There’s a world of difference between immutable backup solutions and basic cloud backup services. And don’t forget traditional backup services via on-site appliances. Although less prevalent these days, some businesses still take this risky legacy approach. Why should you explore the nuances of backup? Cybercrime operators know that a solid backup is the last best defense against successful ransomware campaigns. So they’re refocusing their efforts to attack backups directly.
Here’s what you need to know to ensure your IT provider implements an option that best aligns with your strategy, budget, operating model, and risk tolerance.
Let’s define immutable backup
Immutable backups cannot be altered or deleted. Cyber thieves can still do tremendous damage to your IT systems. However, your core data is impenetrable and tamper-resistant. The same safeguards apply to accidental or intentional deletions from disgruntled insiders.
This advanced hardening gives you enhanced business continuity, elevated peace of mind, and greater negotiating leverage with your cyber insurance provider.
One popular configuration combines onsite storage and backup with offsite cloud storage and backup. Solutions like this allow IT admins to strengthen information protection controls by:
- Increasing the frequency of the backups
- Initiating nightly backup verification exercises
- Expanding the number of geographically diverse cloud data centers
- Adding independent, containerized “vaults” in separate geographical areas
The last option is costly and most relevant in heavily regulated industries like banking and finance.
You may be using immutable backup right now and not know it
There’s a good chance you already have an immutable backup solution that includes some combination of AWS, Azure, Commvault, Datto, QNAP, Synology, and Veeam. Since IT providers focus on unique service delivery versus product resale, many Managed Service Providers (MSPs) offer private-label backup solutions. This practice means brand name callouts are less frequent in conversations.
MSPs will not purposely hide their “ingredients” from you. However, the bigger picture is delivering a business outcome dependent on two weightier factors: skilled people and processes. Most clients know technology evolves, backup providers merge, corporations change names, and trust their MSP to pivot accordingly.
We’re mentioning brand names for two reasons:
- So you can see how third-party thought leaders rate solutions
- To create pause if you hear your MSP mention they’re offering a proprietary, “home-cooked” solution
Non-standard software programs don’t integrate seamlessly with hyper-scale cloud architecture. This mismatch with reigning storage platforms like Google, AWS, and Microsoft undercuts your scalability. Do you want to avoid getting saddled with digital handcuffs? Go with a solution with longevity because “moving” and “convenience” never fit very well in the same sentence.
Why is immutable backup so different than basic backup services?
Basic backup services take two general forms: stand-alone network-attached storage devices and free or low-cost cloud storage options from Carbonite, Dropbox, and Google. Both qualify as “basic” when they’re missing a combination of the following features:
- Secondary and tertiary cloud redundancy
- Security and access management policies
- Data volume scalability
- Performance/Speed
- Integration with Professional Service Automation tools
- Granular visibility and reporting
In each instance, the data resides in one location where it’s easy for bad actors to access, change, or steal. This arrangement is a tragic security flaw. Unlike a missing physical device, it’s impossible to tell when cloud data gets hijacked because you still have access to it. As the data grows, its value increases while protective measures remain static.
Here’s the kicker: a business can rectify every gap mentioned above and gain advanced backup status. However, threat actors still have the upper hand unless you maintain an immutable data vault with an air-gapped, isolated, tertiary copy of the backup and an isolated physical recovery environment.
Immutable backup is next-level! The timing for this innovation couldn’t be better. And even the innovators are actively making improvements. Backup resiliency is a journey rather than a final destination.
Do you have a guide for your backup solution journey?
This blog fulfilled our expectations if we inspired you to seek wiser counsel on immutable backup. Simplifying a complex topic into a few bullet points is like transforming a henhouse into a bouillon cube.
A conversation with an IT provider—one that has a significant IT consulting offerings— is a significant first step. Immutable backup may not be a fit right now but starting a discussion will open the door for incremental improvements you can make right away.