sdecoret - stock.adobe.com
Immutable backups help to protect against malicious or accidental data corruption, data tampering and data deletion. Consequently, they play a vital role in guaranteeing recoverability from ransomware, user error or malicious deletion.
Immutability helps organizations comply with data privacy regulations by facilitating historical copies of data that are verifiably accurate. Ransomware attacks continue to increase, in both frequency and severity, along with a rise in public and governmental advisement to not pay ransoms. This has made immutable backup a hot topic.
Once it has been written, no one within or outside an organization can change, delete, overwrite or otherwise manipulate an immutable backup. Immutability can be achieved with a removable device, however this article largely deals with online accessible backups that use a write once, read many storage technology. It is typically accompanied by retention locking technology to ensure no user -- even an admin -- can expire, change or delete the immutable backup until the end of a designated retention period.
The objective is to ensure the immutable backup cannot be encrypted by ransomware, damaged by malware or otherwise altered -- whether accidentally or maliciously -- by an individual inside the organization.
What are the drawbacks of immutable backups?
The sense of immediate security with immutable backups is appealing, but the reality is not as simple as checking a box. IT professionals must understand specifically how the immutability technology functions to avoid loopholes that bad actors will capitalize on.
For example, is it possible that the backup could be overwritten or redirected if it is accessed for a live mount or instant access function? Is the backup data validated to ensure it has not changed and is at a good point to restore from or to replicate? Furthermore, immutable backups retained on premises are still susceptible to physical damage, such as a natural disaster.
Another problem is organizations must pay for the storage that hosts immutable backups. This can quickly get very expensive, especially in the cloud, as the volume of storage that is required and, thus, must be paid for grows every month, if retention policies are not carefully managed by the company.
How to implement immutable backups
Immutability is controlled by the storage infrastructure that hosts the backup, whether it be an on-premises disk or tape storage system, a purpose-built backup tool, or a public cloud-hosted storage system.
Most backup software can control the policies associated with immutability. The software can trigger the target storage to create the backup as immutable and dictate retention policies. Organizations can set and oversee policies, or policies can be managed by a service provider based on the organization's requirements.
Immutable backups are an important component of cybersecurity and compliance, and they ensure backups are secure, accessible and recoverable. However, they are not the only piece of the equation. Authentication and access control tools and policies are important additional safeguards, as are isolating or air gapping immutable backups and encryption.