Getty Images


Offline backups are a key part of a ransomware protection plan

Ransomware resilience relies not on a single tool, but on several layered protections. Offline backups are a critical layer in a ransomware protection strategy.

Ransomware is a major threat today, and it can be particularly harmful when it targets data backups. Offline backups are one method IT administrators lean on to protect against ransomware.

Offline backups are stored on an isolated storage infrastructure that is disconnected from production applications and infrastructure, as well as from the primary backup environment. The result is an air-gapped backup copy that businesses can use for recovery in the event that the primary backup copy becomes compromised.

Historically, an offline backup environment would be a good fit for data that requires less frequent access, such as long-term retention data, and data that is less business-critical. However, the simultaneous rise of cyber attacks and introduction of data privacy legislation have led to an increase in offline backups for mission-critical, frequently accessed data.

While offline backup ransomware protection is an effective option, it is a complex process. Offline backups play a role in ransomware protection, and there are numerous paths to get there. Before deciding to use offline backups for ransomware protection, organizations must consider some key factors. The backup method's practicality, cost, effectiveness and ability to meet recovery objectives are critical to keep in mind.

The longstanding approach to creating an offline backup environment is shipping backup copies to an off-site, disconnected tape storage location.

Offline backup can be a complex and slow process

The longstanding approach to creating an offline backup environment is shipping backup copies to an off-site, disconnected tape storage location.

The problem with this approach is that today's IT operations teams are understaffed and significantly strapped for time, particularly in the area of cybersecurity. Many simply do not have the cycles to deploy and manage yet another infrastructure -- especially considering that the isolated infrastructure will require manual software updates to avoid security vulnerabilities.

Another backup environment to protect and pay for

A potential pitfall of these alternatives is infiltration of the isolated environment. As a result, the environment must be closely audited for network isolation, control over when the network connection is open, and role-based access to and control over the network and vault environment.

In addition, IT operations staff must look for an option that has data immutability and indelibility. Immutability renders the backup copy read-only, so no one can make unapproved changes to the data. Indelibility inhibits the backup copy from being deleted before the conclusion of a dedicated hold period. These safeguards help protect against data exfiltration and corruption in the event that a malicious actor is able to access the isolated environment.

Be aware of offline backup window and recovery time

For any implementation, admins must consider the backup window. They must know how long it will take to complete the backups, as well as any potential lags or gaps between backup jobs. This fundamentally affects the business's ability to meet required recovery points.

Also important to factor in is the required recovery time. Both the backup window and recovery time are largely dependent on the frequency and size of backups jobs, as well as how much data the organization backs up.

Can cloud backups be offline?

New options are emerging that offer an operational isolation, such as hosting the data off site in the cloud or through a service provider. These methods require a network connection to production-facing portions of the environment in order to transfer the backup copy to the isolated environment.

There are a few drawbacks to using the cloud for offline data backups. Since it is isolated, but not completely offline like tape libraries, the cloud is easier for a ransomware attack to reach.

In addition, any cloud-hosted option is potentially subject to egress fees when data is recovered. This is important for IT operations staff to be aware of upfront because it is potentially a very expensive factor to overlook.

Krista Macomber, senior analyst at Futurum Group, writes about data protection and management for TechTarget's Data Backup site. She previously worked at Storage Switzerland and led market intelligence initiatives for TechTarget.

Dig Deeper on Data backup security

Disaster Recovery