Ransomware and malicious acts within our IT environments are rampant across the world, and the last line of defence is going to be your backups.
In Veeam Backup & Replication v10 the ability to store your Veeam backups using the Object Lock API was introduced. This would mean that you would have a secondary copy of your backup data most likely offsite and in an immutable state, which means it can’t be modified and is protected against insider malicious activity.
Fast forward to the release of Veeam Backup & Replication v11, and a way of storing data, agnostic to hardware in your primary location leveraging Linux with the NEW Hardened Linux Repository has been enabled.
Benefits of immutable storage backup
By definition, immutability is a solution that prevents data deletion or modification from the storage.
Knowing that data is critical to all businesses—leveraging an immutable copy of your backup data ensures that there is an untouched version of that source data that is always recoverable and safe from any failure scenario.
Veeam Backup & Replication v11 enables you to store your short-term retention backups locally onsite for fast recovery with the protection of immutability. In addition, you can now tier those backups into an immutable object storage offering offsite, giving you additional protection against unforeseen malicious activity or accidental deletion.
Immutable backup storage can help in the following cases:
- Production data is corrupted or compromised
- Accidental deletion of production data
- Insider malicious activity, administrators modifying backup job retention or deleting restore points.
What is the Hardened Linux Repository?
The Hardened Linux Repository enables primary backups to be immutable, not by packaging a storage appliance together, but by offering the ability to achieve local immutable backup storage by using generic compute and storage with a supported Linux x64 distribution that provides this functionality.
Immutability protects your data from loss because of malware activity or other failure scenarios mentioned above by temporarily prohibiting the deletion and modification of data.
A storage solution that prevents deletion and modification of backups
Now you know the purpose behind it and why we are doing this for our primary backups. But you have only seen part of the How — on the Linux server itself you do not need to set anything, Veeam will have that covered for you.
By default, the immutability is set to seven days for standard backups on the repository. It is very important that your job configuration reflects this so that your active backup chain is protected.
Ransomware or outside malicious activity are well-known 24/7/365 threats. Take a lesson from history – even the great city of Troy, that resisted outside threats for centuries, was quickly destroyed from within. When you use the immutable flag even the kings of backups themselves, the backup administrators, cannot delete those backup files.
Single access credentials
Protect the keys to the kingdom! It’s clear to see that a lot of this new feature is focused on the security and protection of your backup data. By focusing on access control, we are further reducing the possible attack vectors by not allowing Veeam or the backup administrator to have unbridled access to an elevated user account that was or is used initially to deploy Veeam services. These one-time use for deployment credentials are not stored by Veeam Backup & Replication.
I hear you asking, how do we get started?
Call us on 03333 22 11 00 or contact us using the form below:
Credit: Michael Cade
