Moving Security to the Point of Data

For security teams to ensure their data is secure, they need to adopt practices that make their data one of their best lines of defense, as opposed to the last line of defense.


Last year proved to be a blockbuster year for ransomware as attacks increased some 715%. If recent statements from the director of the FBI comparing ransomware to terrorism are any indication, this trend shows no sign of slowing down anytime soon. With more companies moving data storage to the cloud, data protection against ransomware needs to become a top priority for organizations fast. But just as data storage has become more complex, so too have the forces threatening it.

In response to these attacks in the US, the White House recently released a new Executive Order (EO) on cybersecurity. While this is not a law, it represents a major shift in attitude towards cybersecurity. If this executive order does what it is intended to do, shifting the emphasis from reaction to prevention, the net result should be reduced costs for companies. It will raise the security bar for everyone — improving resilience for U.S. companies, and as a result, America’s resilience to cyber attacks. This is also a matter of national security and trust. The EO says: “the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and to the consequences we will incur if that trust is misplaced.”

In order for security teams to ensure their data is secure, they need to adopt practices that make their data one of their best lines of defense, as opposed to the last line of defense. In this article, we’ll explore how security and data teams can move security to the point of data and better protect their business from the nasty fallout of having to pay a ransom.

It’s all in the immutability

To most major enterprises, data is a valuable asset and essential to everything from go-to-market strategies to customer experience. Protecting this asset starts in its management.

To ensure the data’s safety, companies should adopt a unilateral approach to data management based on immutability. Immutable, by definition, means the state is set or inflexible once constructed — it cannot be changed by any internal or external force. To adopt this approach to data management, those responsible for governance need to be sure they ingest, manage, and store data immutably; any modifications are made using a new copy — leaving the original untarnished; and all of this should be done continuously using automation.

Ransomware is constantly advancing, putting the integrity of backups at greater risk. Immutable data cannot be encrypted after the fact. Immutable data is immune to this type of malicious activity — if a company detects signs of a ransomware attack, it can leverage immutable backups to instantly recover to a previous healthy state, malware-free.

Keeping an eye on your data

Beyond adopting specific technologies like immutability, CIOs, CISOs, and data management teams should adopt new attitudes towards monitoring data. For a long time, data security and the roles of those responsible for it have been built around the idea of a perimeter. Data is fenced in by security protocols designed to keep bad actors out. However, as ransomware attacks grow more complex, security professionals must recognize the importance of monitoring their data and users’ interactions with it.

There are plenty of factors that dictate the outcome of a ransomware attack after a company’s data has been breached, but one of the most crucial factors to a swift recovery is the ability to recognize the scale of the attack. Better data monitoring practices make determining the scale of an attack — including where it came from and what data may have been impacted — much faster.

The lengthy process of identifying an attack’s scale is expedited by security protocols designed to recognize aberrant behaviors as users try to get access to sensitive data. Proactive measures like user behavior monitoring not only expedite the recovery process, but also can potentially prevent a breach by flagging suspicious behavior that might otherwise go unnoticed. Other proactive measures for data monitoring include the adoption of a data classification engine to help determine whether data under attack is sensitive data, personal data, or regulated data, and an orchestration engine to orchestrate ransomware recovery protocol in the event of an attack.

Going Forward

Ransomware attacks aren’t going to stop targeting business data anytime soon. As the frequency of attacks increases alongside the growing rate of digital transformation, data security pros have a growing responsibility to do as much as they can to protect their data.

While data has long been considered the most valuable asset to be protected, it’s time for enterprises to adopt approaches that turn their data into one of its best lines of defense. Doing so may be the difference between preventing an attack or becoming another victim of ransomware.


Khushboo Kashyap is Senior Manager, Security Governance and Risk Management at Rubrik, the cloud data management company. Rubrik enables enterprises to maximize value from data that is increasingly fragmented across data centers and the cloud. Rubrik delivers a single, policy-driven platform for data recovery, governance, compliance, and cloud mobility.