Disaster recovery planning: Addressing malicious data corruption

Malicious data corruption is a real problem, but many disaster recovery strategies don't include the means to guard against it. Storage service providers should be able to determine when such corruption has occurred at customer sites and put preventive measures in place.

Service provider takeaway: In crafting a disaster recovery plan for customers, service providers should address...

how to handle data that gets corrupted through malicious human intervention.

Most storage service providers are very well acquainted with disaster recovery, but while businesses understand the implications of data loss, many don't understand the implications of malicious data corruption. Data is virtually impossible to replace, which is why most IT disaster recovery planning focuses on ensuring that it's appropriately backed up and made available in the shortest possible time after a disaster occurs. This is an obvious function when storage devices are destroyed, but what happens when the data is purposefully destroyed or corrupted? What happens when an intruder penetrates business security systems?

Disaster recovery planning should take this possibility into account. Service providers should be prepared to assist customers in this area, both with training and solutions. To guard against data being purposefully destroyed, backup and disaster recovery planning will not only need to address the basic issues of routine data backup, but also include cutting-edge virus scanning and detection as well as intrusion detection. When data is corrupted in the primary storage, the service provider needs to be able to guarantee that the replacement data is free of any of the corruption that necessitated the backup procedures in the first place. This means, in practice, actively screening data as it is being replicated in backup storage to ensure that it is uncontaminated.

Although malicious data corruption or infection statistics are hard to come by, the Department of Defense notes in its advertisements that it experiences more than 3 million hacker attacks per day. It is clear that there are people who seek to harm corporate data. The issue, though, is not how often it happens but the consequences of it happening at all. This explains why annual IT audits typically focus significant effort on determining if such malicious activities can occur. In large part, the demand for secured data recovery services is being driven by the need to respond affirmatively during IT audits that data safeguarding is taking place.

This kind of service isn't easy to provide, and, as noted above, it is likely that customers requiring such support will also have audit requirements associated with data integrity. On the other hand, these data recovery services can be extremely lucrative and offer higher margins than generic storage services, since they are perceived by customers as being of higher value.

The key to such disaster recovery services is the detection of malicious corruption. This can be done relatively easily just by comparing data being held in backup with data that is being backed up. Maliciously corrupted data will not look like its backed-up image. Although some of the difference will be the result of updates, any differences can flag deeper analysis. If that analysis shows the signature of illicit data manipulation, it can be denied backup and an alarm can be issued.

Service providers that want to offer disaster recovery services for data corrupted through human intervention will need staff trained in virus and intrusion management as well as storage management. Forming strong partnerships with vendors of virus detection and security solutions will also be helpful.

The good news is that such vendors generally seek channel partners for their products. By engaging with these vendors in the context of service delivery, partnering with them to build and support services, many of the issues associated with training and supporting customers can be easily managed, since vendors of security solutions tend to have expert support operations that have experience working with third parties to resolve data corruption problems. The channel is responsible for building the delivery process, packaging the components into viable services and putting together the support infrastructure. The vendor provides the virus detection and security applications, the support for those applications and any professional services necessary to implement them for particular customers.

Learn more
Search our library of expert answers to storage channel questions, or ask the channel experts

Disaster recovery services should include not just a recovery framework, but also the necessary training to ensure that the customer understands the implications of disaster recovery planning and has the necessary documentation to carry plans out. Disaster recovery planning just lays out a formula for identifying the context of the disaster and then specifying the actions required to negate the impacts on the business of that context. Service providers that are armed with the right tools and technology can provide a significant value to customers needing disaster recovery capabilities, addressing data loss no matter how it happens.

The bottom line is that disaster recovery should address both data loss and malicious data corruption. While data loss is relatively easily corrected, malicious data corruption is a harder problem to resolve. Helping customers plan for such data corruption can provide a significant new portfolio of services with the potential to generate high margins for service providers willing to make the necessary investments in skill sets and technology.

About the author
Mike Jude, a senior analyst at Nemertes Research, is an expert in business process analysis and optimization. He is also co-founder of Nova Amber, a consulting firm specializing in business process implementation and technology.

Dig Deeper on Storage Backup and Disaster Recovery Services