Disaster recovery (DR) and business continuity have been an essential aspect of enterprise IT for decades. Whether it’s earthquakes, floods, or power outages, DR is there to ensure operations can continue.
But more recently, a lot more has been put on the DR plate. Ransomware has now emerged as one of the key reasons to have a DR plan and DR technology in place. A massive disruption like Colonial Pipeline experienced can be enough to put a company out of business.
“Vendors have traditionally been focused on protecting data from power failures, system failures, and natural disasters and have tended to concentrate on some perimeter-level network defenses,” said Siamak Nazari, CEO and cofounder of Nebulon. “With a cyberattack, it’s more than just data that needs protecting—at risk is really the entire physical infrastructure from applications and operating systems down to low-level firmware and BIOS.
“Organizations require even more sophisticated protection, response, and recovery solutions than what was available even two years ago.”
Also see the Best Business Continuity Solutions
What is Disaster Recovery?
DR consists of several facets. There are hardware elements such as having a redundant data center, where the enterprise can fail over during an event. In some cases, it consists of the same equipment in several locations, each replicating data to another similar unit. But it also requires software to orchestrate data movement, backup and restore technology to ensure a current copy of data is available, and the ability to recover systems and data rapidly.
In this era of the cloud, the big cloud providers take care of the underlying infrastructure. All that is needed is a connection to the cloud. However it is done, the concept remains the same—to bring systems back up in as speedy a manner as possible with as little data loss as possible.
Disaster Recovery and Ransomware
In the event of ransomware, the enterprise needs to have access to an uncorrupted copy of its data, so it can refuse to submit to cyber criminals’ demands.
“The current cyber landscape requires organizations to be as equipped as possible for ransomware attacks and other disaster events and must take measures to ensure their data can remain resilient,” said Andrew Silva, technical marketing manager at Zerto, a Hewlett Packard Enterprise (HPE) company.
A resilient approach, Silva added, requires a shift in the way IT thinks about ransomware—from exclusive focus on preventing attacks to being prepared for the eventuality of an attack. It must also encompass a recovery solution that guarantees access to data, without gaps or data loss, in the event of attack, so operations are back up and running without delays.
For example, snapshots have been used to improve recovery point objectives (RPOs) and recovery time objectives (RTOs). But this approach works like a still camera, taking a picture of an environment at a specific time. This type of backup and DR technology offers RPOs measured in hours.
Instead, Silva recommends continuous data protection (CDP) as the best way to achieve real-time recovery from ransomware. That said, many vendors continue to utilize snapshots as one element of comprehensive DR and ransomware protection.
“The explosive growth in ransomware that threatens virtually every company in every industry has heightened the importance of cyber resiliency as a key component of disaster recovery planning,” said Sonya Duffin, a ransomware and data protection expert at Veritas Technologies. “… The goal of ransomware is to bring operations to a standstill, much like a traditional disaster would.
“Making matters worse, ransomware as a service has developed into a lucrative business model, and attackers are relentless in developing creative ways to infiltrate IT environments to capture data and hold it hostage.”
See the Best Backup Solutions for Ransomware Protection
DR trending toward increased data protection and resiliency
As a result, the disaster recovery market is changing to place an increased focus on data protection and resiliency that ensures an organization can get back up and running quickly following a ransomware attack and to do so without having to pay the ransom.
This means today’s disaster recovery solutions must fit into an organization-wide zero-trust strategy and include features like immutable and indelible storage with an internally managed compliance clock to keep backups safe, complete visibility of entire data environments, AI-driven anomaly detection to optimize for the fastest recovery possible and broad backup and recovery options across multicloud environments.
In many ways, DR is playing catch up with the rise in effectiveness of cyber criminals. The global cost of ransomware has risen from $325 million to $20 billion from 2016 to 2021, and on average, only 65% of encrypted data was restored after a ransom was paid. This means organizations need to rethink their DR strategy for ransomware use cases since traditional data protection solutions and DR plans may not work.
“Cyber recovery is a different use case that requires a modern data protection solution; new DR plans and procedures; and multifaceted response team which could include IT, DR, security, legal, a third-party cyber insurance company, and other third-party service providers,” said Darpan Thaker, senior director of product management at Sungard Availability Services. “Organizations need to ensure that all these parties work as a cohesive team in order to fulfill their roles and responsibilities, which also increases the overall complexity of ransomware recovery.”
Also see the Best Ransomware Removal and Recovery Services
DR as a Service
Another change in DR, of late, is that it is evolving into an on-demand service. Many vendors now offer disaster recovery as a service (DRaaS), which is a good way to integrate disaster recovery with advanced security and data protection solutions.
Local backups are usually enough to recover IT systems from server failure and other common problems. But a site-wide disaster could destroy those backups and result in major downtime and data loss for a business. DRaaS solutions can help ensure complete and reliable business continuity.
Top DR Solutions Including Security Features
eSecurity Planet evaluated many different disaster recovery solutions with a focus on security features. Here are our top picks based on our analysis of the DR market.
Zerto’s automated failover and failback is said to recover encrypted files, virtual machine (VM) applications, sites, and data within minutes of when an infection occurs. IT selects a checkpoint in the journal from before the attack and rolls back to the uninfected state.
- The Zerto approach favors continuous data protection over periodic backup.
- Journaling technology helps users improve RPOs/RTOs and eliminate the need for scheduling, backup windows, and snapshots.
- Always-on replication ensures protection of every change to applications as they occur, continuously recording changes.
- RPOs are measured in seconds.
Druva’s cloud data protection and management system includes DR, backup, and ransomware protection. It provides a way to centrally protect and govern data across multiple software-as-a-service (SaaS) applications.
- Golden snapshots can quickly recover data.
- Whether users have Microsoft 365, Google, or Salesforce, they can orchestrate SaaS data management, remove complexity, and reduce admin overhead.
- Users can benefit from a 15-minute deployment with near-zero admin burden.
- Druva’s metadata-centric architecture supports management and security of data in the cloud with long-term retention, and regulatory compliance.
- Druva offers centralized visibility over globally distributed data.
- Intelligent data classification and federated search are available for easy discovery.
- There is no hardware to maintain or support.
Arcserve Cloud Services is Arcserve’s DRaaS solution protecting both physical on-premises business systems and cloud-based data storage systems. Cloud Services includes integrated backup, storage, and data protection to deliver both disaster recovery and security capabilities on-demand. It is designed to streamline data backup and recovery management and to get systems back online with speed. Businesses can replicate backup images from OneXafe, ShadowXafe, OneXafe Solo, or ShadowProtect to Arcserve’s Cloud Services, which provide the tools needed to keep business running.
- Fault-tolerant cloud is available for disaster recovery.
- Cloud storage can be customized to fit the needs of IT environments of different shapes and sizes.
- Cloud Services centrally manages and monitors all accounts, as well as failover in a disaster, without third-party intervention.
- Networking features allow customers to run networks in Arcserve’s cloud just as it would be run onsite.
- Cloud Services works on platforms and in any location.
- Unified data resilience enables all-in-one data protection and management.
- The solution includes integrated cybersecurity and immutable storage options that cost-effectively scale-out.
Sungard Availability Services (Sungard AS) has been in the DR game for decades. Its Cloud Recovery product suite delivers a fully managed, financial penalty-backed RTO service-level agreement (SLA) for physical, virtual, and IBM iSeries server platforms. It recently added a new Cyber Incident Recovery offering that improves customers’ ability to successfully recover data that’s been compromised from a cyberattack.
- There are three tiers of validated RTO SLA, ranging from two hours to eight hours, to align RTOs to business requirements and optimize recovery.
- Tiered RTO SLA paired with DRVerify Automated Testing.
- The solution supports physical x86 servers, virtual machines, and IBM iSeries servers.
- The Cyber Incident Recovery offering provides immutable and air-gapped backup for data recovery with at least one offline backup copy.
- Identity and access management with role-based access control and multi-factor authentication is available.
- A clean room environment is possible for forensic analysis and rapid identification of clean recovery points.
- Cyber recovery simulation is available for validation of immutable and air-gapped backups and data recovery plans and procedures.
Veritas NetBackup uses policies and elastic services to deliver data protection and simplified operations at scale across any workloads, including traditional, platform-as-a-service (PaaS), SaaS, and container-based applications. It provides secure delivery of workload protection at the edge, on-premises, and in the cloud, reducing data protection gaps.
- Integrated multicloud analytics and insights allow businesses to optimize performance, mitigate risk, and reduce cloud costs.
- Kubernetes multicloud recovery allows users to recover the data they want to any Kubernetes distribution.
- Cyber resiliency safeguards data with a unified platform approach, providing a multilayered solution with automatic malware scanning to ensure infection-free recovery of data.
- Integrated SaaS application data protection provides a unified data management and protection solution.
- Veritas Cloud Scale Technology that powers NetBackup provides cloud agility while enabling auto-scaling data management.
- The solution autonomously provisions, optimizes, and repairs data management services, while empowering end users to enable self-service data protection and recovery.
Unitrends helps to minimize data loss and protect against ransomware in order to eliminate downtime. The Unitrends centralized platform provides data centers, servers, endpoints, cloud, and SaaS applications with access to backup and data recovery.
- Failed backups due to environmental issues are eliminated by Unitrends Helix.
- Backup and DR are integrated with automation and security features.
- Unitrends includes ransomware detection, dark web monitoring for stolen credentials, and phishing defense tools.
- Options include the Recovery Series physical appliance or the Unitrends Backup virtual appliance.
- The solution can run on VMware vSphere, Microsoft Hyper-V, and Nutanix.
- Alternatively, Unitrends can be deployed as a VM within Amazon Web Services or Microsoft Azure.
Nebulon’s TimeJump and ImmutableBoot solutions work together to apply a snapshot philosophy in a broader context. TimeJump recovers critical application data as well as the infected operating systems on which that data runs, offering physical infrastructure recovery in under four minutes. ImmutableBoot is a reboot-to-recover solution that enables companies to revert back to a frozen snapshot of a known, good version of the operating system with a server reboot.
- TimeJump and ImmutableBoot allow organizations to recover application data and the OS for thousands of servers dispersed across the globe in four minutes.
- The solution contains a separate fault domain, which prevents ransomware-encrypted servers from infecting the data protection solution.
- Users can freeze an immutable known, good server image with desired configurations that can be applied across a large server estate.
- Nebulon automatically enforces centralized and consistent patch and configuration management—no reliance on device-by-device management.
- The solutions are designed to reduce threat vectors in (deep) infrastructure.
- Nebulon has an offsite (cloud-based) infrastructure control plane, similar to an AWS-like management console, but for on-premises workloads. The control plane monitors IO patterns and provides alerts on active ransomware attacks within minutes.
- As the control plane is offsite, when an attack on the data center happens, management tools are not infected and can begin recovery immediately.
- Nebulon segregates compute and storage into different security domains within the server.
Carbonite Backup for Microsoft 365 is aimed at backup and protection for Microsoft 365 productivity apps. Individual files and folders as well as permissions settings or complete sites can be recovered. The solution includes ransomware protection and up to four backups a day.
- Carbonite Backup protects SharePoint, OneDrive, email, Teams, and other Microsoft 365 elements.
- Users can protect against human error, hardware failure, and ransomware.
- The solution captures changes in Microsoft 365 applications and replicates them to a secondary instance in Microsoft Azure.
- Site-level rollback or recovery of individual mailboxes, conversations, and files is available.
- The search feature can be used to recover content from Teams, SharePoint, Email, Calendar, and OneDrive.
- Content can be restored based on owner, subject line, content type, and more.
Read next: Best Incident Response Tools and Software