Backup software vendors insist on making backup data immutable, so IT professionals are now asking what are immutable backups. Securing backup data is critical since bad actors know the organization will count on their backups to recover encrypted files and negate the ransomware demand.
The problem is several methods exist to achieve backup immutability, and each has pros and cons. Some immutability methods dramatically increase backup infrastructure costs, and others don’t provide the protection that IT may be hoping for.
Why Backups Need Immutability
In the past, backup data may or may not have been encrypted during a ransomware attack. Today, backup data is now a target of bad actors, sometimes the initial target. Suppose the malware can encrypt or corrupt the backup data, metadata, or configuration files. In that case, the chances of the organization needing to pay the ransom to regain access to data increase significantly.
Join Veeam’s Rick Vanover and me for our webinar to learn the best practices for hardening your backup environment and how to execute the fastest, most secure recovery possible.
It is important to note that immutability is just one layer of defense in a ransomware recovery strategy. Customers must dramatically improve recovery point (RPO) and recovery time objectives (RTO). They also need to create a secure, isolated recovery environment.
What is Backup Immutability?
Backup Immutability is storing backup data in an unalterable state. However, it is not write-once, read many (WORM) storage, where no external force can alter the data. This approach won’t work for backup data because customers would need backup storage capacities hundreds of times their production size. The organization needs a backup storage method that can periodically refresh old backup data so that IT can limit capacity consumption rates.
Immutable storage allows for flexibility to remove data after it becomes replaceable by subsequent backups. Like WORM, immutable storage stores the data in an unalterable state, but after it has met a retention requirement, it can be removed, allowing IT to control backup storage growth better.
The challenge with immutable storage is once an external force can delete data, it opens the door, ever so slightly, for malware to alter policies somehow and execute a premature deletion of data. There is a balance that IT and the organization must agree on; protect data as much as is reasonable while maintaining an affordable backup storage infrastructure.
Understand the Types of Backup Immutability
Object Storage for Backup Immutability
There are two incarnations of backup immutability. In the first incarnation, the storage system provides an external application that can turn immutability on or off for specific files or groups of files. In this case, the backup application must support the storage system’s ability to store data in an immutable state.
Some backup applications have this ability, but many do not. Since most data centers use multiple backup applications, the likelihood of some applications supporting immutability and others not supporting it is very high, which makes providing global immutability challenging.
The primary advantage of this approach is that the backup software controls the process and can manage when and how long backups are secure. One of the attributes of object storage is that some versions of it can make data unalterable the moment it is written to the system.
Another advantage is that the number of immutable copies of data does not impact performance. Object storage enables IT to have a very granular catalog of data, which is critical for recovering from a ransomware attack, especially one that works for days or weeks before someone detects it.
The Disadvantages of Object Storage Immutability
The first disadvantage of using object storage for immutably storing backup data is its unfamiliarity. Most data centers are not using object storage, and immutable backup data storage will be the first use case. It is something new to learn and operate.
It also can’t replace existing backup storage infrastructure investments, increasing complexity. The overhead of object storage software means organizations can’t use it as the single target for all backups. They will need a fast initial backup storage target and an immutable backup storage target. With object storage only, they will miss their backup windows.
The requirements for two targets mean there is a time when that backup data is not in an immutable state. This window includes the time it takes to store the latest backup and transfer it over the network to the object storage system. The process can take double-digit hours to complete. IT professionals must also manage and maintain two copies of backup data and upgrade and manage two separate systems.
Additionally, the object storage approach to immutability does not address another backup data vulnerability; the software’s metadata and configuration files. The object storage system’s overhead means it does not have the performance to support these very active files. If the ransomware attack compromises these files, IT can recreate them, but it will add hours to the recovery process and sometimes days. The delay makes paying the ransom even more tempting.
The final disadvantage is security. If the object store allows one external application to modify its settings, then another external application, like a malware trigger file, can also modify those settings. Suppose the backup application assumes full responsibility for managing immutability. In that case, it is its sole responsibility to further protect against a bad actor or rogue user from compromising the software.
Transparent Backup Immutability
The second approach is to enable the primary backup storage target to directly store backup data in an immutable state without impacting backup or recovery performance. In most cases, backup storage targets deliver this capability using immutable snapshots.
The transparent backup immutability approach means that all backup applications can store their backup data in a single storage target in a universally immutable state. Replacing applications is not a requirement. A backup storage target with transparent immutability can work with the organization’s existing backup applications while still meeting the immutable storage requirement.
The Disadvantages of Transparent Backup Immutability
The first disadvantage of transparent immutability is that most storage systems, especially backup storage targets, do not have robust snapshot technology. They can’t store and manage the potential tens of thousands of snapshots required to recover from a ransomware attack.
In addition, their snapshot and replication technologies depend on each other, so while the backup storage target can replicate to a remote backup storage device, it may not be able to support an independent snapshot schedule on that volume. As a result, creating an air-gapped copy is also tricky since the primary copy and replicated copy depend on each other.
The second disadvantage of transparent immutability is that most storage systems can’t provide it over a range of storage protocols. These vendors will force the customer to use NFS or SMB or, once again, object storage. Changing protocols for backup transfers is no small task because the change can impact many existing backup policies.
The third disadvantage of transparent immutability is that the backup software is not involved in providing backup data protection. As a result, IT can’t verify its status from a view of the backup software.
Modern Backup Storage for Native Backup Immutability
Successfully recovering from a ransomware attack requires more than immutable backup data. It requires fast and frequent data capture, affordable long-term retention, protection of backup data, and rapid post-attack recovery. Immutability is just one ingredient in a successful ransomware recovery. At the same time, complicating an already complex backup infrastructure with additional backup storage targets may lead to recovery mistakes and increase costs.
IT professionals must look for an immutable backup storage target that provides both short-term and instant immutability within seconds of backup data arriving on the backup storage target and long-term immutability without impacting performance.
A system that uses advanced snapshot technology can store hundreds of thousands of immutable snapshots without impacting performance. The snapshot technology should be available from the file, block, or object protocol that IT is the most comfortable with and not force IT to change protocols. It can also deliver an isolated recovery environment via standby storage.
This type of solution can provide double protection. It can use transparent immutability to provide instant protection and Object Storage Immutability if the customer wants the backup application to have insight into the immutable status.
Finally, it should create an electronic air gap to a remote site. It should take immutable snapshots independently on the second site to ensure the organization can recover from even the most severe attack.