Ransomware is no joke. Even those organizations who think their environments are up to date with patches and procedures have found themselves in a precarious position over the last few years. The simplest way to protect virtual machines against ransomware is to back them up. This is something that every organization is doing, or at least they think they are. Let’s take a look at some of the key things organizations should be thinking about when backing up virtual machines.
Virtual Machine Backup Frequency
How often are you backing up your virtual machines? You will likely have several different answers to this question based on the applications residing on your virtual machines. For example, you may be backing up a development virtual machine once a day, and a production virtual machine twice a day. To answer this question, you first determine how much data loss is acceptable in the event of a failure of any of your virtual machines. This is commonly referred to as the Recovery Point Objective RPO. This answer will determine the frequency in which you must protect virtual machines in your environment.
This is one of the steps that is often overlooked when deploying a new application or virtual machine. Many organizations may tend to follow existing policies, which may not actually reflect the recoverability needs of an application. For example, part of the initial deployment procedures for a virtual machine may to be back it up with a default policy. This could be overlooked once the virtual machine has been configured for a a specific application. If you have a production application with an RPO of eight hours, and it is being backed up with a default daily backup job, you will incur an intolerable amount of dataloss in the event of a ransomware attack on that virtual machine. It is very important to verify backup jobs as part of the final readiness checks for go live of an application.
Ensuring Virtual Machine Recovery
There are several things organizations must consider when ensuring virtual machine recoverability. First in foremost, are our backup jobs actually completing? Are their any errors in them? Ensuring backup jobs complete successfully in the allotted time window is the first step in making sure virtual machines will be able to be recovered in the event of a disaster. The next step is ensuring virtual machines can be recovered in a timely fashion. Here is where it gets tricky. Testing the recovery of a virtual machine or two is one thing, but testing recovery of a large amount of virtual machines is a completely different task. Processes must be in place to ensure that applications are recovered during a disaster in the order which makes the most sense for the business. The time in which it takes an application to be recovered is the Recovery Time Objective or RTO.
For example, let’s say we have two different applications called Cat and Dog. Both are production applications in our environment, which means they are backed up every eight hours. However, Cat is a much more important application than Dog, so we need it up and running within two hours of a disaster or our company will start losing money. On the other hand, Dog needs to be up and running in eight hours before we face a significant business loss. This means Cat’s RTO is two hours, and Dog’s RTO is eight hours. We must ensure that our disaster recovery run books clearly list the importance of our applications and their RTOs, or we may waste time recovering Dog first when it is really Cat that needs to be up and running quickly. This recovery of Dog and Cat should also be tested to ensure the applications will be running in line with their RTOs.
Paying attention to these two simple things can help ensure organizations protect virtual machines against ransomware with backups. Backup are a vital tool to any organization, but they must be implemented in line with business requirements.