either a backup file, replicated VM or even a storage snapshot. These each have their own I/O performance and provide a gateway to Hyper-Availability. The possibilities are endless!

Veeam Backup for Microsoft Office 365 2.0: What’s New

My favorite session so far is Veeam Backup for Microsoft Office 365 2.0: What’s New? The room was a full house and I really hope everybody interested had access to the session, because some very interesting stuff is coming in version 2.0.

Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your business-critical data and ensures that you remain in complete control. Now it’s easier than ever to set-up, search and maintain visibility into your Office 365 data with version 2 delivering:

  • NEW Data Protection for OneDrive for Business. Fast, efficient backup of Office 365 OneDrive for Business accounts with the ability to restore and export files and folders with the NEW Veeam Explorer for Microsoft OneDrive
  • NEW Data Protection for SharePoint. The ability to back up SharePoint Online and SharePoint on-premises with fast, flexible recovery of SharePoint sites, documents, libraries and lists with the already-familiar Veeam Explorer for Microsoft SharePoint now built-in
  • ENHANCED Major ease-of-use and backup flexibility improvements in a newly redesigned job wizard to make set-up, search and maintaining visibility into your data easier than ever

In addition, version 2.0 marks the release of Veeam Backup for Microsoft Office 365 Free Edition. This FREE product functionality will be identical to the paid version, but with the following limitations:

  • Maximum number of Exchange Online users: 10
  • Maximum number of OneDrive for Business users: Accounts associated with these same 10 users
  • Maximum amount of SharePoint data protected: 1TB

This version includes best effort support (which means there is no SLA guarantee and it is typically limited to email-only support requests).

*Please note that the feature-complete beta is available now and the GA version is coming soon.

Tweet of the day

Did you miss the first day of VeeamON 2018? Read the summary here and check our Twitter account for pictures from the conference.

If you want to get in touch, tweet me at @Cristi_Antonio! I will be back tomorrow with more news from the last day of VeeamON 2018.

The post VeeamON 2018 Day 2 Summary appeared first on Veeam Software Official Blog.

VeeamON 2018 Day 2 Summary

VeeamON 2018 Day 1: Partner Summit

Source: Veeam

VeeamON 2018 kicked off today and more than 2,200 attendees from around the world transformed the McCormick Place convention center in Chicago into a tech capital. Traditionally, the first day of VeeamON is dedicated to partners, and today was no exception.

The Partner Summit was opened by our President and co-CEO Peter McKay, who talked about Veeam’s vision for 2018 and beyond and how we team up with our partners to provide the best solutions on the market for Intelligent Data Management. Peter continued his keynote with sharing the great results Veeam achieved in 2017, including the Net Promoter Score (NPS) score of 73, 3.5 times higher than the industry average.

N2WS is now part of the Veeam family, and I was very interested to find out more about it. I attended the session held by Ezra Charm, N2WS VP of Marketing, who showcased our new offering for backup and DR for AWS.

Another highlight of the day was Anton Gostev’s session, Ask me anything: Veeam R&D and Support. This session became official at VeeamON 2018 after more unofficial Q&A sessions at previous editions. The questions were very diverse, people were very interested to find out about future releases and everybody got an answer.

There also were two winners for “Best Questions,” chosen by Anton Gostev and Rick Vanover. These two winners received a 1 TB USB hard drive — perfect for holding backups for Veeam Agent for Microsoft Windows!

The Expo Hall is a big attraction at every VeeamON conference. The attendees are interacting with the Veeam experts in an out of the box setup and get hands-on experience with Veeam solutions.

Tweet of the day

Engage with the VeeamON community

To discover even more from the first day of VeeamON 2018, follow our social channels:

You are welcome to join the conversation using the #VeeamON hashtag! And don’t forget, there is a mobile app with everything you need for VeeamON 2018 (available for iOS and Android).

I will be back tomorrow with more news from VeeamON 2018 Day 2. Stay tuned!

The post VeeamON 2018 Day 1: Partner Summit appeared first on Veeam Software Official Blog.

VeeamON 2018 Day 1: Partner Summit