How to protect your backups: a checklist

Backups have always been a cornerstone of corporate data protection strategies, but now new soaring ransomware threats have made backup one of the most mission-critical priorities for organisations across industries.

Recent research has shown that 76% of business and IT leaders reported at least one ransomware attack in the previous year. Backup repositories were targeted in 94% of those attacks, and 36% of their data was unrecoverable.  With this in mind, it’s not surprising that backup is one of the fastest growing workloads for the data storage industry. From a storage systems perspective, here are four key points you must keep in mind when evaluating your infrastructure:

  1. Backups are much more than just storing a second copy of data. The intricacies of enabling fast data and service recovery (restoration), data efficiency, short-term vs. long-term retention, keeping immutable copies of data and potentially offsite storage are all involved here.
  2. Performance matters for backup and, most critically, for restoring data. This isn’t a light-duty workload for either the backup servers or the storage system storing the backup data.
  3. End users need the storage industry to actively participate in providing protection against ransomware attacks in many aspects: detection, prevention of data exfiltration, and recovery from attacks when they occur.
  4. And, to restate the obvious, backups are there for the purpose of supporting recovery of data and business operations. Your storage solution must be focused on bringing the business back online as quickly as possible in the event of an incident.

While backup/restore may not be considered quite as “sexy” as buzzwordy new workloads like cloud-native, AI/ML or big data analytics, it is arguably the most business-critical.  So, what should IT teams look for in their respective storage solutions?

Simplicity. This is key. In particular, consider storage solutions that offer combined short-term and long-term backup tiers, simplified access methods (the growth of the AWS S3 API in both backup applications and storage systems/services is notable).

Scalability. Look for a system that can store all of your backups for years, growing from tens of terabytes to hundreds of petabytes in a single system.

Quick and unfailing restores. Ensure that the system provides 100% availability of data and enough performance to get your critical services back up and running within a few minutes.

Compatibility. Solutions that are compatible with multiple backup management providers will give you flexibility. Moreover, we now see the data protection solution vendors themselves broadening their products to support object storage over the S3 API, for the advantages it provides in immutability and scale.

Hybrid cloud capabilities. Find a solution that can copy or archive backups to the public cloud as well as on-premises.

Immutability. Your storage system should keep your data immutable against ransomware exfiltration, modification, or destruction in several ways:

  1. Data should be stored in a format unreadable to humans. This means that user files are split/chunked and erasure-coded into small slices, and dispersed across dozens of disk drives. A ransomware actor would have little ability to pull these binary slices from the disk drives and make any sense of what part of a file or object they are looking at.
  2. Data can be encrypted using bulletproof AES 256-bit encryption methods, with the encryption keys stored separately to the system on standard Key Management Servers for additional protection. This means there is no way to make sense of the data without first decrypting it.
  3. Object-locking through the AWS S3 API, with retention periods that prevent data from being deleted or overwritten by users/admins/applications during the configured time period. A malicious user would be unable to change the policies or remove locks. In compliance mode, even the system SuperAdmin cannot change or remove these locks.

In today’s world, where ransomware threats are aggressively on the rise, backup and data protection is fundamental. With backup repositories targeted in 94% of attacks, and 36% of data being unrecoverable, it’s essential to invest in a scalable and immutable system that provides quick restores, such as those offered by modern object storage solutions. With backup a cornerstone of data protection, organisations must prioritise investing in a robust storage solution for their backups.

About the Author

Paul Speciale is chief marketing officer at Scality. In an accelerated world with increasing complexity, managing data at massive scale requires an elevated sense of design and orchestration. Scality has built a storage and data management ecosystem to protect and propel our customers into the digital age. Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Featured image: Imaginarium_photos