Back to Portfolio
Journal February 1, 2026

Optimizing Recovery Objectives (RTO & RPO) in Secure Linux NAS Environments: A Design Science Approach to Ransomware Resilience

Authors A.S. Dilan Gomas
HCIBashLinuxRTORPOBackupAutomation

This study presents and evaluates a “Secure Pull” backup architecture designed to resolve the dilemma between recovery speed and ransomware resilience in modern Linux NAS environments. Using the Design Science Research Methodology (DSRM), we developed an artifact based on Restic for immutable snapshots and SSH tunneling for network isolation, creating a software-defined air gap that protects backup repositories from compromise even when the production server is fully encrypted.

Key results from the controlled lab evaluation:

  • Recovery Point Objective (RPO): 15 minutes — significantly outperforming the cloud-only alternative limited to 60 minutes by bandwidth constraints.
  • Recovery Time Objective (RTO): under 2 minutes for a 10 GB dataset, compared to 35 minutes for cloud restoration.
  • Security resilience: 100% data integrity maintained when simulated ransomware compromised the production server with root privileges. Standard push-based NAS configurations suffered total data loss in the same scenario.

The work argues that the traditional “3-2-1” backup rule must be augmented with a Zero-Trust principle: in the era of human-operated ransomware, the backup client should be treated as a hostile entity. The “Secure Pull” inversion — where the vault initiates connections to the production server rather than the reverse — eliminates the credential surface that attackers typically exploit to delete backup repositories.

The architecture is implemented using standard open-source Linux utilities (Restic, OpenSSH, Cron) and demonstrates that small and medium enterprises can achieve enterprise-grade ransomware resilience without the latency of cloud cold storage or the cost of proprietary WORM hardware.

Citation

Gomas, A.S.D., & Rathnayake, R.M.N.B. (2026). Optimizing Recovery Objectives (RTO & RPO) in Secure Linux NAS Environments: A Design Science Approach to Ransomware Resilience. Asian Journal of Social Science and Management Technology, 8(1), 82–94.

View on ResearchGate