Are Backups Beyond Data Enough to Secure Ransomware Resilience?

Companies are offering the ability to restore entire tech infrastructures quickly following a ransom attack. Kate O’Flaherty looks into how this helps boost cyber resilience

In an age of increasing ransomware attacks, backups have never been more critical. But after an attack, simply restoring data isn’t enough, so vendors are starting to offer new capabilities to restore your entire tech infrastructure – including apps, networks, and data.

This type of offering makes sense and certainly boosts resilience. For a cloud company, it can be the difference between quickly getting back up and running or losing millions of pounds struggling to get back online following an attack.

When performing a ransomware attack, adversaries want to cause as much damage as possible to extort a payment – and backups are a key focus. “Attackers often stay in systems long enough to understand the infrastructure, target critical systems and inflict maximum damage,” says Max Mortillaro, co-owner and principal analyst at TECHunplugged. “In these cases, backups are often a primary target, making recovery difficult.”

“Restoring applications quickly in a disaster scenario such as ransomware is critical for minimising downtime and operational impact” Arjan Timmerman

In cloud environments, ransomware recovery is even more challenging. Mortillaro says this is due to variables such as hybrid cloud setups, the need to cover multiple regions, and distributed application architectures.

But one company says it can offer the ability to get cloud companies back up and running (quickly) following an attack. Commvault’s new product Cloud Rewind doesn’t only recover data; it is designed to restore an organisation’s entire cloud application and data environment – including cloud infrastructure configurations – in a “highly automated way”, according to a press release announcing the product.

According to Commvault, a typical enterprise uses up to 3,711 cloud applications spanning finance, HR, and operations services. After an attack, organisations often can’t resume ‘business as usual’ until these are rebuilt.

In most cases, it takes more than a week to return to normal, according to Commvault’s research. However, Commvault claims Cloud Rewind helps customers return to business “within minutes after a cloud services outage or ransomware attack.”

Cloud Rewind’s capabilities became possible after Commvault acquired Appranix, a specialist in recovering configuration data for cloud applications and network connectivity.

Eliminating operational downtime

These are undoubtedly bold claims. So, what do the experts think? Mortillaro’s colleague, Arjan Timmerman, co-owner and principal analyst at TECHunplugged, calls Cloud Rewind “a powerful solution for organisations with complex cloud environments.”

“Restoring applications quickly in a disaster scenario such as ransomware is critical for minimising downtime and operational impact,” Timmerman says.

Among the benefits, Cloud Rewind automates capturing and protecting the entire application stack –  data, configurations and infrastructure – across multi-cloud environments.

This eliminates multiple manual steps, which are “prone to error” and “time-consuming,” Timmerman says. “It reduces the burden on IT teams and provides peace of mind that all layers of cloud-based applications can be restored reliably and quickly.”

The primary issue is operational downtime following a ransomware attack, says Darren Thomson, field CTO of EMEAI at Commvault. “Ransomware can cripple an organisation’s ability to access its data and systems, causing delays in service and lost revenue – not to mention reputational damage.”

The biggest challenge for customers is navigating the immediate chaos of an attack, says Thomson. “Data might be encrypted, backups could be compromised, and there’s often a lack of visibility into the scope of the attack. Even if backups exist, the time required to restore operations to a fully functional state can be prolonged by a lack of preparedness or outdated processes. Determining which backups are clean to restore is crucial, yet this procedure can be very time-consuming.”

“Even if backups exist, the time required to restore operations to a fully functional state can be prolonged by a lack of preparedness or outdated processes” Darren Thomson 

Anyone with any ransomware experience will know that there’s also a psychological element to attacks. Panic can lead to rushed decisions, such as paying the ransom, which is not a guaranteed path to recovery, says Thomson.

Additionally, the complexity of modern IT environments, which blend on-premises, cloud, and software-as-a-service (SaaS), means organisations may struggle to locate the exact systems or datasets they need to restore.

With this in mind, Cloud Rewind is aimed at enterprises operating in cloud-first, highly regulated industries such as healthcare, finance, and critical infrastructure. According to Thomson, current customers using the firm’s cloud services will benefit from the feature and can seamlessly migrate over to it.

What does this mean in real-life scenarios? “Imagine a mid-sized healthcare organisation hit by ransomware that locks up patient records and operational systems,” says Thomson. “Using Cloud Rewind, the IT team can quickly trigger an automated rebuild of their applications and underlying infrastructure.”

He says the system analyses application dependencies, ensuring that the database, front-end applications, and APIs are restored to the correct sequence. “Within minutes, this would mean the hospital is back online, accessing patient records and continuing operations.”

Other options

The market for cloud-native disaster recovery is growing rapidly as more organisations move to the cloud and adopt multi-cloud strategies. This is a newer segment compared to traditional data protection, but it’s growing in importance as cloud adoption accelerates, says Mortillaro.

Key drivers include the increased frequency of cyber attacks, the complexity of multi-cloud environments, and stricter regulations around data protection and recovery.

For example, the EU’s Digital Operational Resilience Act (DORA) and the Network and Information Security Directive (NIS2) mandate that businesses maintain operational resilience. “This is driving demand for solutions such as Cloud Rewind that offer automated, reliable recovery of cloud-based infrastructure and applications,” says Mortillaro.

“You need to secure data in a world where cyber attacks are constant and the EU and others are adding regulations” Max Mortillaro

Therefore, it’s no surprise that competing offerings are available. Several vendors offer similar capabilities in the cloud-native disaster recovery space, but few offer the level of integration and automation found in Cloud Rewind, says Mortillaro.

Timmerman says that Cloud Rewind stands out due to its focus on multi-cloud application resilience. “Unlike traditional disaster recovery solutions that may only focus on data, Cloud Rewind integrates protection across the entire application stack.”

Another benefit of Cloud Rewind is that it works across different cloud services. Key competitors in the cloud-native data protection market include Druva, while Rubrik and Cohesity also expand into cloud-native protection. “Besides Druva, Clumio –recently acquired by Commvault – had a strong value proposition but was deeply focusing on Amazon Web Services (AWS) only, whereas Cloud Rewind is natively multi-cloud,” says Timmerman.

In the event of a ransomware attack, James Blake, global head of cyber resiliency strategy at Cohesity, tells Assured Intelligence about the firm’s “vaulted repository of the tools and resources to communicate and collaborate” while it investigates and mitigates the threat, called the Digital Jump Bag.

Blake says that once the attack is understood, remediation can be conducted to restore systems to production safely. Data management solutions offer value here by allowing systems to be “rapidly rebuilt” using golden master install images and trusted configurations.

Building resilience

The technology is undoubtedly useful, and Cloud Rewind offers impressive capabilities. But like any tool, it must be used alongside a resilience-building strategy to ensure a quick recovery after a ransomware attack.

CISOs should prioritise a “holistic approach to resilience”, says Thomson. This includes implementing technology as well as fostering a cybersecurity-aware culture. “Employee training, incident response planning and ensuring all systems are up to date with the latest security patches are critical components. Additionally, visibility into the entire IT environment is essential to identify vulnerabilities before they are exploited.”

Cyber resilience is something organisations need to take seriously, says Mortillaro. “You need to secure data in a world where cyber attacks are constant and the EU and others are adding regulations.”

The technology will give you a boost, but in the end, the goal for all businesses is to have a solid plan, says Timmerman. “The software isn’t going to solve everything. You need processes, and to embed the software in your processes. If you are a manufacturing plant and you can recover core apps following a ransomware attack, but you can’t operate, you will go out of business.” Sobering words, indeed.