By Justin Giardina, CTO at 11:11 Systems
As the volume of data continues to increase and the threat landscape continues to evolve, it is increasingly important for organisations to protect backup data from unwanted deletion. Threats today can take the form of a malicious insider deleting backup data or a targeted cyberattack on the backups themselves. Modern ransomware attacks often first seek out and destroy backups before moving on to encrypting production data. However, companies will benefit from implementing immutability, the act of making data writable but noneditable for a defined period of time, as part of their data protection arsenal to help avoid or recover from a loss of production data situation.
The rise in cyber incidents, which according to the Veeam Data Protection Trends Report 2023 is the leading cause of outages over the past three years, is bringing the need for immutability to the fore, particularly as most organisations reported having fallen victim to cyber incidents, on average, twice a year.
Your data, your responsibility
While many organisations have transitioned to Microsoft 365 with a belief that this alleviates some of the pressure of managing data security, this is not the case. Securing the data remains the responsibility of the company that collects and stores the information, while Microsoft merely provides the infrastructure to host it.
Further, there is a misconception that email data cannot be encrypted, however, not only can it be encrypted, it can also be deleted maliciously both internally and by threat actors. To minimise this risk, companies need to implement a backup plan that includes immutability to minimise the risk of outages and total loss of data.
Moving beyond traditional infrastructure
In the age of ransomware attacks and other cyber threats, traditional backup options are no longer enough to protect organisational data. Rather, having a layered defence with immutability will go a long way to help organisations recover after an attack. As such, immutability, which has in the past been confined to traditional infrastructure backups, virtual machines and cloud native instances, is moving beyond this and being applied to the SaaS backup as well.
To make this happen, it is best to adhere to the 3-2-1 backup methodology where there are 3 copies of the data backup on two different media and one copy off-site, air-gapped or immutable. By combining immutable and traditional backups as part of an overall data protection strategy, companies have back-ups on-premise, while a copy is stored offsite or in the cloud, making it harder for all versions of the data to be breached or deleted. As such, data can easily be recovered in the event that disaster strikes either in the form of a cyber-attack or accidental deletion.
Retaining relevant data
Immutable storage, in particular, aims to archive sensitive data in a secure repository that prevents malicious data encryption and thereby facilitates compliance, ransomware protection and helps organisations to meet cyber insurance requirements. While having this data safely stored is valuable for organisations to aid in data recovery in the event of accidental loss or a cyberattack, it is equally important that it is stored according to set retention periods.
Further once the storage time elapses, the stored data is automatically either transferred to archival tiers or completely deleted, preventing this data, even if it is outdated, from being easily accessible by malicious actors.
Layered defence with immutability
In addition to the ransomware resiliency that immutable backup provides, there are several other benefits companies will reap when investing in immutability.
Data integrity and security are key benefits of immutable storage as they help to prevent data corruption, provide protection against malicious attacks and help companies to meet data compliance requirements.
With immutable backups, there is a much higher chance of success for data recovery should the worst happen, as the immutable backups are far less prone to deletion by a malicious actor. Additionally, the time to recover from an attack is quicker as the backups are exactly where they should be and no-one needs to search for old backups to restore then.
While not all data requires immutable storage, every company would benefit from identifying data that should be stored using a layered approach which includes immutability in the mix. This will go a long way to ensuring cyber resiliency in the event of a breach.