We often hear “Cyber Resilience” word thrown around these days. Every backup vendor has a cybersecurity play nowadays. Many have morphed into cyber resilience warrior vendors, and there is a great amount of validation in terms of Cyber Resilience in a data protection world. Don’t believe me?
Check out this Tech Field Day podcast video from a month ago, where my friends, Tom Hollingsworth and Max Mortillaro discussed the topic meticulously with Krista Macomber, who has just become the Research Director for Cybersecurity at The Futurum Group (Congrats, Krista!).
But I want to talk about one very important cog in the data protection strategy, of which cyber resilience is part of. That is Immutability, because it is super important to always consider immutable backups as part of that strategy.
It is no longer 3-2-1 anymore, Toto.
When it comes to backup, I always start with 3-2-1 backup rule. 3 copies of the data; 2 different media; 1 offsite. This rule has been ingrained in me since the day I entered the industry over 3 decades ago. It is still the most important opening line for a data protection specialist or a solution architect. 3-2-1 is the table stakes.
Yet, over the years, the cybersecurity threat landscape has moved closer and closer to the data protection, backup and recovery realm. This is now a merged super-segment pangea called cyber resilience. With it, the conversation from the 3-2-1 backup rule in these last few years is now evolving into something like 3-2-1-1-0 backup rule, a modern take of the 3-2-1 backup rule. Let’s take a look at the 3-2-1-1-0 rule (simplified by me).
The 3-2-1-1-0 Backup rule (Credit: https://www.dataprise.com/services/disaster-recovery/baas/)
- 3 copies of the data
- Stored in 2 different media
- 1 of the copy stored offsite
- 1 of the copy be either immutable or at an offlined air-gapped location
- The recoverable version must have 0 errors
There are further variations of this modern new rule. Catalogic Software proposes 3-3-1-1-0 (with 3 copies scanned by their GuardMode solution, adding an extra layer of protection against ransomware). The Catalogic approach makes perfect sense since we cannot fully trust the data that we are backing up nowadays. And Catalogic stresses on the immutability part as well. The best part is because the backup dataset, which was already scanned by Catalogic, is immutable, there is a higher degree of confidence for restore and recovery. This translates to better recovery objectives in RTO and RPO. You can read about Catalogic’s take on the 3-3-1-1-0 rule here.
Backblaze has their 4-3-2 backup rule where 4 copies of the data are kept in 3 different media with 2 copies in 2 different offsites. Backblaze’s recommendation does not have immutability built-into their data protection strategy, but nevertheless, vital in data backups and restores.
Immutable backups
Nevertheless, immutability is surely becoming the superpower for backup. So, what are immutable backups?
Immutable means not able to change. Thus, immutable backups are copies of the data than cannot be changed, modified or deleted, unless that copy becomes removable in a defined availability window. The immutable feature makes the backup copies less vulnerable (very much less) to cyber threat actors, since they cannot be modified or deleted. This is against the backdrop that threat actors are almost always targeting the backup copies first so that the victims have little recourse to restore their data.
Immutable backups strengthen the integrity and the security of the data to be recovered. After all, the key objective of secure backups is to ensure that data can be recovered in confidence.
Of course, the clean room recovery offerings that came in vogue lately is a testimony of why immutable backups are so important to ensure backup copies of the data is not contaminated in the backup process.
The modern data protection strategy
Check Point™, through their ThreatCloud AI, reported that 2023 was the “Year of Mega ransomware attacks“. Chainalysis called out that “Ransomware payments exceed $1 Billion in 2023“. Allianz, the German financial services giant, which provide cyber insurance, reported that “Ransomware alone is projected to cost its victims approximately US$265bn annually by 2031“.
The threat of data, any data, under attack, continues unabated. We can no longer deny that data is safe once there is a backup of that data. Nothing is safe anymore. And we cannot keep throwing usual backup strategies at the ransomware threats anymore. They are no longer working.
Therefore, the data protection strategy must not be business as usual. We cannot treat backup and restore as a secondary function of the business operations. We must view backup and restore more holistically, as a data protection strategy within a data management culture and mindset of an organization. With that in mind, we must demand immutability and immutable backups to safeguard and protect the backup copies of data. We must fortify our defenses. Immutability is a key factor in a Resilient Data Protection strategy.
