The Case for Immutable Data: How to Save Your Data and Recover Faster From Ransomware Attacks

Enterprises can’t afford to lose a day or two of customer and revenue transactions from a ransomware attack. Read why immutable data is essential for ransomware recovery.

Ransomware attacks, already a major enterprise threat, are taking down organizations left and right—keeping today’s CIOs and cybersecurity professionals tossing and turning at night. This year, experts expect ransomware attacks to take place every 11 seconds and that global damages will reach $6 trillion in 2021, which is 57x more than it was in 2015.

Enterprise applications and databases contain business critical data, which make them high value targets for cyber criminals. Ransomware attacks can cripple a business with critical application downtime, loss of revenue, and loss of data.

Companies need a foundational cyber and ransomware solution that enables continuous data protection. To achieve this, it starts with immutability in data.

Life is Better When You Have Immutability, Whether It's in Code or in Data

The literal meaning of immutability is ‘not capable of or susceptible to change.’ Immutability is known most widely in functional programming used to parallelize code and run it in a distributed manner. In the DevOps world, immutability is often applied to infrastructure. Cloud and server virtualization paved the way for immutable infrastructure, giving teams “known good state” servers, fast rollback, and easier bug troubleshooting. On the contrary, mutable infrastructure changes in configuration over time and complicates efforts to scale quickly and reproduce bugs.

Immutable data gives application development teams similar benefits for data. When you have immutability in data, teams have access to and can build a continuous record of production data changes over time, retain the data efficiently, then provision environments from any point in that timeline. And when change data is written to new copies of data (even data encrypted by ransomware), it leaves the good data record completely unchanged and quickly accessible. You can watch this short video below to learn how to do this with Delphix.

DevOps enthusiast Gene Kim couldn’t have said it better about the value of immutability in a recent discussion with Delphix CEO Jedidiah Yueh. Here's what he had to say: “You end up with a far safer world when you can never overwrite data in the database. I think we've all had experiences in our career where we wrote a query, wrote an insert statement, or of course you have the delete statement where we do terrible things to production data and we can't get it back. One of these statements I'll make with moral certainty is that life is better when you have immutability, whether it's in code or in data.”

Ransomware Recovery Requires Much More Than a Data Backup

The biggest problem with traditional backup and disaster recovery solutions, as you’ll discover, is that there are gaps in backup data. With over 85,000 seconds in a day, companies need better data coverage than legacy ransomware solutions.

Retail companies, for instance, store and keep track of thousands of customer transactions that take place throughout the day. If a cyber attack were to happen at 2 p.m. in the afternoon but the last backup was performed the previous day, the enterprise potentially loses all transaction data from the time the last backup was performed. Only a partial restore is possible at that point because backups oftentimes happen in chunky increments and recovery from incremental backups can take hours, if not days.

When hit with a ransomware attack, recovery planning must address these two key metrics: recovery time objective (RTO), which refers to the maximum amount of time that an enterprise can afford to be offline with no access to data and systems, and recover point objective (RPO), which refers to the maximum amount of data that you can afford to lose.

For traditional backups, RTO could be days, and it’s no secret that outages cost companies lots of money. Gartner estimates the average cost of downtime is $5,600 per minute, so a single hour of downtime can cost upwards of $336,000. Another study found the cost of downtime is nearly 50x greater than the ransom requested by cyber attackers.

Traditional backup and disaster recovery solutions cannot not be the foundation for reviving your data and systems after a ransomware infection. Once-a-day backups are insufficient. With immutable data, teams can rollback, restore, and provision data from any point in time, down to the second or transaction, to support recovery efforts.

Ransomware is an Everyday Threat to Your Company’s Data

Should any data fall into the wrong hands, companies run the risk of causing irreparable harm to losing consumer trust as well as millions—if not billions in financial damage. Companies that are serious about improving their data security need better data management practices that leverage immutable data. This means a foundational change in how data is accessed and managed across the enterprise is key to dramatically mitigating a company’s risk of a cyber attack and faster recovery times.

Download “Continuous Protection Against Cyber and Ransomware Attacks” to learn more about ransomware data recovery with Delphix.