Combat Ransomware & Increase Resiliency with Rubrik and Azure
It’s 2020, and the frequency of and repercussions from ransomware are getting worse. Bad actors are taking advantage of increases in remote work and the lapses or gaps in security measures as the attack-surface spreads. In Q1 2020, the average enterprise ransom payment increased to $111,605, up 33% from Q4 of 2019. Business interruption costs are often 5-10x higher than direct ransomware incident costs. Lost revenue, downtime, and brand damage are factors that severely affect victims of ransomware if they’re unable to recover quickly.
Recently, Karl Rautenstrauch, Principal Program Manager with the Microsoft Azure engineering team, gave a highly informative presentation about how Rubrik and Microsoft Azure are a powerhouse combination in helping to defeat ransomware. Here are some key takeaways from the presentation:
A Common Ransomware Reality
The following scenario happened to an Azure customer. It’s a bad story, but it’s one everyone can learn from. The customer’s entire network was impacted by a particularly nefarious form of ransomware that not only deleted content on users’ workstations where the ransomware was first encountered, but reached out across the network and deleted content from NAS appliances and from an appliance used to back up to the Azure Cloud. The ransomware was able to delete their backups.
They’re still working through recovery today.
There are ways to avoid this type of situation.
Rubrik has inherent capabilities that can prevent this from happening, and by combining those with Azure and Azure Security best practices, you can avoid experiencing what this customer went through.
The Strengths of the Rubrik-Azure Data Management Infrastructure
Your backup data is valuable, and you want to ensure that the data management solution you are relying on is robust and can be trusted. The best strategy is the modern version of the three-two-one backup methodology, where you have three copies of your data on two different media, including one in an off-site location.
There are some great ways to leverage both Rubrik and Azure to migrate at least a portion of that three-two-one strategy into the public cloud and keep your data secure with multiple copies in multiple locations. We make that possible from an Azure perspective by making sure that our storage is incredibly safe and cost effective.
Azure storage infrastructure is meant to be, and built to be from the ground up, as resilient and redundant as a customer needs it to be based on use case. Azure has three primary storage media that can be used to house data for both production applications and backup and recovery data sets – object storage, disk storage, and file storage. Object storage is the storage platform available to Azure backup partners like Rubrik, and Rubrik does some amazing and innovative things with it.
With the object storage, Microsoft’s Azure Blob Storage that Rubrik uses as a backup target, you only pay for what is in use or consumed. There is no prepayment upfront to acquire storage that you may or may not use over the next three years. As you remove data, if you are lucky enough to sunset some applications and expire those backups, you will see your bill go down.
Intelligent Data Tiering Helps Keep Costs Down
Azure also has different tiers of storage based on your retention and recovery requirements. The hot storage tier is meant for data that is going to exist for 30 days or frequently accessed – data that you may need to recover back on-site in an extremely fast manner. Microsoft makes the recovery (the actual access to that data) as cost-effective as possible. Azure cool storage tiers are most popular for the backup use case, as it’s the lowest cost per gigabyte.
What Azure is doing is leveraging its three-replica technology across tapes and tape libraries to offer that same level of protection and resiliency for data that’s written to tape. It’s modern, innovative, and gives you a way to store data extremely cost-effectively if you have long retention requirements.
The assumption with backup is that you’ll need to do very little, if any, recovery from the cloud. What is stored in the cloud is an insurance policy.
This intelligent tiering–or knowing what data should be stored where, and the appropriate capacity and retention periods–is what the Rubrik Cloud Data Management platform is built for. As you configure your policy, you will find that Rubrik will provide feedback around whether hot, cool, or archive makes the most sense for your data. Rubrik does all of this in an easy-to-use way with advanced automation capabilities. The ease of use is a testament to the power of Rubrik CloudOut.
One Customer’s Road to Resiliency
Canterbury Christ Church University was founded in 1962 in Canterbury in the south of England, and received university status in 2005. The University’s primary business is education, but they are also highly coupled with the NHS (National Health Service), training teachers and midwives.
Andy Powell, Head of Infrastructure at Canterbury Christ Church University, shares the University’s journey with both Rubrik and Azure to move away from a legacy infrastructure.
“If I can explain our journey, in 2008 we virtualized for the first time. We had 150 physical servers in a number of racks, and the cost of replacing the physical servers was immense. So, we took the leap and virtualized our workloads. We weren’t early adopters of virtualization, but we were happy with our own metro cluster that we had, which was replicating our storage across our fibre that ran around our city. We virtualized down to about 30 or so blades. Obviously, there’s the backup piece.”
You can learn more about the university’s experience in the on-demand FORWARD Digital Summit session: How Rubrik and Microsoft Azure protect your Data Center, O365, and drive the Ransomware Jerks CRAZY!
In 2013, Canterbury replaced the storage they’d purchased in 2008 and upgraded to Hitachi storage. Again, they had a metro cluster and a backup side that acted as the witness to the primary storage arrays. And they had a massive tape library. All of this was consuming around 14 racks of storage in their data centers, at considerable cost.
In 2018, they managed to hyper-converge their infrastructure. “One of the drivers to move to Rubrik was that we had an estate consolidation project go in, which meant that the building where our backup and our tape library were housed was being sold. It meant that tapes were being shipped across our internal courier service, and our estate’s colleagues were having to lift and shift various tape library cases, which made it quite an onerous task on all concerned,” says Andy.
Canterbury opted for a Nutanix stack with Rubrik. The key benefits they saw with the Rubrik infrastructure was the ability to scale out and use CloudOn to mount backups and various pieces of the infrastructure. “Azure was the perfect partner for us,” Andy says. “Azure was so easy to configure. We moved our workload easily via Rubrik into Azure and have been incredibly happy since. The benefits of both Rubrik and immutable backups using Azure make this the perfect partnership for us.”
Canterbury is still on a journey, one that doesn’t stop with just Rubrik or the investments that they’ve made with Nutanix. They’ve recently procured and deployed Palo Alto AI Firewalls to sit in their Azure stack as they evolve further from having two data centers on-premises to a single data site on-premises. They are also starting to leverage Azure, with several workloads in the cloud space. Canterbury is taking advantage of Windows Virtual Desktop to best allow mobility for staff and students. And they’ve just invested in Rubrik Polaris Radar to make sure they are made aware of ransomware attacks.
Andy sees that “the ability to use Rubrik’s CloudOn and genuinely take advantage of a proper hybrid-cloud environment has been valuable. That’s the power of this technology. We’ve invested in a platform that is built from the ground up to be resilient, to be protected, and to meet the requirements of a modern business.”
To learn more about building a modern, resilient data platform for your business, and to watch a demonstration on how intuitive and easy to use the Azure and Rubrik technology is, watch Karl’s full presentation here.