Successfully reported this slideshow.
Your SlideShare is downloading. ×

Rapid_Recovery-T75-v2204j.pdf

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 60 Ad
Advertisement

More Related Content

Slideshows for you (20)

Similar to Rapid_Recovery-T75-v2204j.pdf (20)

Advertisement

More from Tony Pearson (20)

Recently uploaded (20)

Advertisement

Rapid_Recovery-T75-v2204j.pdf

  1. 1. © IBM Corporation 2022 Tony Pearson – IBM Master Inventor and Senior Spectrum Protect Technical Advisor April 2022 Data protection: Rapid recovery, hours vs. days
  2. 2. Agenda • Traditional Backups and Disaster Recovery • Compliance Requirements and Data Security • Cyber Resiliency
  3. 3. Three Components of Business Continuity 3 High Availability Non-disruptive backups and system maintenance coupled with continuous availability of applications ContinuousOperations Protection against unplanned outages such as disasters through reliable, predictable recovery Disaster Recovery IT Data Protection (c) Copyright IBM 2022 Fault-tolerant, failure-resistant streamlined infrastructure with affordable cost foundation
  4. 4. 1. Operations continue after a disaster 2. Recovery is Predictable and Reliable 3. Costs are Reasonable and Manageable 4. Protection of Critical Business Data throughout the entire process (c) Copyright IBM 2022 4 Business Continuity – Key Goals
  5. 5. Where are most companies today? 5 No Offsite No Testing No Confidence Confident 19% D/R plan in place, copies in offsite facilities, … but no D/R testing 62% No D/R plan, no offsite copiesof data or copies of data nearby 12% Regular testing, but not confident they can execute D/R plan 7% Confident they can execute D/R plan (c) Copyright IBM 2022
  6. 6. Business Continuity Plans (BCP) should focus on “Business Process” as unit of recovery • Prioritize Gold, Silver, Bronze • Decide RTO for each, for example: • Gold in 4 hours • Silver in 48 hours • Bronze 2 weeks or longer • Be pragmatic Determine which Applications and Data are required to support each Business Process Identify server, storage and network infrastructure needed to support the Applications and Data • Can these run in the Cloud? (c) Copyright IBM 2022 6 “Top Down” Strategy for Business Continuity Planning Business Process 1 BP 2 BP 3 OS, Application Data and Storage Infrastructure Server farm App 1 App 2 A3 A4 A5 Production Facilities A6 Gold Silver Bronze
  7. 7. Timeline of an IT Recovery 7 Done? Executehardware, operating system, and data integrity recovery Assess RPO Application transaction integrity recovery Now we're done! Recovery Time Objective(RTO) of transactionintegrity Recovery Time Objective(RTO) of hardware data integrity Recovery Point Objective(RPO) How muchdata mustbe recreated? RPO Outage! Production ☺ (c) Copyright IBM 2022
  8. 8. Recovery Metrics 8 Traditional Backup Secs Mins Hrs Days Wks Secs Mins Hrs Days Wks Recovery Point Recovery Time Synchronous replication / HA Point-in-Time Copies Asynchronous replication Technology drives RPO: – How out-of-date recovered data is – Manual re-entry of “data at risk” Manual Restore End to end automated clustering Storage automation Automation drives RTO: – Fault detection – Recovering data – Restarting applications – Network access (c) Copyright IBM 2022
  9. 9. The Seven Tiers of Business Continuity (c) Copyright IBM 2022 9 Restore from Tape Tapes in Hot Site Electronic Vaulting Snapshot Replication Application Integration Storage Mirroring End-to-End Orchestration
  10. 10. Typical Backup Architecture 10 Backup/Media Server • Spectrum Protect server code • Metadata stored in IBM Db2 Database and Logs • Physical data stored in storage pools on various storage devices or in the cloud Client Nodes • Handheld devices • Laptops, Desktops, Workstations • Application Servers • Databases • Hypervisors Disaster Recovery • Active/Active Spectrum Protect Servers • Spectrum Protect servers, database backups, and replicated copies of data Data Footprint Reduction • Exclusion lists • Progressive Incremental Forever • Compression • Deduplication Storage Pools • Flexible storage hierarchy • Flash, Disk, Tape • Virtual Tape Libraries (VTL) • Network Attached Storage (NAS) • Object Storage and Cloud (c) Copyright IBM 2022
  11. 11. Application-Aware Snapshots (c) Copyright IBM 2022 11 Snapshot Replication Application Integration Backup versions of individual files do not reflect transactional dependencies
  12. 12. Point-in-Time Snashot 12 Cascaded: Copy the copies Up to 256 targets Source Volume Snapshot relationships Startincrementalsnapshot Data copiedas normal Some data changedby apps StartincrementalSnapshot Only changeddata copied by backgroundcopy Later … Disk0 Source Map 1 Map 2 Map 4 Disk1 target of Disk0 Disk2 target of Disk1 Disk4 target of Disk3 Disk3 target of Disk1 Incremental: Volume level point-in-time copy Full or Thin Provisioned: Volume level point-in-time copy with any mix of thin and fully-allocated (c) Copyright IBM 2022
  13. 13. Mon Tue Wed Full and incremental snapshot copies • Interface on-premise block storage into cloud • IBM Cloud, Amazon S3, Openstack Swift • Transform economics for storage • Backup, archive, transfer volumes • Full and incremental restore from cloud snapshots • Supports volume groups for mutual consistency Storage systems from IBM and others Transparent Cloud Tiering Snapshots to the Cloud! 13 (c) Copyright IBM 2022
  14. 14. Who are the users? Application Developers vCenter / K8s Cluster Operations Backup / Storage Administrators Governance (CIO / CFO ) • Self service • K8s interface (kubectl CLI) • Application protection • K8s resource awareness / etcd protection • Cluster protection • Prometheus / Grafana • Multi-cluster • Self-contained solution • Governance • Cost • Corporate retention requirements • Manage K8s and non-K8s workloads • Consistent SLA based management of workloads • Management server / repositorytypically outside K8s DevSecOps Who owns the strategy? What is RTO/RPO? vCenter? Kubernetes? Who owns the Backup Strategy? (c) Copyright IBM 2022 14
  15. 15. • Support OCP / OCS / OpenShift Virtualization • Protect PVCs and etcd meta-data • Deploy IBM Spectrum Protect Plus Server as a container using operator on Red Hat OpenShift • Integrate with OpenShift APIs for Data Protection(OADP) Snapshots for Kubernetes and Red Hat OpenShift OpenShift Support CSI Snapshot API Velero Data Mover OpenShift Cluster OpenShift Plugins VeleroCRs API CSI Driver SASE OpenShift APIs for Data Protection Server SPP Containers (c) Copyright IBM 2022 15
  16. 16. High Availability, Business Continuity Technologies (c) Copyright IBM 2022 16 Storage Mirroring End-to-End Orchestration Mirroring does not eliminate the need for backup versions or snapshots Corrupted or deleted data on the primary side is automatically mirrored to the second location
  17. 17. Mirroring Technologies for Business Continuity (c) Copyright IBM 2022 17 HyperSwap Metro Mirror Global Mirror Active/Active < 300km distance Zero data loss Hosts connected to both sites Primary/Secondary <25,000 km Zero data loss 1 ms per write penalty per 100km separation Primary/Secondary Unlimited distance RPO can be in seconds or minutes
  18. 18. Three-site Mirroring configurations (c) Copyright IBM 2022 18 A A B B C C Star Mode Cascade Mode
  19. 19. People Roles and responsibilities, Management, Skills development, training, practice and discipline Process Definition, design, compliance, documented procedures, and continuous improvement Technology ▪ Backup and Restore, Snapshots and Remote Mirroring ▪ Automation, Storage Management ▪ Change and Problem Management (c) Copyright IBM 2022 19 Disaster Recovery is a Business Solution not just Technology
  20. 20. Agenda • Traditional Backups and Disaster Recovery • Compliance Requirements and Data Security • Cyber Resiliency
  21. 21. Multiple Recovery Layers • System snapshots • Backup snapshots • Traditional backups 4 Automation & Orchestration • Orchestration of recovery testing and failover processes across heterogeneous systems for reliable, speedy, and error-free recovery 6 Identify & Monitor • Malware, ransomware detection • AI-based pattern anomaly detection 2 Administrative Security • Manage credentials and acquisition of data • Roles and rights for data copy management 1 Pervasive Encryption • End to end data encryption to render it unusable 3 Air Gap & Isolation • Logical – Object, Cloud • Physical – Tape 5 Data Resilience Framework End-to-End Data Resilience Multiple Recovery Layers • System snapshots • Backup snapshots • Traditional backups 4 Automation & Orchestration • Orchestration of recovery testing and failover processes across heterogeneous systems for reliable, speedy, and error-free recovery 6 Identify & Monitor • Malware, ransomware detection • AI-based pattern anomaly detection 2 Administrative Security • Manage credentials and acquisition of data • Roles and rights for data copy management 1 Pervasive Encryption • End to end data encryption to render it unusable 3 Air Gap & Isolation • Logical – Object, Cloud • Physical – Tape 5 (c) Copyright IBM 2022 21
  22. 22. (c) Copyright IBM 2022 Administrative Security Role-Based Access Control (RBAC): • Assigning access to individuals for each resource is cumbersome • Using and access level oversimplifiesthe complexityof systems • Role-based are assigned for set of related tasks for specific job role Multitenancy: • Multiple independentinstances (tenants) in a shared environment, are logically isolated, but physically integrated 22 Access control determines who can do what to which resources: • Install/Configure • Control/Manage • Read/Display/Report • Modify/Update • Remove/Disable
  23. 23. ⚫ Trusted Platform Module (TPM) ⚫ On traditional servers, malicious insiders with physical access can change any code on the system ⚫ UEFI Secure boot checks bootloader signature, Bootloader checks Kernel + initial ramdisk signature ⚫ Encrypting the partitions of the boot drive with code on prevents the code from being modified ⚫ Passphrase is stored within TPM ⚫ Initial ramdisk requires encrypted partition & passphrase from TPM to continue boot ⚫ TPM only gives out the passphrase in a trusted environment 23 Trusted boot UEFI firmware Bootloader(GRUB) Kernel+ initialramdisk Full OS Power on TPM Hash Hash Hash Unlock disk “Physical access is king” – not anymore! (c) Copyright IBM 2022 23
  24. 24. Think of storage… as adding a layer of security $3.86 million average total cost of a data breach 27.9% likelihood of a recurring material breach over the next two years Encryption extended across all your block storage regardless of your choice in vendors (c) Copyright IBM 2022 24
  25. 25. Security Strength is based on Algorithm and Number of Bits in Key (c) Copyright IBM 2022 25 AES RSA ECC Years 1024 160 106 2048 224 109 128 3072 256 1015 192 7680 384 1033 256 15360 512 1051 Data * Data Data * Data * * Symmetric Key (AES 256) • Same key is used to encrypt/decrypt • Fast, ideal for large amounts of data • Must keep the key secret Encryption “Public” Key Decryption “Private” Key ▪ Pairs of different keys are used to encrypt & decrypt data ▪ Encrypt with “Public” key; it may be distributed widely available without fear of compromise ▪ Decrypt with “Private” key; must keep this key secret Asymmetric Key (RSA 2048) E D Key Pair Data Data Data Data E D AES – Advanced EncryptionStandard RSA – RivestShamirAdleman ECC – Elliptical Curve Cryptography
  26. 26. Two-Tier Encryption Scheme (c) Copyright IBM 2022 26 Problem: Realtors, landlords, and apartment managers must carry hundreds of keys, one unique to each dwelling unit Solution: All units have their unique key kept inside a locked box hanging on the door knob. Realtors, landlords, and apartment managers carry a single master key that opens every lockbox Data A E D A Data B B Decryption: Data key is decrypted with master “decryption key” Unique data key for this flash, disk, tape used to read and write contents Encryption: Each flash, disk, or tape assigned a unique symmetric ”Data Key” Data key itself is encrypted or “wrapped” with master “encryption key”
  27. 27. keystore How to get the Master Key to the Storage device (c) Copyright IBM 2022 27 KLM Security Admin Storage Admin secure communication E D Key Pair External Master Key: Asymmetric keys (RSA 2048- bit) stored in volatile memory, only needed for: • System power-on • System restarts (such as firmware upgrades) • Re-key operations Device requests key from Key Lifecycle Manager, KLM sends master key to device Storage admin requests USB thumb drive from Security team, inserts into device lockbox Do not just leave USB thumb drive in device all the time!
  28. 28. Why Data-at-Rest Encryption for Disk? (c) Copyright IBM 2022 28 Broken drives Decommission Mandate Theft Without encryption “90% of drives returned had readable data” -- Seagate Physically destroy drive, do not return them to manufacturer Hire storage vendor to securely erase drives, using Department of Defense (DoD) method of multiple over-writes Fail government or corporate compliance audits Declare data breach Provide credit monitoring for all affected clients and employees Encryption-- USB driveleft in device (not recommended!) Return broken drives to manufacture for warranty replacement Overwrite, or secure erase decryption keys → data is “cryptographically erased” Remove USB drives before auditors or inspectors arrive! Encryption-- Lockboxor KLM server Pass audits No breach if thieves do not have access to decryption keys
  29. 29. Star Wars: Galactic Empire Our major project is behind schedule! A major test is imminent! Too many clones! How do we keep these plans secret?
  30. 30. Agenda • Traditional Backups and Disaster Recovery • Compliance Requirements and Data Security • Cyber Resiliency
  31. 31. Our world is under cyber-attack Top 5 global risk Concerns 82%theft of money and data 80%disruption of operations Is your data copy isolated? Is your data copy discoverable? Can you restore your data fast? Is your data copy immutable? Air-gap Data copy (c) Copyright IBM 2022 31
  32. 32. After the Boom Crisis Response BOOM Phishing email Malware deployed Credentials stolen Stolen Data Disgruntled Employee Multi-factor authentication Infiltration Data offered on Dark Web Log Analysis Social media Sentiment falls Stolen or encrypted data Outages Public Press conference Airgap Infection Vectors and Notifications Potentially Out of Business High Availability Containment & Eradication Recovery INFECTION AFTERSHOCK SPREAD Endpoint Protection Encryption In-Flight Backup Corruption Law Enforcement Notification Inabilityto restore backups Decrease in customer base and trust Public Notification End-user damage Mitigation and regulatoryfines Immutability Secure backups Unable to find “clean” copy Unable to resume business Breach Before the Boom Threat Prevention (c) Copyright IBM 2022 32
  33. 33. Data Accessibility Temperature Policy Governed Application Aware Snapshots (Local & Isolated) Cold Data Vault with Air Gap Storage-based Snapshots (Local & Isolated) Backup-enabled Snapshots (Local & Isolated) Data Backups (Local & Isolated) NENR Data Archives (Object / Disk Storage) WORM Data Archives (Tape) Copy Separation: • Create a structure of data separation across multiple layers and services including: • Copy Services • Backup Services Access Isolation: • Create a structure of data isolation multiple layers and services including; • Air Gap • Non-erasable / Non-rewritable (NENR) Storage • Cold Storage / Object Storage • Data Vaults • Isolated Infrastructure RPO Storage Technologies based on Data Temperature (c) Copyright IBM 2022 33
  34. 34. The air gap technique is a backup and recovery strategy. It means that at any given time, a copy of your sensitive data is offline, disconnected, and inaccessible from the internet. Simply put, if a computer, network, or device is isolated from the public internet or a LAN, you cannot hack it. 34 What does "Air Gap" refer to? (c) Copyright IBM 2022
  35. 35. Different levels of Air Gap protection Physical Air gap — Removable media outside automated libraries (tape, optical) such as a shelf or off-site vault — Systems that are powered-off — Systems that are running, but mostly disconnected from the network Logical Air gap — Physical, Write-once Read Many (WORM) tape or optical media — Immutable file systems, such as IBM Spectrum Scale or NetApp SnapLock — Object Storage with Non- Erasable, Non-rewriteable (NENR) vaults or buckets — Safeguarded Copy on Flash/Disk (c) Copyright IBM 2022 35
  36. 36. Prevent Certain Data from … • Being modified,to avoid altered data to be passed as original data, including signatures, contracts, and other artifacts • Being deleted, typically for a specific period, until a specific date or event is reached, including financial records, emails, and personnel files Compliance ▪ Government and Industry regulations Ransomware ▪ Malware that enables hacking attacks for unauthorized access to data ▪ Data can be copied and sent to competition ▪ Data can be encrypted or deleted, preventing access to critical information, stopping applications, and disrupting business operations (c) Copyright IBM 2022 36 Data Immutability
  37. 37. Optical Platters • The originalwrite-once, read-many(WORM) media, including DVD and CD-ROM Tape Cartridges • IBM LTO and TS1100 drives support WORM media File and ObjectStorage • Disk mediais not WORM, but we can add “software enforcement” against tampering via file systems, safeguarded copy, or object storage protocols WORM NENR From U.S. SEC 17a-4 If employing anyelectronic storage media other than optical disk technology(including CD-ROM),the member, broker, or dealer must notifyits designated examining authorityat least 90 days prior to employing such storage media. The electronic storage media must: Preserve the records exclusivelyin a non-erasable, non-rewritable, format; IMMUTABLE Data that Can’t be Changed or Deleted During a Certain Timeframe (c) Copyright IBM 2022 37
  38. 38. Chronological and Event Based Retention X Chronological Based Event Based with Fixed Protection Periods Fixed Period Minimum Fixed Period X Event Dispose after fixed period from creation date Dispose after fixed period from event date Day 0 Day 0 Minimum Fixed Period Litigation Hold and Release X Event Dispose after “all clear" from Legal Day 0 Litigation Period (c) Copyright IBM 2022 38
  39. 39. Production volume Recovery volume Production System Recovery System Safeguarded backup 0 Safeguarded backup 1 Safeguarded backup nnn Safeguarded Backup Capacity … Safeguarded backup 2 Backup Recover Restore Safeguarded Copy prevents sensitive point in time copies of data from being modified or deleted due to user errors, malicious destruction or ransomware attacks ▪ Safeguarded Copy provides functionality to create hundreds of recovery points for a production volume ▪ These recovery points are called Safeguarded Backups ▪ The Safeguarded Backups are stored in a storage space that is called Safeguarded Backup Capacity (SGBC) or Child Pools ▪ The Safeguarded Backups are hidden and non-addressable by a host ▪ The data can only be used after a Safeguarded Backup is recovered to a separate recovery volume ▪ Recovery volumes can be accessed using a recovery system and used to restore production data (c) Copyright IBM 2022 39 Safeguarded Copy for Logical Corruption Protection
  40. 40. Safeguarded Copy prevents point in time copies of data from being modified or deleted due to user errors, malicious destruction, or ransomware attacks Provides additionalsecurity capabilitiesto prevent non- privileged users from compromisingprotecteddata Separation of duties Provides immutableand isolatedpoint in time copies of the data Protected Copies Automaticallycreates point in time copies;and a simplifiedrecoveryand restoration process Automation Access and Control Simplified Safeguarded Copy is the basis for a “Cyber Vault” (c) Copyright IBM 2022 40
  41. 41. ▪ Regular analytics on the copy to provide early detection of a problem or reassurance that the copy is a good copy prior to further action. ▪ Start a copy of the production systems and use this to investigate the problem and determine what the recovery action is. ▪ Performing an offline backup of data from a consistent point-in-time copy can be used to build a second line of defense ▪ Recover the entire environment back to the point in time of the copy as this is the only recovery option. ▪ Recover a subset of volumes/LUNs or extract data (i.e. specific corrupted database tables) from a recovered copy and restore back to the production environment (c) Copyright IBM 2022 41 Safeguarded Copy – Use Cases
  42. 42. ▪ Corruption of a Data Source will have a predictable impact on backups ▪ Potential failure if file system is corrupted, locked or the partition table damaged ▪ The backup traffic will increase, since more files have been modified than the daily average ▪ The data has been encrypted, so it cannot be effectively deduplicated or compressed ▪ IBM Spectrum Protect has been enhanced to detect these changes to workload (c) Copyright IBM 2022 42 Ransomware Detection
  43. 43. Cyber Vault Methodology Pinpoint the critical data required to create a “minimum viable company” Step One Identification Back-up, clean, normalise, and vault data in a secure, air-gapped location Step Two Preparation Define, orchestrate, and automate recovery processes using resiliency orchestration Step Three Orchestration In the event of an attack, recovery processes activate to restore data in minutes not days Step Four Activation A “minimum viable company” is restored enabling CIOs to meet their RPO and RTO objectives Step Five Restoration (c) Copyright IBM 2022 43
  44. 44. Let’s Create • Business Continuity Plan for natural disasters • Secure access to systems, storage, and data • Minimal Viable Company for Cyber Resiliency
  45. 45. http://ibmsystemsmag.com/mainframe/administrator/backuprecovery/business-continuity-levels/ 46
  46. 46. http://ibmsystemsmag.com/mainframe/administrator/backuprecovery/business-continuity-levels/ 47
  47. 47. http://ibmsystemsmag.com/mainframe/administrator/backuprecovery/business-continuity-levels/ 48
  48. 48. About the Speaker Tony Pearson is a Master Inventor, Senior Technical Advisor. Tony joined IBM Corporation in 1986 in Tucson, Arizona, USA, and has lived there ever since. Tony presents briefings on storage topics covering the entire IBM Storage product line, IBM Spectrum Storage software products, and topics related to Cloud Computing, Analytics and Cognitive Solutions. He interacts with clients, speaks at conferences and events, and leads client workshops to help clients with strategic planning for IBM’s integrated set of storage management software, hardware, andvirtualization solutions. Tony writes the “Inside System Storage” blog, part of IBM Storage Community, which is read by thousands of clients, IBM sales reps and IBM Business Partners every week. This blog was rated one of the top 10 blogs for the IT storage industry by “Networking World” magazine, and #1 most read IBM blog on IBM’s developerWorks. The blog has been published in series of books, Inside System Storage: Volume I through V. Over the past years, Tony has worked in development, marketing and consulting for various IBM Systems hardware and software products. Tony has a Bachelor of Science degree in Software Engineering, and a Master of Science degree in Electrical Engineering, both from the University of Arizona. Tony is an inventor or co-inventor of 19 patents in the field of IBM Systems and electronic data storage. 9000 S. Rita Road Bldg 9032 Floor 1 Tucson, AZ 85744 +1 520-799-4309 (Office) tpearson@us.ibm.com Tony Pearson Master Inventor Senior Technical Advisor, IBM Systems IBM Storage (c) Copyright IBM 2022 49
  49. 49. — Presenter: Tony Pearson — Title: Data protection: Rapid recovery, hours vs. days — Presentation Method: In person and virtual — Time: 10:30am-12pm, Monday, April 11 Description: Whether you are performing traditional backups, addressing compliance requirements, or are concerned about cyber- attacks, all are critically important. Assuming you are protected, how quickly will you recover following malware, an attack or other declared event? — Location: Indiana Memorial Union — Room: Georgian (c) Copyright IBM 2022 50 Abstract
  50. 50. 51 (c) Copyright IBM 2022 My Social Media Presence Blog: community.ibm.com/community/user/storage/home LinkedIn: https://www.linkedin.com/in/az990tony Books: www.lulu.com/spotlight/990_tony IBM Expert Network on Slideshare: www.slideshare.net/az990tony Twitter: twitter.com/az990tony Facebook: www.facebook.com/tony.pearson.16121 Instagram: www.instagram.com/az990tony/ Email: tpearson@us.ibm.com
  51. 51. Snapshots • Application-aware • Environment-integrated Recovery copies • Air-gapped and immutable • Searchable • Instantly mountable Dashboard • Operations Center • Monitor nodes, file spaces, databases, email systems and ERP applications kubernetes OPENSHIFT Container Platform (c) Copyright IBM 2022 52
  52. 52. Primary use cases: Data Protection for Containerized Workloads, Databases, and Virtual Machines: ▪ Red Hat OpenShift / Kubernetes ▪ SQL Server, Oracle, Db2, Mongo DB ▪ Microsoft Exchange / Microsoft 365 ▪ VMware / Hyper-V Disaster Recovery ▪ Restore options: production, test, and clone Data Reuse ▪ Test/Dev, DevOps, Reporting, and Analytics (c) Copyright IBM 2022 53 IBM Spectrum Protect Plus
  53. 53. IBM Spectrum Fusion Container-native data services platform for Red Hat OpenShift and IBM Cloud Paks • Provision storage volumes Persistent storage for stateful applications • Protect data Ensure business continuity with HA/DR • Simplify data management Improve data security & reduce TCO • Meet performance objectives Eliminate storage bottlenecks Bring applications to production faster with data services that are simple | consistent | strategic (c) Copyright IBM 2022 54
  54. 54. Storage Insights Actively monitors changes in data reduction / capacity ratios and changes in performance as an indicator of data being encrypted Early Warning Signs of Attack monitoring activity, patterns and operations Guardium Real-time monitoring of data activity for immediate response to breaches or suspicious behaviour IBM Security QRadar IBM Solutions Help Discover & Recover from Cyberattacks (c) Copyright IBM 2022 55
  55. 55. IBM Cyber Resiliency Assessment — Cyber Resiliency Strategy and Roadmap — Workshop includes: • Two-hour virtual consultingworkshop with IBM Storage &Security POV • Assessmentprobes over100 different vital controls across 20+ key categories from a Cyber Resiliencestandpoint • Deliveredusing technology / vendor neutral framework — Client Outcomes: • Identification of blind-spots and recommendedareas for improvement • Discovery of the utilization of various existing solutions, integrations and overlaps thatcan be fine-tuned • CustomizedCyber Resilience strategy fitting the client’s vision &mission © 2022 IBM Corporation Deliverables: • Detailedassessmentreport • Managementpresentation • Roadmapof recommended improvements &considerations The Storage CR Assessmentprovides a bridge mechanismto assess client’scurrent state andidentify gaps againstbestpractice requirements basedon the NISTCSF. Contains references to other industry recognized standards &frameworks: ISO, COBIT, ISA, Council on Cyber Security, etc. Sample Deliverables Design Project Kickoff Implementation Engagement Typically 2 hours 3-5 days Phone call to Identify participants & customize agenda 1-12+ Months depending on output Client Exploratory Session Final Report, Presentation & Roadmap Prioritize& implement suggested improvements across Storage& Resiliency enterprise SME Analysis Cyber Resilience Maturity Workshop Identify Recover Respond Detect Protect Based on NIST Cyber SecurityFramework Contact: juan.c.jimenez@ibm.com Typically 1 hour NIST • Non-invasive • Quick(2 hrs. to complete) • IBM Funded
  56. 56. Links to explore IBM FlashSystem Storage (c) Copyright IBM 2022 57 IBM INTERACTIVE CATALOG – Install it on your Desktop! https://m.kaon.com/c/ib Or run it online - https://apps.kaonadn.net/4882011/index.html#C181 IBM SOLUTIONS EXPLORER - Explore IBM Storage, Servers, And Software - https://tinyurl.com/y8mklbkq IBM FlashSystem Product Tour - Explore FlashSystem Operations/GUI http://ibm.biz/flashsystemdemo
  57. 57. Get Started with these three Services (c) Copyright IBM 2022 58
  58. 58. Notices and disclaimers — © 2022 International Business Machines Corporation. Nopart of this document may be reproduced or transmitted in any form without written permission from IBM. — U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. — Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event, shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted per the terms and conditions of the agreements under which they are provided. — IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” — Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. — Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. — References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. — Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. — It is the customer’s responsibility to ensure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer follows any law. (c) Copyright IBM 2022 59
  59. 59. Notices and disclaimers continued — Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products about this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non- IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a purpose. — The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. — IBM, the IBM logo, ibm.com and [names of other referenced IBM products and services used in the presentation] are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml (c) Copyright IBM 2022 60

×