B2B Tech Talk with Ingram Micro
B2B Tech Talk with Ingram Micro

Episode · 2 weeks ago

Combating Ransomware Attacks with Disaster Recovery Plans


Ransomware is the most prolific disaster recovery (DR) event in technology today. It takes more than backups and cloud storage to protect company data from these vicious attacks—proper disaster recovery helps companies plan for the “when” of ransomware threats.     

Shelby Skrhak speaks with Annette Miller, multi-cloud partner development manager, and Paul Irwin, staff partner solution architect - Strategic Solutions, both of VMware, about: 

- The definition of disaster recovery 

- Examples of disaster recovery plans

- VMware cloud disaster recovery 

To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk 

Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify,Apple Podcasts or Stitcher. Or tune in on our website.

You're listening to B two B Tech Talk with Ingram Micro, the place to learn about new technology and technological advances before they become mainstream. This podcast is sponsored by Ingram Micro's Imagine Next. It's not about the destination, it's about going someplace you never thought possible. Go to imagine next dot ingram micro dot com to find out more. Let's get into it. Welcome to B two B Tech Talk with Ingram Micro. I'm your host, Shelby scare Hawk, and our guest today are a Nett Miller multi cloud partner development manager for vm Ware and Paul Irwin, staff partner, solution architect of strategic Solutions for vm Ware. A net and Paul. Welcome, Thanks Shelby, Thank you, Shelby. Absolutely well. Today we are talking about vm Ware Cloud disaster recovery. But first let's kind of level set here. So Paul, when we say disaster recovery, what are we talking bout specifically? So, disaster recovery is really kind of a broad description, right, but to define it in a few simple sentences, d R or disaster recovery is the ability to rapidly recover from some catastrophic events in the least disruptive way possible. Right, So the idea is having backups of your data is not disaster recovery. As I've I've mentioned to some of the customers, I've had the ability to work within the past, right, but d R is really having the ability to automate the recovery of those applications and workloads in a prescriptive manner that minimizes the introduction of errors or oversight into that recovery process. When we look at disaster recovery, you know, cloud I would say, has revolutionized DR and it's really made it more accessible to the little guy, right. You know, back in the old days, a good DR solution was was typically reserved for companies with big budgets and multiple physical locations. Nowadays, you know, smaller companies have the ability to use the cloud as that second location if they do not have one themselves, and then using the payers you go kind of cloud consumption model, they can significantly reduce the cost of what was typically associated with your traditional disaster recovery. And you know, just kind of rounding out the definition, you know, it's worth mentioning that not all cloud der solutions are created equal. Some require that you know, the compressed, aacked up data needs to be rehydrated upon recovery, and this can add time to the recovery process. And other solutions require that applications or those workloads be re architected to run in that cloud recovery environment, and this unfortunately complicates the failback process to the customers data center post disaster. So You've said a lot of interesting things in there, and I want to unpack some of those as we continue our discussion there. So the type of disasters that we're talking about a NET, I mean ransomware, yes, and I and I want to come back to that with you, Paul. But a NET, what are some of the other more common disaster events that we're talking about, those catastrophic things. Yeah, yeah, when we look at what events have have triggered a dr for folks, power outages, natural disasters, human error, hardware failure, I know, and sometimes there's things that you wouldn't even think of. Quite a while ago, when I was actually an I T practitioner and we first started talking about disaster recovery, one of the disasters was that a data center happened to be on an upper floor of a building and pigeons lived in that building, and you know, and and uh they had a lot of waste that then had the ceiling ballthroom. So it was a strange disaster. But it's not necessarily right what you would think of as a hurricane, tornado or something. It can be anything like that. And when we look at some of the...

...market data and some of the surveys that I looked at, seventy six of firms in this one survey reported at least one incident in the past two years that required a disaster recovery plan, and um, fifty of those were tied to localized events. So the way that they described localized events were a power outage or a ransomware issue. So Paul and I work a lot with partners, and when we think about that, then you know, this is where partners can really help out to those firms that maybe don't expect to have a ransomware event or a power outage or something like that. And as Paul said, cloud disaster recovery makes this so much more attainable to smaller partners and smaller customers. I could think of of of many, uh comments to make about that pigeon, that pigeon roof fall through. But uh, we'll leave it at that. So Paul, with ransomware, well, one thing I want to discuss is the prevalence of this. I mean, you know, any I t you practitioner knows the inherent danger and the frequency that these attacks are happening with. But I guess if you could speak to a little bit of the urgency in looking at a disaster recovery plan, because there are challenges with disaster recovery, and it's it's not just a simple rollback, right, yeah, you are one correct, you know, And it's this is kind of one of those unfortunate statistics right where ransomware is becoming well I should say it's it's it's very, very, very much trending towards becoming the most prolific disaster recovery event out there, right, you know. And and no, it's not a simple well let's just fail back using old traditional dart tools and unfortunately, traditional disaster recovery tools and methodology don't work with ransomware. Right. So the challenge with ransomware is generally, by the time you realize that you've been infected, it's too late, right, And with ransomware, it's it's often not a case of if you're going to be hit with it. It's generally a case of way right. So, most customers find out that they've been hit by ransomware when they walk into the office one morning only to be greeted with the wallpaper on every single desktop and service screen providing them with the details of where to send the payment to get their data back. Right, And by that point it's it's too late and hopefully you have a way to recover from the right. You know, ransomware usually infects systems for several weeks, potentially even months before it's activated, right, And this is why traditional DR solutions are ineffective at fighting ransomware. It why should say mitigating the effect of ransomware. Right, So we look at a traditional DR solution, you know that is kind of constantly or at predefined intervals replicating change data from virtual machines and customers data centered to a secure DR location. Chances are very likely that your DR copies of those workloads in your DER location are also infected with the ransom way right, and have been for quite some time. Right. So, now we're run into a situation where you know, as a customer, you're either forced to pay the ransom and hopefully get some, maybe all of your data back. I mean, you just don't know, because these are bad guys, right, You may get nothing back, right, or you have to try and figure out how far back in your data backups. And that again assumes that you have data backups, you have to go to get a clean copy of those of those applications and those workloads, right, And the challenge with that approach is, well, now you're going to have significant data loss because you had to go so far back in time that your most recent data is still encrypted and you don't have access to that, right if I'm understanding right, So you know, traditional disaster recovery tools don't work with ransomware because you don't know when your last clean version is, I guess,...

...and so being able to identify that, yeah, you might be reaching way far back. And if you are, obviously I think of maybe a website with a lot of content, you know, rolling that back several days you've lost just you know, pages and pages, yeah, or massive databases, right, or some kind of content management system you know, and now you're going back a couple of months. And if that's if that application is called to a business and everything that that business is about. You just set the business back how many months? Right? Very very disruptive, Yeah, very very disruptive. So to understand the different types of disaster recovery, you know, So I understand there's kind of a few terms out there. You mentioned one earlier that I wanted to enquire about, which is rehydrating the data once it's recovered. I want to discuss that. And then also I think what you're starting to get to with hot sites and warm sites, what do those mean? Yes, so there's there's there's a number of terminology that is often thrown around when we talk disaster recurvery, and I'll go over some of the some of the common terminology because it really does help understand what it is not as as an organization that's that's putting a disaster recovery solution in place for a customer, but as a customer understanding what is required of you to define kind of the boundaries of what it is you're looking for to be able to recover from a disaster. So, you know, out of the gate, you know, where we we talk of kind of the different topologies of disaster recovery. Now we can look at things like a hot site, right, and a hot site is typically like an active, active implementation of disaster recourvery. So you have, you know, as as close as possible a mirror site to what mirrors your production environment at your DR location. So you have very similar hardware. You have pretty much the same versions of software, right that you'd be running in your production site. You would have that at QTR site. And that site is always up and running. It has to be maintained in the same way that your production site is maintained because it has to be able to operate on a moment's notice, right. And you know, most companies leverage that hot side approach for business critical applications, you know, till one applications that can't really afford to be down for for any length of time. They need almost instantaneous fail over or or a very very short recovery time objective. And we'll talk about what r t O isn't just a minute, right. You know, this hot side approach tends to be extremely expensive, right, and it kind of goes back to you know what I kind of mentioned right in the beginning is that generally reserved for companies with very big budgets, right that don't have a problem you know, allocating the the opex and the capex required to maintain that that full second site. That more is the production environment. Right. So the second term is a warm side, and a warm side is somewhat similar to a hot side, but can really be thought of and we like to refer to it as a pilot light environment. It's different in that we only run as much of the infrastructure at the deal location as what is necessary to ensure that a central network and security services and the data replication of those protected on prem workloads are supported. Right. And this environment is essentially runs at a minimal resource capacity until such time as we need it right, and then it can very rapidly be scaled up in capacity to support those workloads as we start recovering them. Right. So we can think of this as kind of an act of passive approach from a dr topology standpoint. The third one, which which may appeal to some customers, is kind of a cold side approach. And in this case, you know, when we when we're talking about cloud, this is more of an on demand consumption approach right where you know customers don't want to have these services running if...

...they don't need them, but they want to be able to take their their on premise workloads, back them up to a secure location in the cloud, and then at the time of a disaster, whenever that may be, then they go ahead and they start building out the recovery infrastructure in the cloud that will allow them to then recover those protected workloads into that into that recovery environment. Now, the cold site, obviously, you know, gives customers a lot more flexibility when it comes to cost, right, So cost is significantly lower, but the challenge there is the recovery time objective is significantly higher. And you go from uh, you know, and instead of it being minutes or hours, you know, as you know when we're talk to you, kind of a hot side and the warm site, now we're looking at days to recover because you have to build that recovery site first before you can actually get to it. R PO recovery point objective right, this in in simple terms, really refers to how much data a customer is prepared to lose during a d R event, right, And it's a bigting maps to the frequency that snapshots or replications are done to protect the VMS into the d R side. The final term that that I mentioned a couple of times already r t O or recovery time objective. This refers to the amount of time that a customer is prepared to be down for right. So, in other words, how long it takes to bring a functional copy of an application or a group of applications back online with the most recent version of that data. Right. And you know what we typically find is most customers don't just have a single r t that say, oh, we need to have everything up in you know, forty eight hours, although they will kind of give those swim lanes to us, but they will say, you know, this group of applications needs to have an r t O of thirty minutes, this group of applications needs to have an art of four hours. But in general, we need to ensure that we are back up and running in its entirety within twenty four or four hours for example. That makes sense. And the term you had used at the top, rehydrating upon recovery, what does that mean? Yes, so some d our solutions backup solutions to our solutions, and as I mentioned that they are not the same thing backup is not d R right, But some solutions. You know, when when a customer replicates their virtual machines with their applications or workloads into the clouds storage, the format of that storage requires that those workloads be compressed and perhaps a d duplicated right to save on space. Right, And at the time that you need to take those workloads and bring them up in the recovery environment, it may require, due to the extent of the compression and the d duplication and whatever algorithms have been applied to that data to keep it as small as possible, that that rehydration process or essentially uncompressed, unencrypted, etcetera, may take significantly longer to get that data back to a point where it can be then rare it or used or accessed. Well, I wonder if I can challenge you on on something and and and I want to you know, feel free to come into this. But when you say that backup is not disaster recovery, why not? I mean, I'm a big proponent of disaster recovery is not just the ability to recover from an event, right, It's a broader definition, as I kind of went over in the beginning, Right, I think a backup, having a good sound backup strategy is essential to your overall disaster recovery solution, but it until itself is not a sufficient dr solution. Right when you think of disaster recovery, you want to get back up and running as quickly as possible with the least amount of disruption to the business. Right And while a backup, having good backups of your data will get you there, it's going to take you a lot longer to restore all of your data. Then, if you have a backup solution in place, a reay where you're just taking copies...

...of the data that already exists, and you're injecting those copies into your recovery environment and bringing them up as virtual machines the same way that they would look and operate and function in your in your own premise environment. So backup is good to recover data. If you know you have an employee that accidentally deletes a bunch of files or from the server, Disaster recovery is your mechanism to recover if something monifarious happens, you know, natural disaster, ransomware, etcetera. Exactly well, and a net so setting back up apart from disaster recovery and making it more of a comprehensive plan and solution. I guess tell us a little bit about then vm Ware Cloud disaster recovery. I mean, I guess, can you one give us an overview of it? But how is this a more robust plan and therefore kind of a oh, I don't know, a stress reliever, you know for people that are that are worried constantly about those ransomware attacks, but that this is more than just a backup. This is what yeah, yeah, So kind of building on what policays and and pulling some of it together. Right, b C d R is a solution that's easy to use, you know, and and we offer like Paul was saying, the on demand ransomware recovery, disaster protection and recovery. So when Paul was talking about those r p O s r t O s, right, the recovery point objectives, being able to set those recovery time objectives, like Paul said, sometimes you might slice and dice what are my tier one apps, what are my Tier two apps? And then delivering this as a software as a solution, right, assas solution. Now you take advantage of the cloud economics here. You know, like Paul talked about the hot site, the pilot light, that the cold side in here, and if I'm to pull a couple of things out, you know about what he said too. We're not reformatting here, right, we're taking what some of the literature says as immutable VM right VM snapshots. They're stored in secure, air gapped, scale out file systems. Now, when we look at you know, a trend, it's it's we want some of these systems where they're story to be air gapped, and what that means is that this is separate from the production network, right, so I kind of um have another level of production their protection there. And then we're also maintaining those virtual machines in their native file format, in their virtual machine format. And we've we've recently come out with in our virtualization are v a v sphere and that helps us with some of that recovery environment in the cloud. So that kind of pulls some of the things together that Paul said. Obviously there's a lot more capability that we've got in VC dr bit. We're thinking that these are a couple of highlights that then you can pull out and think about you know, in in if you're a partner in your environment and your customers environment to really help provide that plan and look at those instances that may come up where you want to define a more comprehensive disaster recovery solution right right, What do you think then really sets VMware solution apart from other disaster recoveries that are out there enough, Yeah, I think it's I think a lot of it is this disaster recovery delivered as software right and delivered assess because what happens here a couple of things too. You take advantage in there's so many customers out there that have, you know, hundreds of thousands of virtual machines in their estates out in the world and work cloads too. So if we can take that disaster recovery is a solution, be able to bring it to even smaller customers right in a comprehensive way where they don't have to reformat those vms that are out in the...

...world, I think it just opens it up more for the masses. And as Paul said too, if somebody's contracting for a hot sight, that's most likely a verily very large customer that has the funds to be able to do it, so to be able to then bring in on demand disaster recovery that skills as you need it, I think really opens up that planning in that solution to a larger community of firms and partners. Yeah, I think I can add I can add just a little bit of color to that too. Right, is you know one of one of the recent capabilities we've introduced into the VM without DR platform or solution is this ability to inject machine learning and kind of AI into the technology to help customers identify potential time frames where if they were infected by ransomware and are not leveraging b C d R as that recovery tool. Right, the intelligence built into VM with DR well it system in idea and defining at what point in time that potential infection had occurred, so the customer knows at what point in time they need to go back to and stop recovering data from. Right. So it cuts out a huge amount of time and testing and validating to ensure that you're not recovering something only to get reinfected all over again. So I think that's that's definitely a key differentiated with with BMO solution. Well, yeah, because it's it, uh, you know, being able to look back to see when you're your most the most recent clean copy, the you know, from where it started. I mean that these things aren't exactly with red blinking lights. You know, they're they're reds are aware for a reason because they're they're a little sneaky there, exactly right, exactly right. And you know, we've built these these workflows into the solution now that will effectively guide a customer through that process, right, you know, further reducing the amount of time it's going to take for them to recover. Yeah. Well, as we do start to wrap up our episode today, we always ask our guests the same final question, and that's where do you see technology going in the next year? Super broad of course, but uh, you know we can focus in on on this space perhaps and and say, you know, where are we going to be in TWE and a net I'll start with you. Yeah. So, as I look at some of that and kind of look out into the industry too, there are a couple of things that we've talked about today that I see stats that are just reinforcing that. And one is increasing protection in this world too, and and um when I read an article about it, it also um it also emphasized some of the air gapping because the stat that's credited to National Archives and Record Administration says that of businesses that lose access to their data centers for ten days or more file bankruptcy within a year. So when you start thinking about that, that makes me think that, you know, more and more firms, even smaller firms, really need to take a look at something like this and they don't want to be the one that's down for ten days, right, which leads us into a diversification of a disaster recovery approach, whether it's a multi cloud approach, you know, let's not put all our eggs in one basket. Maybe if we look at targets for some of that, maybe it's AWS but also Azure, Google, IBM or something like that, or maybe it's really looking at more of a hybrid approach. When I say hybrid, than I include on premises in that multi cloud as well. So I think it's just more emphasis on that protection and then really looking at and leveraging more of the economies of scale and the reach that we have in cloud. Paul, how about you, Well, this is a very tough question. I will say, you know, this is kind of like asking someone how long is a p of string and expecting a definitive answer. Right.

I think, in my opinion, right, vm ware is going to continue to innovate in this space. Right. You know, the bad guys are going to get smarter, They're gonna they're going to find more creative ways to to get into customers environments and not be detected. Right, And vm wares is going to continue to meet their challenge head on. We're going to continue to add you know, additional machine learning capabilities into the platform, into add additional automation into the platform to further guide and automate that that recovery process. I think we'll see cloud adoption rates continue to increase right in various forms, you know, with with the pandemic now hopefully firmly in the review mirror, right, I would say that companies that that made the shift to cloud during that era, right, will now see the benefits of that whole cloud consumption model, and they'll continue to grow and want to expand their presidents and adoption of cloud services. Those companies that held back, I would say, now, especially with the uncertainty of this global economy, I'm gonna say they will probably see the potential that can offer them, you know, this whole ability to consume cloud on demand, you know the scale of cloud economics, pay as you go, you know, and and and that model really being able to help those new adopters. You reduce opics and catholics costs on frame and help them stay relevant with the latest innovations in technology and applications. So that's that's my crystal ball predicted. Yeah. Well, for any listeners that have questions about what we talked about or or wanted to find out more UM and NET, how can they reach out? Yes, so I think well one of the first ways to reach out would be to just find out more. At VMware dot com. You can find out all kinds of information about v c DR. And because this is an Ingram podcast that we're doing today, have anybody reach out to your Ingram reps and they'll be able to get to us if we need something we need to go over one on one somebody or get you some more detail. Well, I really appreciate the time at Insight today and Nett and Paul, thank you for joining me. Thank you Shelby, it's been a pleasure. Thanks so much, and thank you listeners for tuning in and subscribing to B two be Tech Talk with Ingram Micro. If you like this episode or have a question, please join the discussion on Twitter with the hashtag B two B tech Talk. Until next time, I'm Shelby scare Talk. You've been listening to B two B tech Talk with Ingram Micro. This episode was sponsored by Ingram Micro's Imagine Next. B two B tech Talk is a joint production with sweet Fish Media and Ingram Micro. Ingram Micro production handled by Laura Burton and Christine Fan. To not miss an episode, subscribe today on your favorite podcast platform.

In-Stream Audio Search


Search across all episodes within this podcast

Episodes (476)