Are ‘cleanrooms’ the answer to help businesses overcome today’s top prevalent cyber threats?
Ian Wood, EMEA North Senior Director Sales Engineering, Commvault
Edition Seven
Studies from cybersecurity firms and government bodies continue to show an upward trend in both the frequency and sophistication of cyberattacks against businesses.
The UK’s National Cyber Security Centre warns the global ransomware threat will rise over the next two years, and a new report from SoSafe highlights how concerning the threat landscape is becoming. This research cites 85% of security professionals agree that now is the most challenging it’s been in the past five years, with one in two admitting they have experienced a successful cyberattack in the last year.
The growing skillset of cybercriminals, enhanced by AI tools, is a significant contributory factor, along with today’s fractured IT environments, which are increasingly complex to defend.
Ransom demands going up
Ransomware demands are going up too, with average payouts escalating to five times higher than last year, from
according to Sophos. Such sizeable outlays, along with regulatory fines and reduced revenues caused by business disruption, can total up to significant financial losses.
Then, there are other ramifications to consider if employee personal data has been exposed in the public domain or on the dark web. This can lead to lack of trust and staff loyalty, culminating in long-term problems with staff retention and recruitment.
With so much at stake, IT leaders are not only focusing on robust cyber defences but also scrutinising the efficacy of their recovery plans. They are questioning whether processes have been properly tested and how they would stand up to an actual breach.
Testing cyber defences is vital
The reality is that until recently, recovery testing has been resource-intensive, complicated, and rarely done comprehensively, putting the chances of reliable recovery at serious risk. However, the advent of ‘cleanrooms’ is reshaping the testing and recovery market with ready-made solutions that are effective, simple to use, and fit for today’s fragmented and hybrid IT environments.
A cleanroom solution such as Commvault’s Cleanroom Recovery offers a comprehensive testbed to validate the effectiveness of cyber recovery plans, technologies, and processes.
It provides a secure environment where data and critical assets are completely isolated from live systems, enabling security professionals to test systems and simulate real-world cyberattacks - including ransomware and malware - without any risk to their organisation. It gives security analysts the opportunity to identify gaps in cyber defences and recovery plans, and gain valuable insights into potential threat actors and their techniques. As a result, they can pinpoint problems and tailor their cybersecurity strategies and defences more accurately.
Minimising insider threat risks
Organisations can minimise risks further by adopting a zero-trust architecture and multi-factor authentication, such as provided by Commvault Cloud. A solution such as this comes with extra safeguards including additional configuration levels for sensitive data to ensure access requires another layer of approvals. Plus, built-in risk analysis identifies critical data, automatically assigning a classification level to ensure it is protected and managed appropriately. This is ideal for data that has specific regulatory requirements for security or privacy, such as GDPR, as access can be restricted and closely controlled.
Even with continuous review and testing of cyber defences to fend off attacks, breaches can still occur. This is likely in circumstances more difficult to monitor, such as user errors, accidental clicking on phishing links, malicious insiders, or via connections to third parties and vendor ecosystems.
Preparing for breach recovery
When a breach happens, fast recovery and business continuity are best achieved using a cleanroom in conjunction with an air gap solution. This holds a copy of immutable data, isolated from an organisation’s live environment in offsite, cloud storage. It is kept tamper-proof and safe from infection.
As a cyber breach or ransomware attack begins to unfold, organisations can immediately switch to the cleanroom to facilitate automated recovery of the control plane and integration with the isolated copy of data. Within this controlled, impenetrable environment, security teams can ensure that data is uncorrupted and free from malware and ransomware. Once confirmed as safe, data can be restored to a live environment using an easy-to-use wizard that streamlines the entire process.
By adopting a cleanroom recovery approach, business leaders and stakeholders can dispel concerns around recovering systems and data from encrypted copies. Importantly, it eliminates the risk of introducing malicious code often hidden in traditional backups or embedded in the hardware used to recover those backups.
A cleanroom environment can also be used for carrying out forensic analysis of systems infected by malware or ransomware to identify the root cause of an attack. This can inform ongoing threat hunting initiatives and next actions to protect against similar incidents in the future.
Meeting regulatory compliance
While cleanrooms are invaluable for security testing, they can also be used to help meet regulations and avoid fines for non-compliance.
For example, DORA/NIS2 have common infrastructure resiliency requirements that include having adequate recovery and incident response capabilities.
Cleanrooms provide a simple mechanism to test business continuity plans at regular intervals to meet these obligations, with no disruption to production systems. Also, they ensure that data quality and integrity is maintained during restoration.
Better security by design
Finally, cleanrooms can also help improve the design and development of applications, systems, and processes by highlighting weaknesses and easily exploited vulnerabilities. If lessons learned are taken on board internally, development and project teams can better adhere to the principles of data protection by design. Building solutions with security and data protection as priorities pays greater dividends in terms of compliance and better resilience to attacks and emerging threats.
With the need for effective testing and recovery strategies growing, cleanrooms are emerging as a critical component, driving best practice and helping to maintain business continuity when in the throes of a cybersecurity breach.
As Senior Director Sales Engineering at EMEA North for Commvault, Ian is responsible for the technical strategy, presales and solution engineering for the UK&I, Benelux and Nordics. He heads a team of technical specialists, who work throughout the solution lifecycle as subject matter experts to solve complicated information management challenges.
Ian and his team partner with organisations to help them accelerate their digital transformation, overcome pressing IT and business situations using new ways to manage data complexity and cyber resilience. Prior to his current role, Ian worked for over 25 years in various data management roles including leading both regional and global technical consultants and product leads at Symantec and Veritas, where he has been part of large design, implementation and transformation.
