Dealing with Ransomware from Backup to MSSP: Interview with Matt Burch, Vice President of Managed Services
Recently, on the Perfect Storm podcast, Michael Markulec, Partner at Harbor Technology Group was joined by Matt Burch, VP of ComportSecure (Comport’s Managed Service and Cloud Business).
Matt and Michael are long-time industry experts in security and backup solutions. They talked at length about backup as a service and other priorities for MSPs transitioning to MSSP services.
Q. Michael
Welcome, Matt! Why don’t you give the audience a brief introduction? Tell us a little about Comport and what’s going on there.
A. Matt
Thanks very much, Michael, I appreciate it. I’m Matt Burch, I’m the Vice President of Comport Secure. Comport Secure is the cloud and managed IT services arm of Comport Consulting. It’s an interesting place to be because we’re functionally a startup within a business that’s celebrating its 40th anniversary. Comport Secure started about six years ago, originally being a backup as a service provider. Today, we operate multiple data centers… we provide a variety of services… like IaaS, DRaaS, BaaS, and more… we wrap a variety of our managed services around everything that we do.
Q. Michael
And you’re straddling that line between MSP and MSSP. There is a trend in the industry to think of security as a service…a trend to outsource security because of lack of expertise and complexities of deployment. I think you guys are on the cutting edge of that.
I want to go into where you started, with backup as a service. Backup as a service has evolved. How are you delivering it to your clients today?
A. Matt
Backup as a service can mean lots of things… I’ll talk a little bit about what it means to us and where we approach it from a philosophical perspective.
Within the backup community, there’s a best practice known as the 3-2-1-1 Rule. 3 copies of your data, 2 different sources of media, 1 of which is off-site and 1 of which is offline or unwritable in some fashion.
Where BaaS provides value is in creating those multiple copies of your data. In most best-practice organizations, where you’ll see backup as a service play, there will be an onsite backup appliance of some sort. These will provide your local copies of your backups for your typical day-to-day restoration. For example, this allows you to quickly restore a file from last night’s backups that might have gotten deleted.
Then the backup appliance, or your backup as a service software, will then replicate those backups to an offsite location that’s hosted by a service provider, like Comport Secure.
That offsite copy will then provide some protection against ransomware…and protect your data against location-specific catastrophes. Like a fire that destroys your office. Or any major localized disaster.
Then there’s the offline copy or the unwritable copy. This protects you against a determined adversary who was going to be attacking your backups, as well as attacking your primary data.
That offline copy will either be immutable or managed in some fashion where it’s not accessible from the corporate network.
Q. Michael
With the rise of ransomware and ransomware maturing from targeting endpoints and targeting individuals to now… organizations get breached or hacked and ransomware is delivered laterally within the network… it’s specifically targeting servers and backups. Because without servers and backups, you don’t have a leg to stand on in terms of self-recovery.
Are you seeing a lot of companies that are afraid of ransomware or addressing that crisis with backup?
A. Matt
Yes. Backups are probably your single best mechanism of at least reducing the consequences of a ransomware attack.
And to your point, when cryptoware first began, ransomware was very localized. It would be one person getting locked out of his or her laptop or computer. It was very contained and more random, kind of a drive-by shooting kind of attack.
Ransomware today is one of the two major payoffs for organized criminal gangs.
There’s the industrial sabotage side and then there’s the ransomware side. And these are professionals who are doing this for a business. They are very specifically targeting organizations and they tend to be really big ones. A really major healthcare system in New Jersey was hit by ransomware last year. And it’s problematic. This was a huge, sophisticated organization with a ton of data, and it took them offline for quite a while.
Q. Michael
We see it with the city of Atlanta, we see it with American Airlines, and we saw it with Colonial Pipeline. One of the things that I’m still amazed by is that organizations are paying. They’re paying the ransom.
It’s no coincidence that renewal rates for cyber insurance are going up 120% and that’s because organizations haven’t done the necessary prep work, they haven’t thought about backing up their systems, and when they get hit they’re left with no other option but to pay or basically shut down the business and try to recreate from paper files.
I don’t know if you’re seeing the same things in the market, but I think this resurgence of making sure that you’ve got proper backup, making sure that you’re using best practices, and have a 3-2-1-1 process in place is key in making sure you’re prepared for a problem that is not going to go away.
A. Matt
It certainly isn’t going to go away.
Q. Michael
How easy is it for businesses to make that transition?
A. Matt
Depending on the software that you have. It’s a fairly easy transition. All you need to do is sign up with a cloud provider and add a cloud repository. All the metadata and indexing will be maintained by your backup software and it will manage the data transfer.
Q. Michael
Are you seeing more clients asking for SOC 2? Is it a ticket you just need to punch for your business or is it a differentiator in the marketplace?
A. Matt
It’s both. This should be a 100% requirement.
And that’s for a simple reason: cybersecurity insurance. A cyber security provider that isn’t going through the SOC 2 process right now will likely not be able to pass a third-party risk assessment. This means that they can’t get the necessary cybersecurity insurance to protect their business in the event of an attack.
SOC2 for us is critical and it covers all of our services.
If you don’t have it, you can’t get cyber insurance. If you’re in a highly regulated industry, your service provider needs to pass third-party risk assessments. There are, of course, other variables to choosing the best MSSP for your business as well. But SOC2 and best practices for backups are critical when it comes to protecting you from data breaches and ransomware.
Reach out to our team at Comport Secure to help you create a strategy for ransomware.
Author:Bill Flatley, Field CTO for Healthcare
Bill is responsible for technical strategies and recommendations for Comport’s Healthcare clients. His extensive experience includes four healthcare systems in leadership roles supporting Clinical Applications, Digital Health, and Office of the CIO as the primary liaison between IT and the business.