The growth of cloud-native applications is spawning a new dawn for the data storage sector and re-igniting interest in software defined.

Storage purchasing practice has not changed much in twenty years and the big players then are still the big players today. There are a few exceptions where specialists have ridden trends to build decent positions in the market, think Veeam for virtual data protection or Pure for high-speed Flash storage but the top three remain the same, DellEMC, Netapp and HPE.

Disruption is coming but not from any one commercial entity. No, only a fundamental change to the computing model will upset the form book. The storage and backup solutions originally designed for first monolithic and then virtual applications won’t fit the requirements for cloud-native applications. I’m not talking about “lift-n-shift” cloud using VMware to migrate existing workloads; I’m talking about the data management needs of newly written applications for containers, which can share multiple solutions on a single OS kernel.

Wall Street darlings still?

It’s difficult to track the growth of open source software because revenues are not easy to follow on Wall Street. Compare that to the corporate tech stocks like Netapp which supply data storage to enterprise datacenters. On Friday 2^nd August, Netapp announced revenues 17% down on the previous year which saw its share price fall by 22%. Similarly, Pure Storage’s stock is at 50% of its highs for the year. The disruption which first hit the tech giants like HP and IBM is now hurting the specialist players.

This disruption will accelerate because the open source movement is getting much more powerful. IBM’s purchase of Red Hat for $34 billion is testament to that and a good signal of further penetration into the enterprise or container technology.

Enter Containers

Despite the hype around container orchestration software like Kubernetes, corporate enterprises have yet to fully embrace the challenge of re-engineering for containers. Containers, though more efficient than Virtual Machines and more agile, have been considered too fragile for serious IT operations staff. Developers love the speed and simplicity of containers. The process is so easy they can afford to focus on writing great code and nothing else. The ephemeral nature of containers meant that data could be easily lost which meant no IT admin could sanction their use in steady-state production workloads. This situation is changing fast.

Last year, a Kubernetes release went GA with persistent volumes, which affords data a place to live, even when containers spin down. These volumes can reside on the usual protocols; block, file and object. Another major development at the start of 2019 was the Kubernetes 1.13 release which went GA with the Container Storage Interface (CSI). This was the starting pistol for vendors to pile into developing drivers for CSI now that they have a stable development and support interface.

For even greater confidence, production workloads require robust data backup and recovery systems. Most major backup applications from vendors like Veritas, Dell, IBM and Commvault, don’t natively support containers. Though still in Beta, Kubernetes has released APIs for its volume snapshot feature. Looking back to when VMware provided VAPI it unleashed a wave of innovation and enabled powerhouse commercial entities such as Veeam. The imperative of digital transformation is driving cloud investment and open source development. According to Grand View Research, containers are expected to grow in adoption by 26% CAGR between 2019 and 2025. Several vendors including IBM are working on supporting containers in their backup/recovery software later in 2019.

Future Storage

As applications built on container technology move from testing into production and full-scale operations, they will need a stable bedrock of enterprise-class data storage and backup infrastructure in place. Developers won’t accept the constraints of traditional storage administration, they will expect rapid provision, self service and ease of use. IT admins will still be needed to manage the overall storage stack, but they will have to get out of the developers’ way for general use. To deliver storage in a uniform and dynamic manner across on premise and public clouds, with less intervention by storage administrators, requires a software-defined approach.

To finish, its not all about where your data resides. In all likelihood, it will become more portable as applications are written for containers. What’s important is that if you need to retain your data then you need the security of persistent volumes and a way of protecting the data that isn’t hampered by the ephemeral nature of the platform.

The post Building Data Confidence for Cloud-Native Applications appeared first on Silverstring.

It could be you..

Wired Magazine’s latest cover story is about a global shipping corporation that was temporarily crippled by a malware attack, and how they learnt to appreciate the value of their data. Without the access to the systems and the data that underpinned their entire operation, lorries couldn’t board ships, the ships weren’t running anyway, and it was only through a lot of hard work and the odd stroke of luck that their systems were made fully operational again. Estimated cost to the business – $300 million.

An event like this helps an organisation to understand the value of their data.

As technology stakeholders in businesses, we should always be asking ourselves a few key questions:

• What data do I need to execute my job efficiently?
• What would I do if that data was not available?
• Do I know if that data is secure?
• How long would it take to recover that data?

First principles

Security principles should be one of the basic building blocks of any infrastructure, rather than bolted on afterwards. Companies that are undergoing any type of business transformation have a responsibility to understand the value of that data and to ensure that the protection of it is not purely a secondary consideration. Working on the assumption that a disaster probably will happen, an organisation is going to consider the risks far more effectively than an organisation that just hopes it won’t.

So what should you do? Ensure your data is protected, but make sure that protection is also secure. Use Role-Based Access to crack down on unauthorised access. Use encryption-at-rest to protect those backups and always try and make sure that data is protected whilst it’s being sent to the backup location. Make sure you monitor that environment – if you don’t have monitoring, then how do you know if somebody is trying to get at that data?

A gentle reminder

In the rush to provision compute and storage in the cloud, we all need to ensure that the security of that data isn’t merely an afterthought. We need to ensure that data protection and security is built in from the ground up, and we need to ensure that processes are resilient enough to withstand the impact of an attack.

Silverstring’s Sleep Easy Study will help you to ensure that your Data Protection Strategy doesn’t leave you exposed. For more details, contact info@silverstring.com.

The post Know when to lock the stable door appeared first on Silverstring.

When hackers accessed the details of up to 2.4m Carphone Warehouse customers in 2015, every single one of those customers will have felt let down. Although inertia kicks in, you can bet that a significant number of those customers moved to an alternative supplier.

Unlike others in the animal kingdom, we are programmed to nurture and protect. Security will be considered and managed; some companies may even have a strategy for “Threat Hunting.” However, we are still capable of errors; every precaution you take can be undermined by the Human Factor. As the ICO reported earlier this year; 4 out of 5 data breaches are caused by either human error, or process error. You need to be awake to that risk.

According to J.T. Hallinan, an American Pulitzer prize-winning journalist, humans are pre-programmed to make blunders. We humans are typically overconfident in our own abilities. This attitude leads us believe we are above average at everything (such as driving a car) – a statistical impossibility that can also result in a lack of duty of care to data protection.

Most companies see their backup server as a back-stop not a security risk, but this reactive approach can lead to embarrassing situations caused by the frailties of human nature.

Consider the following to help protect yourself from human error:

Role Based Access

In the Carphone Warehouse case, the ICO in its investigation, identified 11 key issues, one of which was the lack of “rigorous controls” over who had login details. It is important to ensure that users’ access is appropriate for the requirements of their job. Check that they have secure passwords and that they change them frequently. But don’t just assume that this will protect you. Is your backup system linked to your Active Directory controls?

Good Leaver or Bad Leaver – have a process for all leavers

What happens when your users leave? Are their accounts automatically disabled as part of the exit process? Is the backup system monitored to ensure that this happens?

Intrusion Detection

Does your backup system warn you of suspicious activity? Such as an excessive number of invalid passwords, or password resets being made by users with administrative access.

Password management

What about passwords that are used across the company? Rather than remembering how a backup client authenticates with the backup server, many organisations just set a simple password. That’s a hacker’s dream.

To summarise, your system is only as strong as your weakest link. You have a duty of care to make sure that this is not a member of your own team. Don’t leave your customer’s data to defend for itself.

Contact us about a Security Audit of your backup system and we’ll help you to identify those weaknesses before the criminals do.

Contact Steve at smiller@silverstring.com

The post Your backup data deserves protection from human frailties appeared first on Silverstring.

Ransomware has existed since around 1989, in the form of the “AIDS” trojan. However, the digital currency Bitcoin, has allowed it to become a significant and global threat. We live in a world where the ransomware maker can sell malicious code to others who then use it against you. Email remains the predominant way to spread the virus but ransomware exploit kits are not far behind. They can cost under £4,000 and rival gangs then compete against each other for market share.

Should you be concerned about this?

• In the first half of 2017 Enterprise businesses only blocked 42% of infections (Source: Symantec)
• An IBM Security survey found that only 29 percent of small businesses had experience with ransomware, making these businesses more likely to be unprepared for the threat. (Source: IBM)
• In 2017 Reckitt and Benckiser issued a statement to say they expected sales to be reduced by £110 million due to the Petya ransomware
• 60 percent of malware payloads in Q1 2017 were ransomware. (Source: Malwarebytes)
• A Cisco 2017 report states ransomware is growing 350 percent annually. (Source: Cisco)
• According to a Kaspersky Lab survey, 34 percent of businesses hit with malware took a week or more to recover full access to their data. (Source: Kaspersky)

Of course, you will be able to redeem your data; these gangs need a good reputation or nobody would pay up.

But what about your reputation? Could you redeem that? Moving on, which solutions should you be looking at?

A primary reason for copying your data to tape was to protect against ransomware. Keeping that additional copy at arm’s length meant there was an air gap between the separate copies. If your backup server was exposed to a ransomware attack you had the peace of mind; your reputation and your data would be safe. But how is this relevant in the era of the disk-only backup solution?

1. There’s one point that should be obvious. You have an offsite copy, but it doesn’t mean that you have an excuse not to tighten the security on your backup server. Read our previous blog on how to do this.
2. Secondly, if you are worried about the spread of ransomware, it is imperative to have multiple copies of your backup data.
3. Software replication may support you in this situation. If you want to increase resiliency within your backup environment, it is possible to replicate from a Windows based system to a Linux one. Rare is the ransomware that will make the jump from CIFS to NFS.
4. Most backup products now offer the option to tier data to object storage in the cloud. This introduces a defacto airgap because of both distance and the difference in protocols. That said, data restores from object storage are generally much slower. As a note of caution, if you are pulling data out of the public cloud you may encounter unforeseen egress charges. Therefore, most data protection uses object storage for archive data; it tiers data on that medium based on age. This might not be ideal for recovery in a ransomware situation.
5. Finally – although prevention is better than cure, there’s no substitute for effective monitoring. Several backup products have the facility for ransomware detection. They effectively check the profile of the data being sent into the backup environment. If there is a radical change that might indicate an infection, they can alert you before it spreads too far.

What does the future hold? 81 percent of cybersecurity experts believe there will be more ransomware attacks than ever in 2018. (Source: CIO Dive) According to McAfee, ransomware grew 56 percent in the past four quarters.

If you feel that the security of your current backup environment could be tightened, please contact your account manager or email me in confidence at smiller@silverstring.com

Steve Miller, CTO of Silverstring, helps organisations deliver improved returns on their investment in data protection.

The post Ransom and Redemption – the road to salvation appeared first on Silverstring.

Now imagine your organisation’s name in the title. And it’s not just organisations; The city of Atlanta was brought to a standstill in March due to a similar attack.

http://thehill.com/opinion/cybersecurity/381594-a-ransomware-attack-brought-atlanta-to-its-knees-and-no-one-seems-to

Did these organisations deliberately put themselves at risk? Would you leave your key in the front door when you go out? Security attacks happen so you invest in secure data backup, your ultimate security system.

But what if you remove the key and the door remains unlocked? Hackers have accessed your backup files and the only recovery point you have is after the attack.

The latest backup software produces greater resilience than ever before; it averts security breaches to your backup files and protects critical data. Is this the security panacea?

If only it was that easy.

Environments change and systems deteriorate if you don’t invest in costly proactive management.

So, what should you do next?

• Act on flashes from your backup vendor or service provider. One backup application we know issued 30 flashes last year, of which 19 were related to security. How many did you apply?
• Ensure your backup server(s) is as hardened as your most critical application server. Implement some form of encryption for your stored data.
• Actively manage administrator passwords or enforce with LDAP or Active Directory.
• Don’t run software which is more than 18 months past general availability.
• Ransomware is propagated via a network and aims to encrypt file systems and block storage. Consider tape or object storage and make snapshot copies of the backup database. If the backup database becomes encrypted your “get out of jail card” is useless.
• Perform regular randomised recovery tests. Don’t rely on the day-to-day recoveries you must make.

The GDPR regulation has forced backup vendors to innovate and integrate new security features into their software. These features are available for anyone on subscription or maintenance plans. Do you know if you’re using them to maximum effect?

When it comes to securing your most critical data it’s never too soon to take backup security seriously.

Steve Miller has 18 years’ experience helping organisations protect their data and is currently the CTO of Silverstring. If you would like to know more please contact him at smiller@silverstring.com

The post Are you taking backup security seriously? appeared first on Silverstring.

It’s a good question, and it was also the first time that he had asked it. I asked him why he was asking it, and it’s because the business was looking at how it would comply with GDPR next year, and they had therefore asked him to confirm that all data backed up was encrypted at rest.

Data breaches – such a regular story

Recently, among others, there has been a news story about a massive data breach at Equifax, which follows a similar pattern to previous ones. Hackers exploited a vulnerability in their website and grabbed valuable customer information and the company response leaves them open to widespread customer criticism.

Would encryption have helped in this case? That depends on the strength of the encryption and if the hackers were able to get hold of the encryption keys as well. At least, if the data had been encrypted, there would have been one more hurdle for the criminals to negotiate.

Which brings me back to our customer and data protection. Until recently, encryption of data within Spectrum Protect hasn’t been complete. Data could be encrypted at the client level, or if it was on tape, or if it was on a cloud storage pool. But, directory storage pools have been an exception since IBM introduced them in 7.1.3 a couple of years ago. This has always seemed a gap, particularly for the new storage paradigm for next-gen Spectrum Protect storage.

Spectrum Protect’s encryption story

Since 8.1.2 was released in August, it has included directory storage pools being encrypted at rest. It’s a relatively straightforward process, although there are security considerations to take into account with regard to the Spectrum Protect database. It’s a compelling reason to upgrade from earlier versions of Spectrum Protect and to consider your future plans. It’s just a small part of the data security jigsaw, but if you can do this now, it might make the bigger picture become more clear.

Discover why and where you need to encrypt

We are finding more and more of our customer discussions are now covering a wider gamut of security and compliance discussions. If you are still wrestling with the GDPR conundrum, now would be a great time to book an Encryption Discovery Workshop with our team.

The post Why and where are you Encrypting? appeared first on Silverstring.

IBM Spectrum Protect (formerly TSM) has had a product in this space, called Spectrum Protect for Virtual Environments, but it was a bit late to the party and was, until now we believe, playing catch up.

For some time, users of Spectrum protect have been asking about the use of VMware tagging for backups.

With version 8.1 (released in December), this feature is now available. Spectrum Protect now has a range of tags for VMs to be included or excluded, allowing specific disks to be included or excluded and for application protection to be enabled as required.

Users of competing products point to the simplicity of setup as a reason to purchase separate backup tools, and tags have played a big part in this. With the new support for VMware tags in Spectrum Protect 8.1, it seems that IBM has hugely simplified the process of configuring and scheduling backups of VMware estates, and customers that previously discounted IBM for reasons of complexity, should take another look.

Check out our video below to see how simple it is to use tags for backing up VMs in Spectrum Protect 8.1

The post Spectrum Protect 8.1 gets VMware tagging appeared first on Silverstring.

Since the GA of 7.1.7, Silverstring have upgraded two separate environments from 7.1.5 to 7.1.7. Both of these environments had data in both legacy deduplication pools and Container deduplication pools, so following the upgrade, we were able to run the conversion process to consolidate all of this data in one container pool.

In these two cases, the increase in available capacity was between 19% and 35%. Allowing for a typical year-on-year capacity growth of 10%. Therefore avoiding unpredicted spend on additional storage capacity. Converting to container pools could see the life of a Spectrum Protect system extended by 1-2 years without any additional hardware expenditure.

This generation (7.1.7) of deduplication pool adds a layer of sophistication and efficiency by removing the following barriers to effective data reduction:

• Excess capacity was required to ingest the original data
• Lengthy processing cycles were required to redistribute the data chunks after duplicates were identified.

Previous generations were inhibited by the following limitations:

• No procedure for moving legacy data into container pools (other than server to server replication)
• No support for tape copy of container pools

Spectrum Protect 7.1.6 (June 2016) addresses the first of these issues. Using the CONVERT STGPOOL command, there is now a facility to move data out of a legacy deduplicated storage pool (a FILE POOL) into a new container pool. This makes it possible to upgrade a current server instance to use the new storage pools without having to either keep data in two different types of deduplicated pool and without having to replicate data to a second instance. Spectrum Protect 7.1.7 (September 2016) now addresses the second issue by allowing a deduplicated tape copy of a container pool!

This makes it much easier for Spectrum Protect users to realise the benefits of container storage pools and those benefits can be significant. As of version 7.1.5, Container Pools perform inline compression as well as inline deduplication. This enables them to achieve significantly improved data reduction when compared to File Pools.

Taken together, this means that Container Pools can use storage far more efficiently than File Pools, allowing users of Spectrum Protect to retain more data on that storage. This allows users to reduce costs and to increase the life of that storage.

Contact us NOW and save money on storage costs!

The post Spectrum Protect – Using new technology to extend the lifespan of your storage assets appeared first on Silverstring.