Cyberstorage: Italian IT Managers’ Response to Ransomware

Redazione RHC : 10 September 2025 07:31

Cyberstorage: Italian IT managers’ response to increasingly sophisticated ransomware. The landscape has changed in recent years: more aggressive ransomware, data exfiltration before encryption, service interruptions due to physical events and more. In this context, simply “saving” data is no longer enough: storage becomes part of security. Precisely for this reason, Italian IT managers are increasingly focusing on cyberstorage: storage designed to resist attacks directly where the data resides.

At its core is a key architectural principle: the fragmentation and native distribution of data across multiple geographic locations. This is complemented by integrated security features—such as immutability, encryption, and access control—that increase resilience and support true business continuity even in critical scenarios.

What (really) is cyberstorage

To put it simply: it’s storage with built-in security. Not a layer applied on top, but native data-level controls to resist tampering, deletion, encryption, and unauthorized access.

Historically, we’ve relied on perimeter controls (firewalls, network segmentation), identity management, and versioning. These tools are useful, but not sufficient when the attacker reaches the storage itself. Cyberstorage was created to fill this gap: it brings zero trust down to the data level, reducing the likelihood of total compromise and facilitating recovery.

It’s no coincidence that Gartner analysts list cyberstorage among the 6 strategic IT trends of 2025: fragmenting, distributing, and protecting data across multiple locations minimizes the risk of data compromise and breach.

Why cyberstorage is a priority for IT managers today

Today’s ransomware gangs are no longer limited to encrypting data. In many cases, the attack begins with exfiltration: data is copied and taken out of the organization, then encrypted to make it inaccessible, and finally used as leverage to threaten its publication.
This is known as double or triple extortion, an approach that renders even a perfectly functioning backup useless, because the real damage is not just service interruption, but loss of confidentiality.

This exposes the company to:

• Economic losses (operational downtime, penalties, response costs)
• Reputational damage, if the data Exfiltrated attacks target customers, employees, or partners.

At the same time, attacks targeting virtualization infrastructures and backup repositories are increasing. On the physical level, the risks of disaster (fires, floods) and prolonged interruptions (blackouts) remain.

Cyberstorage isn’t a magic solution, but it represents a key component of a modern disaster recovery plan, which focuses on data integrity and confidentiality even in extreme conditions.

How is it different from traditional storage?

“Traditional” storage was created for capacity, performance, and availability. Cyberstorage adds:

• An architectural principle: fragmentation and native distribution of data across multiple locations/domains to reduce the risk of loss and compromise in the event of an incident.
• Security controls (not necessarily native, but integrated into the storage stack) that increase resilience: immutability, encryption, access control, and more.

These elements operate on the data itself, not just at the network perimeter.

Regulations: What’s changing with NIS2 and GDPR

With the entry into force of the NIS2 directive, Italian organizations—both public and private—must demonstrate their ability to guarantee business continuity, data security, and the availability of essential services even in the event of an attack. Having a backup is no longer enough: regulations require concrete evidence of effective technical and organizational measures, as also established by the GDPR. A poor strategy exposes the company to high risks: prolonged disruptions, financial damage, and fines of up to €10 million or 2% of annual global revenue, whichever is higher.

Where to start without redoing everything

The goal is not to overturn the stack, but to increase resilience with concrete and measurable choices. Here are the basics:

• Apply the 3-2-1-1-0 backup rule: three copies, two different media, one offsite, one immutable, zero errors in testing.
• Domain separation: those who manage production do not manage backups; Least privilege, multi-factor authentication (MFA), and two-factor verification for critical operations.
• Test recovery in a real-world and comprehensive way (not just tabletop): measure RPO/RTO, document, and remediate.
• Popular standards (e.g., S3/Object Lock compatibility) to integrate with existing tools and maintain portability. Avoiding technology lock-in.

Guiding questions to guide priorities:

• How long can my business remain offline without serious damage?
• What data should I restore first?
• Who makes decisions, and with what tools?
• Where are copies of the data stored, and are they secure?
• Is the stored data also protected from unauthorized access?

The ability to recover is crucial, but so is preventing loss/exfiltration before encryption. A modern disaster recovery plan must include attack-resistant storage, strict access controls, role segregation, and systems designed for security by design.

Factors to Consider When Choosing a Resilient Storage Solution

When evaluating a cyberstorage solution, it’s not enough to look at cost and performance: resilience comes from architectural choices and security features. Below are the most relevant technical criteria to consider.

• Data is fragmented and distributed by design across multiple environments or physical locations: this minimizes the risk of compromise in the event of an incident.
• Strong data encryption (e.g., AES-256), with secure key management (via dedicated systems such as KMS), possibly controlled directly by the customer.
• Data immutability (e.g., via WORM or Object Lock mode) and creation of automatic copies (snapshots) to ensure availability even in the event of a ransomware.
• Zero trust at the data level: Least-privilege access, with identity management systems (IAM), multi-factor authentication (MFA), and two-factor control for critical operations.
• Data traceability and integrity: Detailed, unalterable logging of file access and changes, useful for audits and forensics; Automatic integrity verification to ensure data has not been compromised or altered over time.

Cubit: the Italian answer to the need for resilient cyberstorage

In a context where cyberattacks are increasingly sophisticated, Cubbit offers a concrete response. Unlike the traditional cloud, Cubit encrypts, fragments, and replicates data across multiple geographic locations—safe from ransomware and disasters. We’re talking about 100% Italian cloud storage, chosen by Leonardo, Rai Way, and more than 400 Italian and European companies.

In addition to immutability and native geo-redundancy, Cubbit stands out for its transparent approach: no hidden costs, savings of up to 80% compared to hyperscalers, data localization in Italy, and compliance with regulations such as GDPR, ACN, and NIS2.

Compatible with the S3 standard, it easily integrates with Veeam and other clients already in use. The scalable architecture allows you to quickly scale from TB to PB. The technology is available in two modes, depending on your operational needs:

You can start with DS3 Cloud (ready-to-use cloud object storage) or create your own customized cloud with DS3 Composer (a fully European software-defined solution).

Activate a free Cubbit trial or contact the team directly on the official website.