Redefining Cyber Resilience with IBM FlashSystem

Boost performance while reducing cyber risk

Organisations of all kinds must tackle exponential data growth to maintain performance without compromising data security. Storage systems must support today’s demanding workloads and cyber resilience capabilities at the same time. This demands low-latency, scalable and efficient storage solutions that can exploit data to the full and consolidate storage infrastructure without increasing complexity or vulnerability.

To address these requirements, on 8th February, IBM unveiled the next generation of its mid- and high-end FlashSystem storage arrays.

Cyber resilience will be a key focus of the announcement.  Although cyber-attacks on well-known organisations are rarely out of the news, the figures still make for stark reading;

• Over 60% of organisations have been, or are, infected
• 31% of consumers discontinue their relationship after a cyber-attack
• Less than 50% of organisations get their data back
• The average downtime is 23 days
• 60% of those infected shut down within 6 months.

Source: Gartner Report “Defend Against and Respond to Ransomware Attacks.

With this in mind, IBM has targeted its new and existing FlashSystem arrays squarely at this challenge. With the inbuilt ability to take scheduled, immutable copies of primary data at the point it is consumed and the ability to seamlessly integrate this capability with a Security Information and Event Management (SIEM) solution, clients are able to build a first line of defence and response against attack.

Benefit from real-world experience

At Northdoor, we spend a lot of time working with clients on their cyber security approach.  When engaging with a new client, we often find that much of the existing security investment and focus has been channelled into monitoring and prevention technologies, such as network security, SIEM and Privileged Access Management, in the hope of keeping attackers out.  However, the statistics suggest it’s ‘When’ and not ‘If’ organisations become targets of a cyber-attack.  As a result, it’s important that organisations have technologies in place to respond and recover effectively following a cyber incident to prevent serious financial and reputational damage.

Traditionally, when the primary data copy has been compromised, organisations need to reach for their backup copy.  Depending on the backup cycle, this could typically be at a data point up to 24 hours behind and need rehydrating from the backup agent or offline media to the production storage.  At a time when the priority should be restoring business services as swiftly as possible, this approach can add significant time to recovery, both in terms of getting the backup copy re-loaded and then recovering lost transactions.

This is what makes the IBM Cyber Vault technology particularly interesting.  The data copies kept on the primary storage are immutable—that is, unable to be changed—which keeps them isolated from an attack.  What’s more, as the backed-up data remains on the primary array, recovery when using IBM storage solutions is very fast.

Detect and respond

In addition to Cyber Vault, IBM’s cloud-based Storage Insights monitoring tool—available to all clients—has been enhanced to offer real-time alerting around cyber threats.  For instance, if Storage Insights detects that the data reduction (i.e. compression) rate starts to fall rapidly, this could be a sign that a ransomware attack is in progress and data is being encrypted by malware—as encrypted data will not be compressed. In such a scenario, Storage Insights will send an alert.

Northdoor believes that all organisations should carefully consider not just the identification and detection of cyber threats but also their ability to respond and recover.  Whilst it’s clear that organisations will need to retain structured backup and recovery environments—as it would be uneconomical to keep data copies on primary storage for long periods—having an immutable data copy on primary storage to provide fast recovery should be considered as the first line of response.

To find out more or to discuss with one of our experts, please get in touch.  We offer a complimentary Cyber Resiliency assessment to help provide a baseline of your current environment and identify gaps in your Cyber Resilience strategy.

IBM FlashSystem announcement details

The latest additions to the FlashSystem family are the FS7300 and FS9500, which replace the FS7200 and FS9200 respectively and continue to run IBM’s Spectrum Virtualize code base.  This shows IBM’s ongoing commitment to simplifying its storage range, with all solutions from Entry to Enterprise FlashSystem running the same code. This reduces the operational overhead and simplifies integration between disparate models in the range.

In addition to the FlashSystem 5200 that was released in 2021 to bridge the gap between Entry and Midrange NVMe FlashSystem, the FS7300 and FS9500 create clearer stepping stones through Midrange and Enterprise;

• FlashSystem 5200 – 1U – 12 x NVMe drives
• FlashSystem 7300 – 2U – 24 x NVMe drives
• FlashSystem 9500 – 4U – 48 x NVMe drives

Ground-breaking technology

IBM has also released the next generation of its unique FlashCore Module (FCM).  Most storage vendors use off-the-shelf commodity SSDs or have built systems that are entirely bespoke in design.  In contrast, FCM bridges the two options by offering a custom-designed solution which fits into a standard 2.5” form factor and NVMe interface.  Aside from the packaging, FCM provides two main benefits:

1. Using advanced management over industry-standard SLC/QLC Flash Chips, IBM has been able to improve performance whilst doubling the Drive Write Per Day (DWPD) rating over the standard chips – safeguarding resilience for Enterprise workloads
2. FCM uses hardware acceleration to provide real-time compression at line speed of the storage. This allows for penalty-free compression to increase effective capacity and reduce £/TB.

With the latest generation of FCM, IBM has moved towards PCIe Gen4 to improve throughput, whilst using in-line compression to increase the effective capacity of the larger modules to 3:1.  As a comparison, modules above the entry 4.8TB modules in the previous generation were limited to just over 2:1 compression.  That means the new FCM 4.8, 9.6, 18.9 and 38.4TB modules can achieve hardware-accelerated compression of up to 22, 29, 58 and 116TB effective capacities respectively.  The new FCMs will be supported in both of the newly announced arrays, along with newly purchased FS5200 arrays (although mixing of old and new FCM types will not be supported within the same array).

Both of the new FS7300 and FS9500 include the option for 100Gb iSCSI host connectivity and, crucially, the ability to drive these host connections at full speed thanks to the new packaging at PCIe Gen 4.

Looking for a trusted IBM partner to help advise on and implement IBM technologies? We’re an IBM Platinum Business Partner with over 30 years’ experience.
Contact us today to see how we can help your organisation optimise its security infrastructure.

Plus, read Northdoor’s Tom Richards‘ thoughts on IBM FlashSystem announcement in Blocks and Files.