Bernmobil

BERNMOBIL Improves Protection Against Ransomware Using AWS Backup and Recovery

2022

Swiss public transport organization BERNMOBIL, which serves the capital of Switzerland and the surrounding region, wanted better protection against potential ransomware attacks. In addition, the organization needed a secure way to store and back up its business-critical enterprise data. BERNMOBIL decided to use AWS and now benefits from secure, scalable, and cost-effective cloud storage without the burden of maintenance overheads.
Amazon S3 is our insurance
kr_quotemark

Amazon S3 is our insurance against ransomware and similar threats. Even if our systems are compromised at the operating system or application level within the 30-day period, the data is backed up and we can restore it.”

Martin Zurbrügg
Head of IT Infrastructure of BERNMOBIL

A ransomware attack, which uses malicious software to lock users out of their own computer systems unless they pay a ransom, can bring critical infrastructure to a halt. Swiss public transport provider BERNMOBIL did not want to take that risk. Its customers rely on its fleet of trams and buses for over 100 million journeys every year in the greater Bern area.

In response to the increase of potential security threats, and to safeguard its business-critical data, the BERNMOBIL IT team decided it needed to modernize its emergency response plan to build greater resilience against a potential ransomware attack.

The organization also wanted to find a low-maintenance way to back up and securely store its business-critical enterprise data.“We looked closely at our disaster recovery strategy and found that the focus of our existing plan was geared toward technical malfunctions, such as component failure or natural disasters,” says Martin Zurbrügg, head of IT infrastructure at BERNMOBIL. “We hadn’t considered threats such as hacker attacks, ransomware, or the intentional destruction of backups thoroughly enough in relation to the current threat landscape.”

Up until then, the organization’s backup strategy had narrowly focused on restoring failed systems from intact copies of the on-premises backup.

After it performed the review, BERNMOBIL decided that it needed a robust, cloud-based solution that could complement its on-premises system. The organization’s existing on-premises supplier already had a system it used to create immutable backups using Amazon Web Services (AWS), so BERNMOBIL and its technical partner investigated that option.  

Building a Data Backup Solution in the Cloud

BERNMOBIL worked with its long-standing IT consultancy firm, Netcloud AG, an AWS Partner that specializes in network transformation and simplifying IT management.

Together they made the decision to use Amazon Simple Storage Service (Amazon S3)—object storage built to retrieve any amount of data from anywhere. Data backups are automatically offloaded to the cloud to reduce dependence on expensive on-site backup disks.

Using Amazon S3 as an extension of its on-premises system, BERNMOBIL found an effective way of backing up production data so that it could not be compromised or manipulated. “The challenge we faced was that if someone infiltrated our systems for long enough, it could put our backup data at risk. We needed to store business-critical data in a way that could not be altered,” says Zurbrügg.

Zurbrügg was pleased by the ease of the setup process and the lack of maintenance required during operations. “The AWS solution has been set up once and now it just works—that’s impressive,” says Zurbrügg. “There are practically no error messages. The team does not have to spend time on it.”

The configuration was set up within hours, and after performing initial tests, BERNMOBIL had its first backup 2 weeks later. The equivalent of 30 daily backups of data—around 75 terabytes—is now stored on AWS. “Even the compliance process of our new cloud system was straightforward. There was no lengthy review process,” adds Zurbrügg.

The backup data is encrypted by the on-premises system before export and transfer to Amazon S3. By storing only encrypted data in the cloud, the solution is optimized for compliance requirements.

The Object Lock feature of Amazon S3 plays an important part in the system. The feature blocks the deletion of versions of stored objects during a retention period defined by the customer. By removing the ability to tamper with data history, BERNMOBIL added an extra layer of data protection for regulatory compliance and for the purpose of disaster recovery.

Building Greater Resilience Against Ransomware

By using Amazon S3 and having a cloud-based backup of its on-premises data, BERNMOBIL also improved its ability to protect data against ransomware attacks. “Amazon S3 is our insurance against ransomware and similar threats,” Zurbrügg says. “Even if our systems are compromised at the operating system or application level within the 30-day period, the data is backed up and we can restore it.”

After the solution went live, the IT team felt inspired to continue improving its approach to data security and reviewed its emergency planning strategy. “We realized that we could do some things a lot better using AWS and have since rebuilt the entire backup architecture around Amazon S3,” says Zurbrügg.

BERNMOBIL’s current setup will remain in place for the foreseeable future. However, because the organization’s on-premises IT infrastructure will be overhauled in the coming years, Zurbrügg believes that AWS will play a fundamental role as more business operations are migrated to the cloud.

In the second half of 2022, an AWS Region will open in Switzerland. The AWS Europe (Zurich) Region will serve end users from local data centers and will help Swiss companies build the infrastructure they need to deliver cloud-powered services and lower their IT costs.  


About BERNMOBIL

BERNMOBIL is a regional public transportation organization in Switzerland and serves the Swiss capital Bern and its region with trams, buses, and trolleybuses. Bern residents rely on BERNMOBIL for over 100 million journeys every year.

Benefits of AWS

  • Automated backup of immutable production data in the cloud
  • Protection of data against ransomware attacks
  • Reduced administration routines for the IT team

Get Started

Companies of all sizes across all industries are transforming their business every day using AWS. Contact our experts and start your own AWS Cloud journey today.