Immutable Backups – Managed Cybersecurity Strategy

Cybersecurity Strategy and Immutable Backups

Backups are not the most essential part of your cyber security strategy; nothing is. Cyber Security should be approached in layers, much like a human immune system.

  1. Protect from invasion externally (Skin / Endpoint Security, Firewalls, Spam & DNS Filtering, Password Policies…),
  2. and internally (Mucus lining in nose and lungs / VLANs, Group Policies…),
  3. and attack invaders (White Blood Cells / Detection and Response, )…

But the human immune system lacks something your Cyber Security Strategy could have. If an invader manages to bypass all of the human immune systems defences and the subject dies, there’s no disaster recovery. There’s no way to take a backup of the brain (that would be cool!) and reboot in another body. Conversely, suppose your business’s disaster recovery plan has, at the heart of it, an immutable backup  (unchangeable and cannot ever be erased). In that case, you will always have something to recover from.

To ensure that a copy of your data is always recoverable and secure from disasters—natural or caused by humans—and, these days, especially from ransomware and other cybercrimes, it is essential to have immutable data.

Disaster Recovery from Ransomeware

For example, in December 2020, The Resort Municipality of Whistler suffered a complete system ransomware attack that took them offline for almost a year. Yes, offline. Back to paper. The ransomers got the backup and demanded more than the insurance company was willing to pay. Very few businesses today would survive that.

There’s a simple question you should need a YES answer to about every system you use that is business critical, whether it be on a server at the office or in the cloud; Is there an immutable backup? Do not accept the answer: “Take a look at this documentation on our backups and security.” You need a YES. Getting that answer from a company like Microsoft or Google isn’t going to happen. But I’ve already covered what is essential about email backups in a previous rant.

The truth is, no backup is 100% immutable; if the earth is vaporized by an asteroid or some other major event happens, then the data could be destroyed. Unless you’re willing to go back to pen and paper for the processes that that system handles, there are a few basic things you should look for in an immutable backup.

4 Best Practices for Immutable Backups

  1. You should be comfortable with the frequency of the backup. Are you willing to lose a week, a day, or only minutes of data?
  2. The backup should not be accessible to any outside user or application. It should be accessed by a separate set of credentials from the production data that are not stored digitally and otherwise follow password best practices.
  3. No matter what, no one should be able to delete or change the backup. Backups are written over at the end of the retention period, and you should be comfortable with how long that data is kept.
  4. The backups should be stored as a recoverable snapshot and frequently tested to make sure they actually work.
If you’re looking for someone to talk to, feel free to grab a spot in my calendar.