Many strategies for fighting ransomware, like taking regular backups, are the same no matter where you host data — in the public cloud, in a private data center, or on-prem.
However, companies that operate data centers can deploy some special practices that may reduce their risk of falling victim to ransomware attacks. When you control all aspects of your infrastructure and hosting facility, you can do things to mitigate ransomware threats that wouldn't be possible elsewhere.
To that end, keep reading for a look at actionable strategies for mitigating ransomware risks in your data center.
Click here to jump to our data center ransomware infographic.
Basic Ransomware Mitigation Strategies
Before diving into anti-ransomware strategies that apply to data centers in particular, let's discuss generic tips for preventing ransomware in any type of environment. Standard best practices include:
- Back up data: If you take regular backups of your data, you can restore from a backup following a ransomware attack instead of paying the ransom.
- Monitor for threats: Continuous monitoring can help you detect the presence of malware that ransomware attackers use to encrypt data, making it possible in some cases to stop the attack before your information is held for ransom.
- Educate users: Educating employees, customers, contractors, and other stakeholders about ransomware and related risks reduces the chances that someone will fall for a scam that results in the deployment of ransomware inside your IT estate.
- Minimize exposure: Practices like closing unnecessary network ports, following the principle of least privilege, and turning off extraneous workloads make it harder for threat actors to carry out ransomware attacks.
Again, you can do these things anywhere, not just in environments hosted in private data centers.
Stopping Ransomware in the Data Center
However, when you operate your own data center (or use a colocation facility) to host workloads, you can take additional measures to protect against ransomware — measures that would be challenging or impossible to take in most other environments.
Air-gapping
For one, you can air-gap data and workloads. Air-gapping means disconnecting resources from the internet completely, which will totally prevent any network-born attacks. This is especially valuable in the context of ransomware protection because it means you can virtually guarantee that data backups won't be accessed by attackers, who sometimes seek to compromise backups so their victims can't recover data without paying the ransom.
Air-gapping is not typically possible in the public cloud because there is no way to disconnect cloud resources from the network; the best you can do is place them on private networks that are not directly exposed to the internet but may still be exposed to attackers who already have a presence inside your environment. With a private data center, however, you have total control over your infrastructure, and you can physically disconnect data from the network if you wish.
Offsite backups
Private data centers also make it easier to maintain offsite backups, meaning backup data that is stored in a physical location separate from the one that hosts production workloads. Offsite backups provide another line of defense against ransomware by ensuring that you have a secure set of information you can recover, even if your entire data center facility is compromised in an attack.
While it's possible to create offsite backups from the public cloud by downloading backup data to a location of your choosing, you have to rely on the network to move the data, which can take a long time if you have lots of data to move. With your own data center, you can copy your data directly to storage media, then move the media to a location of your choosing.
Digital twinning
In the context of data centers, a digital twin is a complete replication of an IT environment. Digital twins help protect against ransomware risks by providing an environment that organizations can switch to in order to maintain continuity if their primary environment is compromised through a ransomware attack.
You can maintain digital twins in the public cloud if you wish, but doing so tends to be more expensive and complicated because it essentially doubles the volume of the cloud resources you pay for. You also have to implement a plan for switching from one cloud environment to your backup environment, which can be complex due to the many variables (like network rules and IAM policies) that are involved.
In a data center, you can maintain a digital twin more cost-effectively by, for example, using older hardware to host the twinned environment. You also don't need to worry about adjusting configurations such as IAM rules to redirect requests to your backup environment in the wake of a ransomware attack.
Physical security
Ransomware attacks carried out by malicious insiders (such as employees) are an increasing risk. Here, private data centers offer the advantage of giving organizations more control over physical security, helping them to manage in a granular way who can access infrastructure and data inside.
Physical security controls are excellent in the public cloud, too, but the difference is that if you use the public cloud, you have to entrust physical security to a third party, which can't guarantee that no malicious insiders are present in its facilities. In your own data center, you have full ability to manage access to the facility, as well as to monitor activities as a means of detecting ransomware risks and other threats.
Conclusion
It would be wrong to conclude that data centers are inherently less prone to ransomware attacks. Like any setting, data centers can be and often are hit with ransomware. However, data center operators can take precautions against ransomware that are not practical in other types of environments. By adopting those measures, companies that use data centers to host their workloads gain a leg up in the fight against ransomware.
