top of page

Minimal Viable Operation (MVO) to counter ransomeware attack

Updated: Apr 22


In recent years, ransomware attack has caught public's attention. Ransomware is a malware that permanently blocks access to the victim's personal data unless a ransom is paid.

According to this article, experts suggest that a ransomware attack occur as often as every 11 seconds. US government agencies report that an average of 4,000 ransomware attacks have occurred per day across the past five years. Ransomware attacks have increased by more than 150% by volume, year-over-year, according to one report.

To counter this and other types of cyber attacks, standard approaches are to purchase more security products and develop more processes to reduce the probabilities of being taken hostage by the attack. But it is almost certain that no matter how you prepare, hackers find ways to exploit the system, and when it happens, not only could millions of dollars be lost, the system is incapable of functioning for days.

A new framework to address this problem has emerged, Minimal Viable Operation (MVO), that is, in addition to taking measures of preventing the disaster, we should also make our critical applications resilient to such disruption. The idea is to identify a set of critical applications, when disaster strikes, power down or take offline the primary running applications to stop data exfoliation, contain the damage and switch to the same application running in a clean site (a datacenter or cloud).

We need a out-of-band connection to the applications in the new and clean site, to backup data and redirect the consumers of the applications to the new site.

MVO requirements

Here are the areas to consider when architecting an MVO.

1. Identify mission critical applications

The first step is to identify the scope of the minimal viable operation: what apps are mission critical to be operable after disaster strikes. For example, if employees use VDI for everyday work, VDI servers and brokers are considered mission critical.

2. Identify an isolated clean site

The alternative sites maybe a different data center or in the cloud. The clean site must provide basic infrastructure to run applications and allow connectivity to and from the outside of the environment.

The clean site should be isolated, it should not be part of the enterprise networks, that is, the clean site does not participate in the network routing and connectivity so that malware doesn't propagate to the clean site via the normal network.

In order for performance be consistent, the clean site should be close to the primary site so that user experience does not vary significantly during the outage of the primary applications. When the primary application site is restored, the clean site should be cut off from serving consumers.

3. Data backup

If a database is part of the MVO, this database needs to be backed up. Backing up to the clean site requires out-of-band secure connectivity outside the normal enterprise network connectivity.

4. Out-of-band network to access the clean site

The connection to the clean site should not be part of the normal enterprise network, it should exists out-of-band.

If the pattern to access the critical applications in the normal times is through SD-WAN like connectivity from the branch offices, then there should be automatic switch over to connect to the clean site from branch offices during outage time for these designated applications.

On the other hand, if the pattern to access the critical applications in the normal times is through full tunnel mode VPN agents installed on the laptop of every employee, then the VPN termination system needs to be able to connect in an automated way to the clean site.

5. Manual switch over option

While there are advantages to switch automatically to the clean site for the critical applications during cyber attack to the shortest downtime, there is value in having control to avoid many false positives. As such customers should have the option to manually switch over to the clean site.

6. Implementation process

While it is tempting to implement MVO all at once, doing so could be overwhelming and significantly delay the overall project. It is best practice to start with one application, go through the implementation and in the process we not only learn if there are even more critical components that needs to be considered first but also validate design assumptions and come up with creative solutions.

Bumblebee Global Private Link for MVO

Private link, first developed by AWS with a name AWS PrivateLink, is a new type of connectivity model designed to connecting private applications. It is easy to use because it does connectivity without using routing and VPN gateways. Private link service is very much in sync with the zero-trust model movement as it is by default a zero-trust solution: application consumers can only reach the designated application and nothing else, no possibility of lateral movement. Private Link Service gained popularity and since then Azure, Google and other cloud providers all have all released their version of private link service.

Bumblebee Global Private Link (BGPL) takes the private link service concept to the next level. It expands the private link functionalities and user experience to cross regions, multi-cloud, on-prem and individual users. It provides packet encryption and cloud scale high performance, unlike the VPN gateway of 2Gbps throughput. In addition, BGPL supports multi-hosting and bring your own PKI enterprise capabilities.

Below is an example that illustrates using BGPL as the backup for an MVO solution.

Bumblebee Private Link Service for Minimal Viable Operation
Bumblebee Private Link Service for Minimal Viable Operation

In normal operation branch sites connect to applications deployed in the data center via SD-WAN, and Bumblebee Private Link Service is configured to connect to the backup application. Through a simple DNS CNAME change, the enterprise can direct all branches to route traffic to the backup application in the clean site.

Bumblebee Nodes are secure and isolated, they are not routing devices and do not participate in the network operation in the normal operation. The nodes do not have user logins and only receive traffic destined to the defined applications with specific protocol and port range.


Minimal Viable Operation (MVO) framework can be used as part of the tools to combat cyber attacks such as ransomware. In implementing MVO, Bumblebee Private Link Service as a backup is a secure, out of band solution for backing up and connecting to applications in case of application out of service due to an cyber attack or disaster.

34 views0 comments


bottom of page