A data snapshot on a corporate computer.
Image: Dilok/Adobe Stock

Teams responsible for developing scalable enterprise applications need efficient approaches to protecting data. Snapshots are a good way to improve resilience, protect against ransomware and speed recovery.

Jump to:

What is a snapshot?

Snapshots are point-in-time copies that provide near-instantaneous data protection. By copying storage metadata rather than on the data itself, they provide a record of where each block of data is stored. Not only does this not take up much space, but it can also typically be done in a few seconds.

How can snapshots help protect data?

Here are a few ways to use snapshots to enhance data security.

Provide additional backup protection

Snapshots can augment backups for data protection. For those wishing to reduce their recovery point objective without spending a fortune, snapshots are one option. Backups can recover data anywhere from a day ago to a week or more, depending on when the last backup was done. Anything later than the last backup is lost. Snapshots can take the RPO down to an hour or so, depending on how often they are done. Some businesses run snapshots more often than once an hour due to the sensitive or financially lucrative nature of the data they process.

Provide protection against ransomware

As well as augmenting traditional backups, snapshots can also be used as an additional safeguard against ransomware, according to Jerry Rozeman, an analyst at Gartner. This should not be interpreted as saying that snapshots take the place of other security measures that are designed to reduce the chances of a ransomware infection. Firewalls, intrusion detection, ransomware protection systems and other cybersecurity tools remain vital. But regular snapshots of databases and storage can provide another, and perhaps a last, line of defense in case other cybersecurity protections are breached.

Rozeman explained that storage technology is not always well protected. “Unstructured data platforms like network-attached storage, scale-out file systems and object storage provide inadequate protection from malicious deletion, encryption and data exfiltration, making it an easy-to-attack target,” Rozeman said.

Provide immutability

Immutability is creating a copy of data that can’t be encrypted by hackers, can’t be corrupted and can’t be altered in any way. One way to achieve immutability is to send data to a tape archive that remains offline. That air gap means that cybercriminals can’t cause any mischief as there is no direct networking connection to the data. But there are other solutions to immutability — some better than others. Some try to pass off cloud storage as being immutable. In reality, it is just cloud storage with extra layers of protection.

Pure Storage is one vendor that has put together some immutability features that make snapshots more valuable. If snapshots are done with its SafeMode feature turned on, the resulting snapshots cannot be deleted by anyone. Even if hackers infiltrate the network and get into the system, they may cause damage, but the snapshots remain unharmed.

“SafeMode makes it impossible to delete data snapshots,” said Anthony Nocentino, principal field solutions architect at Pure Storage. “These snapshots protect against rogue administrators, compromised credentials or attempts to delete backups and snapshots.”

Provide rapid restores

Just as important as preventing breaches or alternations of data is being able to recover data quickly when data loss occurs. If the volume of data is compromised, held to ransom or lost in some other way, snapshots can play a part in getting key systems up and running fast.

For instance, when dealing with huge databases or data sets, it can take a long time to find the right backup copies and transmit that data from the cloud, from tape or from a deduplication appliance to where it is needed. Even with snapshots, if the size is very large, it can take a while for recovery to occur. The solution is to take snapshots of segments of datasets and databases. This might be data from one particular application or database, or taking snapshots of each database, so you can pick and choose the most critical snapshots to use for recovery. Those key segments can then be fully restored while IT labors away to restore everything else via backups. Further, if one segment is compromised by hackers, the others may remain uninfected.

Best practices remain in force

Snapshots don’t replace other cybersecurity or data protection technologies, tools and actions. IT should continue to implement best practices with regard to safeguarding data and maintaining a tight security perimeter.

Snapshots, though, are another tool to add to the protection arsenal. By implementing snapshots in the various ways noted above, organizations can keep their data more secure and recover it faster when they need to.

Read next: Become your business’s cybersecurity expert (TechRepublic Academy)

1 ESET PROTECT Advanced

Visit website

Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. ESET Protect Advanced complies with data regulation thanks to full disk encryption capabilities on Windows and macOS. Get started today!

Learn more about ESET PROTECT Advanced

2 ManageEngine Log360

Visit website

Log360 is a SIEM solution that helps combat threats on premises, in the cloud, or in a hybrid environment. It also helps organizations adhere to several compliance mandates. You can customize the solution to cater to your unique use cases.
It offers real-time log collection, analysis, correlation, alerting and archiving abilities. You can monitor activities that occur in your Active Directory, network devices, employee workstations, file servers, Microsoft 365 and more.
Try free for 30 days!

Learn more about ManageEngine Log360

3 Graylog

Visit website

With Graylog, you get the key features you need to maintain a robust security posture. Graylog is a scalable, flexible log management and cybersecurity platform that combines SIEM, security analytics, industry-leading anomaly detection capabilities with machine learning. Built by practitioners for practitioners, Graylog Security flips the traditional SIEM application on its head by stripping out the complexity, alert noise, and high costs.

Learn more about Graylog

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday