Tomasz Zajda -

Cloud backup helps ASL Airlines evade ransomware and keep its business flying, says CIO

ASL Airlines took home the Best of Show prize at the Best of VMworld 2018 Awards after detailing how adopting a robust and resilient disaster recovery strategy is helping it evade ransomware threats

The cargo industry is a prime target for cyber attacks because of how much disruption a well-timed assault on its IT systems could cause.

For proof of that, just look at the financial fallout suffered by Netherlands-based shipping company TNT after the NotPetya ransomware campaign in June 2017.

The attack took out a number of the firm’s core IT systems, and cost its parent company Fedex more than $300m in lost business and repair costs, as TNT struggled to carry on with its day-to-day parcel delivery duties.

For the team at ASL Airlines, a similar attack could potentially ground its planes, prevent its cargo reaching its intended destination on time and, ultimately, put it at huge risk of being fined by airline regulators.

And it is a very real threat, with ASL’s chief group information officer (CIO), Fabrice De Biasio, saying the firm often finds itself on the receiving end of at least one ransomware attack a month.

“We are working 24/7,” he tells Computer Weekly. “Everything is in real time and if we have some IT issue, we will have a lot of problems. We could land our aircraft, but it would be impossible to take off because we couldn’t provide our pilots with enough information for the flight.”

ASL runs a fleet of 140 aircraft, operating both passenger flights and cargo delivery services. In 2017 alone, it helped more than 3.2 million people and 564,222 tonnes of freight reach their destinations.

These figures highlight just how much disruption to the business and its customers any downtime would cause, which is why De Biasio and his team must ensure the firm has a robust disaster recovery and business continuity strategy.

This is not just something that has been prioritised on the back of recent headlines about ransomware or datacentre meltdowns at British Airways and the like. It is De Biasio’s responsibility to ensure ASL does not exceed more than 60 minutes of downtime a year, which is a stipulation enforced by its cargo-focused client base, which includes Amazon, DHL Express and UPS.  

Meeting this target has seen the firm follow a strategy of continuous improvement for its disaster recovery plans over the years, to ensure it always takes advantage of the latest backup technologies and datacentre failover best practice. 

A long time to backup

“Ten years ago, like everybody, we backed up to tape, and then we noticed that it took a long time to backup,” says De Biasio. “It wasn’t convenient and it wasn’t reliable, because it only takes one tape not to work and then you lose your backup.”

In time, this realisation resulted in ASL upgrading to a disk-based backup system, before it embarked on another upgrade about seven years ago, which saw it switch to Veeam’s data backup and management technologies.

That was until, as De Biasio puts it, various performance and scalability issues arose that meant the system was no longer able to provide adequate support for a business-critical Oracle server.

This led to the firm seeking alternative backup, based on the Rubrik Cloud Data Management (CDM) system in 2017, which De Biasio says enables ASL to restore its data three times faster than before if a downtime incident occurs.

The company uses Rubrik CDM to back up its data every day and store copies of it in both the Amazon and Google public clouds.

As well as two public clouds, the organisation also operates two datacentres to handle its IT requirements. One is in France and the other is in Dublin – and if one ever fails, the other one can take over.

“One of the big benefits of this now is that I can sleep at night, because I am sure I have good backup,” says De Biasio.

“We can restore quickly and we have different versions [of the data] we can restore because it has granularity, rather than only being able to restore data from one day ago or two days ago. And it is more efficient.”

Read more about cloud data backup

The backup process is also far more straightforward and less labour-intensive, he says. “We have a catalogue. You use that to search for what you want to restore, and then click on it to bring it back, so we need fewer IT people [to look after it].”

The deployment of CDM prompted ASL to go deeper into Rubrik’s product portfolio in 2018, leading to it adopting Radar, the firm’s software-as-a-service (SaaS)-based threat management product.

The technology is specifically designed to help organisations evade ransomware attacks in the first instance by allowing users to monitor their infrastructure for signs of suspicious activity. ASL says this has saved its IT administrators at least 40 hours a month in security checks.

Should the firm fall victim to a ransomware attack, the system is also designed to allow ASL’s IT team to quickly pinpoint exactly which files and applications were affected and when, so they know exactly what data needs restoring.

“A lot of companies that have an issue with ransomware or phishing or whatever, experience difficulties with getting back to business, but with Rubrik we are not worried if we have an issue,” says De Biasio.

Scouring for evidence of attacks

He says his team used to spend up to two hours a day scouring its systems for evidence of ransomware attacks; now that job takes a just couple of minutes.

“Before Radar, the team spent 15 hours to recover from a minor ransomware attack,” says De Biasio. “If we had been hit with a major attack, I fear recovery could have taken weeks.

“Our team can now spend more time on initiatives that deliver value back to the business.”

Next on the airline’s IT agenda is addressing how it backs up its Microsoft Office 365 business productivity setup, which is relied on by both the organisation’s 3,000 employees and a number of third-party subcontractors.

“At the moment, we only have Microsoft for backup but it is not enough, because if you only use the backup provided by the [organisation] that runs your email, for example, what happens if they run into issues?” says De Basio.

“So, in the same way that we backup our data to Google and Amazon and run two datacentres, we know it is very important not to have everything running in just one place. You don’t put your eggs in one basket.”

Read more on Datacentre disaster recovery and security

Data Center
Data Management