How Nasuni Really Works: The Beauty of the Pointer in Disaster Recovery
Jim Liddle discusses Nasuni’s capabilities as a ransomware and disaster recovery option, which all comes down to the beauty of the pointer.
August 29, 2024 | Jim Liddle
UnitedHealth Group lost $872M to a ransomware attack. Staggering? Yes. Surprising? No. Large organizations are even more dependent on data in the age of AI. Businesses that are using the technology to automate specific processes or tasks are driving real, measurable value. But if the associated data is hijacked, the tool no longer works effectively. You end up losing money if you lose access to data.
I have little doubt that threat actors see AI data as a bigger financial honeypot to go after. I’m certain they’re doing everything they can to devise new ways to circumvent enterprise defenses, and although you can protect your organization using any one of a number of technologies, ransomware variants will still get through via human error or some unexpected avenue.
Then it’s a question of how quickly you can recover. This is where Nasuni shines as a ransomware and disaster recovery option, and it all comes down to the beauty of the pointer.
How Backup Fails at Scale
One of the primary causes of the exorbitantly high cost of recovery is that many large organizations continue to rely on some derivation of backup. Imagine you lose a PB of data to a ransomware attack. This data is maliciously encrypted and cannot be used. Your systems — AI and otherwise — are down. Every single day you are offline is going to cost money. So, you get to work.
First you find your last backup before the attack. You look at where you are now, and the gap between the two, then identify the backup before the delta backup, since that’s the one you will restore first.
As you’re going through this process, you’re also asking yourself a few uncomfortable questions. When was the last time you tested it completely? How long did that simulated recovery take? Will the same timing apply at the PB scale? If you are going to be down for two weeks, what is that going to cost your business? How is that going to impact your AI value chain?
The answers to these questions, if you rely on some variation of backup, will not be pleasant. Traditional data recovery systems are designed to fill in after your data becomes unavailable and result in extended recovery times. This is how a large organization like UnitedHealth can see losses climb to the hundreds of millions of dollars. And this is where Nasuni truly differentiates itself.
UniFS® and the Pointer
I’m not sure we do a very good job of explaining the simple power of our ransomware and disaster recovery solution to our customers. Nasuni does not actually store customer data. The Nasuni File Data Platform is designed around our cloud-native file system, UniFS. When a user at one of our customers opens and begins changing a file, they are working on a cached local copy residing on a virtual edge appliance.
Depending on the customer’s chosen deployment model, this appliance could be running on a server in the nearest office or operating in the compute layer of the customer’s chosen cloud provider. Either way, the user enjoys fast access because they are working on a local copy. Yet the gold or master copy of that file and all the associated metadata resides in the immutable object store, or what we commonly refer to as the cloud. When the user makes changes to that file, the deltas are rapidly pushed to the object store, and the gold copy is updated.
The reason Nasuni works so well as a ransomware recovery tool for large organizations is that the file system is effectively a pointer.
Precision Ransomware Recovery
Imagine one of our customers is impacted by ransomware. If they have our Ransomware Protection Service enabled, the attack will be detected and quarantined as soon as possible, limiting the scope of the damage and further accelerating the return to normalcy. If not, IT may have to wait to hear from users who attempt to open files only to find them maliciously encrypted. Either way, once IT is aware, they simply redirect the pointer to clean, unencrypted previous versions of the encrypted files, folders, or volumes. If only a small number of files were impacted, only those specific files will be pointed back to their clean versions. The rest of the folder or volume will remain unchanged, allowing end users to continue working on their cached files as if nothing even happened.
The maliciously encrypted data is suddenly ignored, as if it never existed. The pointer sends your users elsewhere for the data they need.
With Nasuni you don’t need to restore entire drives or volumes from backup whilst attempting to reassure justifiably panicked executives. All you need to do is change the pointer. In redirecting the file system to those clean versions residing in the immutable object store, you restore access to millions of files in seconds.
Again: millions of files in seconds.
Rapid Disaster Recovery at Scale
This approach to disaster recovery not only works. It works at scale. And it works whether you’ve suffered a ransomware attack, a power outage, an extreme-weather-related event, or another disaster. Backup can be an effective ransomware recovery solution for a highly contained attack, but for global organizations with multiple sites, it does not scale. With Nasuni, you can rapidly recover PBs because you’re not moving data. You’re just changing the pointer. And this change will be invisible to end users, who will see the same file names in the same familiar folders and drives. The difference is that these names, folders, and drives will be pointing to clean, unencrypted copies.
Normal operations will resume with minimal impact on the business.
That’s the beauty of the pointer.