Panzura Best Practices: Ransomware

Data on Panzura is immutable, giving you a pristine data set to restore to in the event of a ransomware attack. Follow these best practices to mitigate your exposure, and cut down recovery time.

While no Panzura customer has paid a ransom for data on Panzura, they have been compelled to pay to regain access to information outside of CloudFS. Here's what we recommend:

  • Store backups of your SQL and other databases in your Panzura file system
  • Consider Panzura’s archive data tier for cold, seldom-used files
  • Move your legacy storage (NAS) onto a secure Panzura ring

 

Use an ICAP-compatible anti-virus software, or Varonis, integrated with Panzura, and ensure the software remains operational and up to date at all times. This will prove invaluable in fending off attacks, and in minimizing required recovery if an attack does get through. 

 

Maintain a “Break Glass in Case of Emergency” vault that contains essential details, with access available to 2-3 highly trusted personnel, or company owners.   Items in this vault should include administrator passwords, and custom encryption certificates.

 

Ensure administrator passwords are EXCEPTIONALLY difficult to crack, and impossible to guess.   Change these on a regular basis.

 

Maintain a Data Services subscription.  Its powerful, fast global search and file audit features are extremely helpful in identifying and locating affected files, pinpointing the attack time frame as well as providing early warning based on unusual activity.

 

Use Active Directory to provide access to Panzura filers, and maintain best practice internal IT security such as 2-Factor Authentication.