What is Immutable Backup?
Immutable means cannot be changed. An immutable backup is a way of protecting data that ensures the data is fixed, unchangeable, and can never be deleted, encrypted, or modified.
Having immutable data is critical to ensuring a copy of your data is always recoverable and secure from disasters—natural or by humans—and, these days, especially, ransomware and other cybercrimes.
Why is Immutable Backup Important?
A ransomware attack hits a business every few seconds. The costs are enormous—whether you pay the ransom or not.
It can take a business months to recover from an attack. And traditional backup and recovery systems—which are meant to get organizations back up and running quickly—are today included in such attacks, as cybercriminals have learned that if they want to get paid, they need to target not only organizations’ production systems but also their safety nets—their backups.
For that reason, immutable backup systems are architected differently than those of the past, to provide ransomware protection, and to safeguard your data against a host of other dangers, both external and internal.
Why Deploy an Immutable Backup Solution?
Data is essential to your business. Imagine a healthcare provider suddenly losing access to all its patient files due to a ransomware attack. A university as the victim of targeted attacks that take away its ability to process student financial aid data.
These are real events that happen daily. You want to ensure that your backup and recovery solution is an immutable backup and recovery system, creating an immutable copy of your data. This ensures that there is an untouched—and untouchable—version of that data always recoverable and safe from any kind of disaster.
What Is the Difference Between Mutable Backup and Immutable Backup?
The key difference between mutable and immutable backup is that data saved by an immutable backup solution can’t be tampered with, modified, or removed.
On the other hand, mutable backups can be easily encrypted, changed, or deleted—common tactics used by cybercriminals trying to force a ransom payment. Mutable backup leaves you vulnerable to all sorts of risks. Immutable backup doesn’t.
Can Ransomware Infect Backups?
In the past, having a backup and recovery solution was a sufficient insurance policy against cyberattacks. But then cybercriminals got more inventive. Realizing that their demands for ransom would fall on deaf ears if an organization had (for then) an enterprise-class data backup and recovery solution in place, cybercriminals became increasingly sophisticated, specifically targeting backup data and related administrator functions.
In more recent years, there have been numerous incidents in targeted attacks where, prior to encrypting all the data in an organization’s primary backup, cybercriminals deleted or encrypted any backup repositories and snapshots.
This can be devastating to a company if all of its data is being held hostage and there’s no immutable backup to help it recover. This type of incident is serious enough to put a company out of business. Having an immutable backup that has been tested is critical to your organization’s overall security defense.
Why Immutable Data is Needed to Fight Against Ransomware?
Cybercriminals have demonstrated that they are increasingly targeting backup data. By deploying a data management solution that provides an immutable backup, your organization will retain a clean copy of data that can be used to bring business back and won’t ever be forced to pay a ransom to recover after a ransomware attack.
What to Look for in a Backup Provider that Supports Immutability?
When searching for a backup provider that supports immutability, you want a solution with a cloud-based hyperscale architecture that places all backup data in internal clusters that are inaccessible to any outside user or application.
Additionally, it is important that the backup snapshots are stored in a read-only state. Any attempts to write to an immutable backup snapshot—for example, incremental backups—should be written on (zero-cost) clones, which should also be marked read-only upon completion of each backup. Any writes to internal views during backup should only be allowed via trusted internal services and authenticated APIs.
What Can Happen When Inevitable Ransomware Meets an Immutable Backup?
A backup is your final line of defense against today’s sophisticated ransomware attacks. If your organization is attacked, immutable backups effectively provide an original copy of data that is indestructible. An immutable backup can’t be tampered with, encrypted, modified, deleted, or removed—common tactics of cybercriminals. Should a company detect a ransomware attack, it can use an immutable backup to instantly recover to its last healthy state when it was unaffected by the malware.
Cohesity and Immutable Backup
Cohesity is committed to simplicity. Keeping your business safe in today’s ransomware-infused markets ultimately comes down to protecting your backups at all costs. Cohesity’s defense-in-depth architecture, including immutable backup, data encryption, RBAC, etc., ensures that no unauthorized user or application can modify the original copy of your backups. Any attempts to modify the gold copy will automatically create a zero-cost clone.