Immutability of backup snapshots: Datto BCDR leverages the Zettabyte File System (ZFS) so that all local and cloud backups are in a read-only format.Immutable cloud: Purpose-built backup and recovery cloud, a full-time security team, RBAC internal controls to protect customer data, Cloud Deletion Defense™ to “undelete” accidental or malicious backup file deletion, backup data encrypted at rest, geographically dispersed, SOC 2 type II and ISO 27001 compliant data centers, fully replicated for locations in the US, UK and Canada, local backups replicated into the purpose-built cloud via AES 256 encryption.Access Control: SSO Integration, Mandatory two-factor authentication (2FA), User administration access reporting, IP blacklisting and whitelisting for backup portal access, Active session management & monitoring, and TOR node blocking.The security features listed below demonstrate the leadership Datto has taken to secure backup. It can be argued that SaaS-based backup solutions are inherently more secure because all software is maintained by the vendor, from operating system patches to new releases of the software.ĭatto’s flagship solution, SIRIS, along with the Datto Cloud are an example of integrating security at every level into backup. Security spans access to the solution itself which requires multi-factor authentication to remove all back-end administrative requirements by offering the solution as Software as a Service (SaaS). Modern data protection solutions, such as Datto Business Continuity and Disaster Recovery (BCDR), were architected with these security requirements in mind. This is important, for example, if one or all servers have been infected with ransomware and the infection has not been isolated or mitigated. This can also encompass isolated recovery where data can be recovered in a location separate from where the primary data existed. Given that air-gap is more related to networks, isolation is a more appropriate term for data protection. For backup and recovery, some vendors refer to this as keeping data offline or segregated from the primary data. Air-gap defense/isolation: Meant to keep a network safe from intrusion, this has typically meant isolating a network from the internet.As a result, immutable backups protect data from accidental or intentional deletion or ransomware attacks. This backup type prevents data deletion and makes it recoverable at any time. Immutable: An immutable backup secures data by making it fixed and unchangeable.Since the administration of backup solutions is so sensitive, protocols such as SSO, 2FA, and RBAC should be utilized. Access control: Related to privilege access, which for backup is related to administration of the product.The meaning of secure backup and recoveryĪs organizations increasingly rely on backup and recovery to save them from a ransomware attack, the standard security methodologies outlined below-not normally associated with backup-are becoming more important. If backup is the last line of defense, it must be built to defend against hackers and ransomware. One such organization, the Conti ransomware gang, has become adept at rendering some backup solutions useless by hunting for privileged users and services to remove and/or encrypt backup files. Backup under attackĬybercriminals know most organizations back up their data, so those backup solutions themselves are now being attacked, ensuring an organization has no way to recover from such an attack. While a disaster recovery scenario for data has historically meant everything from natural disasters to power outages and accidental data deletion, malicious attacks on data (such as ransomware) have become the most common situation.Īs Lindy Cameron, CEO of the UK’s NCSC (National Cyber Security Council) stated at the Cyber 2021 conference at Chatham House, speaking to the preparedness of businesses “.many have no incident response plans, or ever test their cyber defenses.” This is exactly what cyber criminals are counting on, which is why ransomware attacks in particular have been taken to a new level of sophistication with Ransomware as a Service ( RaaS)-operations like the BlackMatter ransomware group provide services to independent cybercriminals who infiltrate an organization's server or network. When it comes to data security, backup solutions are of the utmost importance when ensuring data can be recovered, no matter how dire the situation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |