Resources | Blog

True Immutable Backup: Sorting the Wheat from the Chaff.

BY Andrew Eva

Immutable backup is the ultimate safeguard against data loss in the event of ransomware attack or other serious data related event. Having immutable backups in place provides the assurance that if the worst does happen, your servers, applications and data can be brought online quickly, allowing your business to continue operating with minimum disruption – addressing one of the major concerns of businesses today. Illustrating this point, as reported by Information Age, recent global research found that 96 per cent of IT and security leaders were concerned around maintenance of business continuity following a cyber attack.

In recognition of the safety net that immutable backup can provide, demand for it has risen steadily in recent years, as has the number of managed service providers (MSPs) offering this service. Yet not all immutable backup offerings are equal, with many falling short in critical areas. Taking this into account, what should businesses consider when choosing an immutable backup provider? 

What to look out for when choosing an immutable backup provider

Research is all important when choosing an immutable backup provider as not all services are the same. There are numerous potential shortcomings of solutions that are currently on the market and IT security professionals need to be aware of these. Many providers who claim to offer immutability do so as a retroactive feature, meaning they achieve this via compensating controls as opposed to native immutability, which can only be offered in a solution that is built from the ground up. 

For example, some solutions write to third party storage and create immutability through putting backup applications and storage on  segmented networks. To do this, they isolate permissions within the backup system to only the backup application or to very minimal read/write permissions. They create gating rules that dictate where and when writing can occur. They turn on snapshotting within that storage platform and then lock the snapshots so they can’t be deleted without certain administrative access. Combined, all of those things provide some form of controlled immutability in the sense that if someone was to gain access to a system in the normal ways, the chances are good the intruder wouldn’t have the right kind of administrative access in order to disrupt or destroy the data that resides in the backup platform. In this way, immutability is achieved through compensating controls or software controlled features. What’s not being provided is immutability that’s built into the platform and can’t be disabled or removed. The end result is a form of protection that is manufactured. Any backup system that allows someone with the right administrative credentials to enter and delete data is not truly immutable.  

A secondary problem with immutable backup solutions that require compensating controls is the level of configuration they require. In many instances, these solutions are purchased based on whitepapers that outline best practices provided by sales teams that claim immutability, yet the degree of configuration required to achieve that may be less clear. When overstretched security teams install the solution, or this task is performed by a third party, default settings are often applied as recommended best practices may be viewed as too difficult to implement. This can result in vulnerabilities. Any backup solution that requires a high level of human interaction to set-up can’t claim to be fully immutable. 

The administration problem

Backup system administration is essential, but it can create its own vulnerability risks, depending on how it is managed. The key issue is knowing exactly which individuals in an organization can disable data protection tools like immutability or multi-factor authentication and how their administrator access is protected. Administrators should adopt a best practice approach to backup system management, which is to ensure that no individual is using administrative access on a day-to-day basis. Most administrative tasks don’t require administrator access – only administrative actions do. Therefore, the safest way to perform these actions is to authenticate up through the system using administrator credentials, perform the action and log-out. All other tasks should be performed using a standard non-administrative log-in. This way, the potential for password compromise is limited. Not all MSPs have the most robust procedures for securing administrative credentials, which is an issue and something that organizations should take into account when considering an immutable backup solution. 

Data security through segmentation

Another critical factor in a truly immutable solution is the separation of backup and production environments. Some MSPs run production and backup on the same networks and hardware, which creates a major vulnerability. To demonstrate the problem here, consider a situation where data is safely stored on an immutable storage system and the catalog server, which knows the location of all your data, is a virtual machine running on a production infrastructure. In this instance, should a data compromising event take place, the production system will be taken down – along with the backup system, severely compromising your immutability.  

Know your MSP’s disaster recovery strategy

Having considered the numerous factors that play a vital role in immutability backup solutions, it’s also important to take into account an MSP’s own disaster recovery strategy. It’s necessary to know how they would recover from a failure, in a worst-case scenario and what potential impact a failure on their side would have on your production environment. Additionally, a very good question to ask is what tools the MSP uses to manage customer environments. To cite why it’s necessary to know that, last year there was a large-scale hack that centered on a specific management tool used by numerous MSPs, leaving their customers open to compromise.  

Why platforms with native immutability provide the most robust backup solution

There are a number of options open to customers when looking for an immutable backup solution but only one that is built from the ground-up, with native immutability can claim to offer the highest standards of protection and reassurance. Rubrik’s platform occupies that space, with unmatched levels of security. For example, even a full administrator of the platform can’t disable immutability. It’s built into the platform and can’t be turned off – even by Rubrik. In this way, it becomes a black box appliance that can’t be compromised by a hacker. On top of that, the platform is constantly being strengthened to limit the potential damage of data compromising events. 

To help businesses looking for an immutable backup solution, we’ve compiled some questions to ask MSPs about their services, which we hope you find useful.

Download ‘5 Key Attributes of True Immutable Backups: What To Ask Your Backup Provider.’