I love old sayings. “Wait for the other shoe to drop” is a great old saying.
It hails back to New York tenements when apartments were stacked, with the same floor plan, floor on top of floor. When you heard the guy upstairs drop one shoe, you knew there was a second “thud” coming as well.
That was when the other shoe dropped.
Today, Cyber Resilience is the other shoe. When it’s coupled with Cyber protection, you have a nice pair of complementary shoes.
Everyone focuses on Cyber protection, and rightfully so. But as we all know, there is no such thing as perfect protection. The bad guys will inevitably get in.
All of today’s best consultants sing one common song: “it’s not if, it’s when” the bad guys get in. Cyber protection tries to keep them out, and usually does. But when the bad guys get in, that’s where Cyber Resilience comes into play.
Cyber Resilience is also a handoff between two groups at most businesses. Security tries to hold the perimeter. Storage has to enter the game when the breach has occurred. It’s a great area for storage and security to work together, with each having something to offer the other.
Storage Cyber Resiliency in IBM shops is built upon Immutable Copy Protection, and IBM’s offering for this capability is Safe Guarded Copy (SGC). These are point-in-time copies, invisible to the operating system, and tamper proof. These copies are made on a customer-defined schedule. They can be interrogated in a ransom attack, and each copy reviewed for “pre-ransom” integrity. Coupled with the security team’s tools, these copies can also proactively be scanned ahead of time. This further reduces recovery time.
In terms of best practice, a test environment is recommended to scan these immutable copies before they are ever needed. This moves the discussion from a product to a solution, which is really what IBM’s Cyber Vault is – a methodology. Your storage team provides the needed infrastructure, and your security team provides the tools to build upon it.
The key point, as this storage guy sees it: Cyber needs to be a topic that your security and storage teams work on together. Sure, the security folks watch the perimeter. But storage and security folks need to be on the same page if your company hopes for survive the attack when, not if, the breach occurs.
SCG is IBM’s answer to laying the foundation that your methodology will require to have the Cyber Resiliency level your business demands. Talk to us about it.
About the author
Michael Zwolski is a zSystems and Storage Solution Advisor with LRS IT Solutions. With more than 30 years of experience supporting Fortune 100 IBM customers in the areas of mainframe and enterprise storage, Michael is skilled at interfacing between technical and business resources. His knowledge of IBM storage solutions including DS8000, FlashSystem, SVC, and TS7000 and others make him a valuable asset on storage projects.