Immutable backup has become a trending topic in data backup world. Everyone talks about immutability, vendors keep developing new features to support immutability and immutable backup has become a must-have in backup solution today. When we talk about immutable backup, what are we talking about?
What is immutable backup?
Immutable backup cannot be separated with the Ransomware attack. The raising concern of ransomware attack makes immutable backup a must-have. Along with the complexity of cyberattacks, the security risk of backup and DR data keep increasing, the data could be affected in numerous ways (modified, deleted locked or encrypted) by cybercriminals via connected network.
In addition to ransomware attack, don’t forget human errors (accidental deletion in most cases) which still contribute to most of the data loss nowadays based on multiple reports from different organizations.
Immutable backups largely addressed these concerns by putting the backup data into an enforced “immutable” status, which means data can not be modified or deleted by human/system users within a given retention window.
In this legacy data protect practice, the focus for data security is mainly on access control to prevent unauthorized people to access data. The backup and DR solutions are the main method to protect data and site loss. Over the years, IT industry continually enhance the security of data/backup in numerous approaches including but not limited to:
- Segregate the management network of storage/backup devices.
- Introduce MFA, security role in user access control within storage/backup system.
- Data Encryption.
- Store data copies in different media types.
- Purpose-built hardware appliance with WORM (Write-Once, Read-Many) capability.
Immutable backup is not a new but an enhanced approach to secure the backup data to react the challenging in ransomware attacks.
Immutable Backup vs WORM?
In general, Immutable and WORM (Write-Once, Read-Many) are not overlapped but to explain the same approach in different layers. Immutable is a high-level requirement for data security, while WORM is a technical approach to implement the immutability requirement.
Technical Approaches of Immutable Backup
To meet the requirement of immutable backup, there some known technical approaches including but not limited to:
- Purpose-built hardware appliance with WORM (Write-Once, Read-Many) capability. (Most commonly adopted approach, for example, Data Domain, StoreOnce and etc.)
- Purpose-built software/OS with enhanced data security. (Developed by backup software vendor, for example, Veeam Hardened Repository.)
- Offline media (CD-ROM, Tape and etc.)
- Air-gaped solution to segregate the network between production data and backup/DR data.
- Public/Private Cloud data immutable solution.
Sometime, a single approach is not enough to secure the data, combine multiple approaches could significantly enhance your data security but could come up with new risks in integration faces. There is no perfect defender same as there is no perfect attacker. Choosing a proper solution for your organization based on the consideration of data importance, cost and technical capability of your team.
Additional Consideration of Immutable Backup
When you have configured the immutable backup, congratulations! However, you still need to be aware the remaining risks which could result backup data loss.
Let’s think about one scenario, you utilized a purpose-built hardware appliance with WORM enabled and integrated with backup software to enforce the immutable retention, no user could modify/delete the backup data, which is good. However, have you secured the hardware appliance user login? which could be used to factory reset your appliance. Have you secured the unused the network port on storage IP interface? Have you locked the rack in data center to secure the physical access of the storage devices? more and more, all these approaches contribute to the immutability of your backup data.
A short summary for a short post. Immutable backup is not just a technology approach used to secure your backup data. Instead, it is a combination of IT technical and operation approaches to secure your data and continually against the changing security challenges over the time. Don’t rely on a single locker, always put your locker in locker!