The best protection against cyberattacks or equipment failures is backup. An axiom. However, now it needs to be proven anew. Because now every backup will have an encryption virus, the task of which is to wipe out all backup copies.
The best protection against cyberattacks or equipment failures is backup. An axiom. However, now it needs to be proven anew. Because now every backup will have an encryption virus, the task of which is to wipe out all backup copies.
Traditional backups no longer guarantee complete reliability? So what to do? Experienced specialists are paying attention to the so-called immutable backups, which cannot be deleted even by admins. In the era of cyberattacks, when the rights of even the highest-level admins are compromised, this seems like a super-relevant topic for an article.
So: how can companies secure GUARANTEED digital «life insurance»? What does it take and how much does it cost?
We’ll figure it out together with Serhiy Stoyan, a De Novo engineer with decades of IT experience .
Today, backups are no longer just about protecting against failures or human error. In the context of cyberwarfare, they are increasingly being destroyed or encrypted intentionally.
«Now a common story is when hackers not only encrypt the main IT infrastructure, but also delete backup copies. And the company is left with nothing,» says Serhiy Stoyan.
Even in the event of a cyberattack, classic backups can be modified or deleted — especially if they are available online. And this makes them vulnerable.
«Kyivstar, Ukrzaliznytsia, state registries — they all experienced firsthand what crackers (malicious actors — Ed.) are like, who sat in the infrastructure for months and could quietly change data. That is why ordinary backups without protection are too little,» the expert says.
Immutable backups are backups that cannot be modified or deleted until the specified retention period expires.
«Such a copy is created on storage, which programmatically blocks any changes. Even an administrator will not be able to delete it before a specified time,» the expert explains.
Using such copies means that even if accounts or infrastructure are compromised, the data remains intact.
Such backups can be «disabled» — then they are physically inaccessible in the system, and the attacker cannot find out about them .
«We offer a product called Hardened Backup Repository,» says Serhiy. «This is a separate disk subsystem, virtual resources that are protected from any changes. Even the customer’s administrator cannot delete backup copies before the expiration of the established storage period — usually 30 days. This is a fundamental difference from regular backups,» the expert emphasizes.
Hardened Backup Repository (HBR) is an extension of the 3-2-1 backup model. We add another layer of security: an offsite copy that can be disabled and completely inaccessible until an administrator enables it. This means that an attacker won’t even know it exists.
HBR is architecturally a secure data storage designed with Zero Trust principles in mind. Copies are transferred to the storage already encrypted. Connection is possible both via an Internet channel with a speed of up to 2 Gbit/s and via a dedicated line (up to 10 Gbit/s). Data is transferred using disposable accounts that are not stored in the backup infrastructure, which makes it impossible to access the storage even in the event of a complete compromise of the client’s main system. The storage can be isolated from the network using air-gap mechanisms that are activated only for the period of data transfer.
Let’s recall that Air-gap is a strategy for isolating backups from the main IT infrastructure. That is, when backups are stored separately from the main network so that they cannot be accessed even in the event of a complete infrastructure breach.
What other De Novo cloud services provide the ability to create immutable copies of data?
Veeam Cloud Repository (VCR) provides integration of a cloud repository directly into Veeam Backup & Replication or Veeam Agent of the client. After simply adding the provider parameters, the repository appears in the backup interface and can be used to form your own copy schedules. Traffic encryption is provided by SSL/TLS, and it is also possible to implement end-to-end encryption to guarantee data during transmission and storage in the cloud. Immutability policies are set by the provider from a fixed list. The architecture provides for fast recovery both to the local infrastructure and to the De Novo cloud.
Flex Backup Geo XR is designed for scenarios that allow geo-backup and recovery in another data center, assigned to another service. This service allows agentless backup of virtual machines in De Novo cloud data centers, creating a geo-copy in AWS S3 object cloud storage in parallel. The client receives an account and a backup encryption key, which allows self-recovery of data to any compatible environment, including VMware, Hyper-V, and global provider clouds. The backup schedule is configured through the BaaS portal. Geo-copy storage immutability policies are configured by the operator at the client’s request. Recovery from a geo-copy is charged separately.
Object Storage Backup Repository (OSBR) is a service for environments integrated into the De Novo Hosted Private Infrastructure (HPI) platform. In this case, a local copy of data is stored directly on the private cloud resources where the application landscape is located, and a geocopy performs the Disaster Recovery function and allows you to restore the application landscape on external resources (for example, in AWS S3 object storage) in the event of a complete unavailability of the HPI complex. The client receives full control over backup policies, as well as the ability to independently restore to their resources. Immutability policies are enabled upon request. Restoration from geocopies is paid separately, but other operations, such as traffic and API requests, are not charged.
Serhiy Stoyan reminds that once, in the very distant 2000s, tape libraries were popular (by the way, they still exist today). Information was recorded on special cartridges — WORM (Write Once Read Many). Unlike HDD and SSD, which require constant power supply to maintain access to data, these media did not consume energy during storage. Therefore, data could be stored on them for 30 years or more.
This «cassette» could be recorded, but could not be rewritten. It had a physical fuse on it. It could not be rewound.
«The technology is old. It’s just that it is now implemented without all these expensive solutions, specific plug-in libraries. The data is stored on the basis of a virtual machine, which provides access to this disk array. It is exclusively provided to the client,» says Serhiy Stoyan.
«Everyone understands that reliable backups are needed. But as soon as the issue comes to payment and system operation, it fades into the background. People look at the costs and do not see the direct benefit. The administrator’s salary will not increase from the fact that he made backups, and money for resources must be paid constantly. Therefore, many people put it off until a problem occurs,» says Serhiy.
According to him, companies usually, unfortunately, learn what immutable backups are only after incidents.
«We had businesses come to us that had been affected by cyberattacks. And they said, 'We’re ready to pay. We want this to never happen again,'» says the IT architect.
There is a myth that reliable backups are too expensive. In fact, the price depends on the amount of data and the storage period.
«Yes, storing data for 10 years is expensive. But if it’s a matter of a few weeks or months, it’s quite bearable for most companies,» explains architect De Novo.
Typically, reliable backup will cost approximately 5% of the cost of using the data center’s IT resources.
The minimum volume is 25 TB. This seems like a large number.
«But keep in mind that if you initially put one backup copy in storage. It is stored for 30 days. And a week later, you put another one for 30 days, and a week later, another one, you quickly accumulate resources. Therefore, even if the company’s infrastructure „weighs“ 5 TB, then 25 TB may be just right,» emphasizes Serhiy Stoyan.
It should not be forgotten that the losses from an incident — downtime, reputational risks, recovery — are usually many times greater than the costs of a proper backup infrastructure. Therefore, it is better to first properly plan your IT infrastructure (including competent backups) than to later look for how to get out of a difficult situation and what to tell customers.
