Rabobank Counters Growing Ransomware Crisis with Cloudian Object Storage

  • Banking , Data Protection
  • 06.04.2022 09:33 am

Cloudian® has announced that Rabobank, a multinational banking and financial services company, has deployed Cloudian object storage as part of its multi-layered protection solution against ransomware attacks.

In conjunction with Veeam backup software, Cloudian’s S3 Object Lock solution enables Rabobank to make backup data copies immutable and, therefore, impervious to encryption or deletion by cybercriminals. This data immutability—validated in U.S. government certification testing*—ensures quick, reliable recovery in the event of a ransomware attack.

Founded 125 years ago, Rabobank is a cooperative bank headquartered in the Netherlands that offers private and commercial customers a wide variety of financial products in areas, including real estate, mortgage, and leasing solutions. The bank is a global leader in food and agriculture financing as well as sustainability-orientated banking, with 43,000 employees across 38 countries.

In mid-2020, Rabobank deployed the first step in its layered protection against ransomware attacks. The bank had become concerned that traditional backup target storage solutions were vulnerable to this growing threat and set out to methodically build robust defense and recovery across the full stack. This led to the company ultimately looking for a scale-out object storage solution with data immutability.

Rabobank stores in excess of 10.5 PB of backup data from its European entities, a figure growing 25% annually. Key requirements for this backup pool included scalability in both capacity and performance. Capacity scalability was essential to accommodate growing data volumes. Performance was important to meet backup RTO and RPO objectives as the Veeam data being processed would create significant input/output load that would grow over time. Scalable processing power was also important to manage data immutability for the two billion-plus objects that would routinely be created and later deleted as backups naturally expired. 

“For this reason we focused in quickly on the Cloudian scale-out solution. With its peer-to-peer architecture, each addition of a new Cloudian node increases the system’s performance and processing power,” said Colin Chatelier, manager of Storage Services Europe, Rabobank. “We also conducted a proof-of-concept, empirically and functionally comparing Cloudian to other solutions using production backups and were impressed with the results. In contrast to others that took weeks to set up, the Cloudian system was up and running in a day. It integrated seamlessly with Veeam, performance was as good as or better than the others and security ticked all the boxes.”

Rabobank deployed Cloudian’s HyperStore object storage with S3 Object Lock at their two European data centers. In addition to providing data immutability, HyperStore locks down privileged (root) access to the systems that host the data so that no one can compromise that immutability. Implementing on Cloudian appliances was seen as a distinct advantage as it technically separated the “fail-safe copy” from the standard infrastructure, which might already be compromised in the event of a successful ransomware attack. HyperStore also protects data with encryption in flight and at rest, integrated firewall, RBAC/IAM and SAML access controls, and certification with the most rigorous regulatory requirements, including Common Criteria, FIPS and SEC Rule 17a-4(f). 

“The biggest benefit has been peace of mind,” said Chatelier. “We’ve commissioned penetration testing and haven’t been able to break into the Cloudian cluster, nor affect the data immutability. It’s also implemented within our automated backup workflow, so it’s easy to manage. When issues do arise, as happens with any solution, Cloudian has been extremely responsive, including delivering new reporting and security features we’ve requested.”

The Cloudian solution is part of a broader ransomware protection framework Chatelier is spearheading. He and his team have built a “clean room” for managing data restoration and malware removal, leveraging VMware and Cisco technologies.

“We know there will always be a suggestion to use the public cloud for ransomware protection,” said Chatelier. “While public cloud backups are well-suited for cloud-based data, they are not ideal for on-prem data. Recovering from the cloud back to on-prem for these volumes in the time and manner that we need simply wouldn’t be possible. Furthermore, building a clean room in the public cloud for the purpose of recovering your on-prem systems has an obvious flaw—your ability to even reach the cloud may already be compromised by the attack.”

Moving forward, Rabobank expects to expand the Cloudian solution in Oceania and the Americas.

“Immutable backups are a company’s last-chance insurance policy,” said Chatelier. “If we invoke them, then they simply must succeed, so trust and partnership with our key vendors is priceless. At this time more than all others, we need our vendors to be true partners, to be there if we need them, and Cloudian has demonstrated this through the level of commitment and flexibility it has shown from the PoC to implementation.”

 

Related News