Cloud Backup and Restore

Backup Immutability

HomeAll Services...Backup Immutability

Understanding Immutable Data Backups and MSP360's Approach

One of the worst case scenarios when backing up your data is losing it due to ransomware or another sort of attacks. Due to these attacks, data protection is a pressing concern right now. The best approach to safeguard your data is to use cutting-edge cybersecurity tools, including immutable backups.

 

Exploring Immutability (Object Lock)
The Criticality of Immutable Backups
How It Works
How Immutability Works in MSP360 Managed Backup
MSP360’s Approach to Ransomware Protection

Exploring Immutability (Object Lock)

Immutability guarantees total immunity to any changes to your data, which is a major improvement in the security of your data. A copy of your dataset that is immutable means it can’t be changed, erased, or rewritten. The WORM (write-once-read-many) technique ensures that the data written in an immutable storage format does not change. A backup dataset is secured securely away from any form of modification thanks to this approach.

The Criticality of Immutable Backups

The best backup protection currently available is immutability (object lock). Ransomware, unauthorised access, and human error are all unlikely to affect immutable backups. Even if you lose all of your data, an immutable backup will enable you to start over with fresh, unharmed data. Immutable backups can be useful in the following situations:

  1. Protection against malware and ransomware: Immutable backups prevent intruders from deleting or overwriting backup data, ensuring that a reliable copy of the data remains intact even if an intruder gains access to the server or endpoint through malware. This protects against ransomware attacks where attackers demand payment in exchange for restoring access to data.

  2. Compliance requirements: Immutable backups ensure that multiple copies of data are accurate and unchanged during the immutability period, which is crucial for compliance requirements that mandate storing multiple copies of data in an unaltered state.

  3. Disaster recovery: In the event of a disaster where data is lost, immutable backups act as a reliable source of data for recovery, similar to how blood donations provide a sufficient and compatible volume of blood for transfusion. Immutable backups ensure that the backup data remains in the same state as when it was sent to the storage, ensuring its compatibility with the business.

How It Works

Object lock is enabled when you decide to create an immutable backup. An object lock stops a dataset from being changed for a specified window of time. The dataset is WORM-protected at this time, which means that while it can be read, nothing can be added to or removed from it. The lock wears off and the backup dataset loses its immutability after the retention time has passed. Of course, you can select an endless duration, but since data loses relevance over time, there aren’t many situations when doing so is worthwhile.

Because the data that was backed up cannot be changed, immutable backups offer complete protection against ransomware attacks. If your entire environment is compromised, there is always a guaranteed clean copy for recovery.

How Immutability Works in MSP360 Managed Backup

Enabling Immutability (Object Lock) for Amazon S3

You require an Amazon S3 account in order to create an immutable backup with MP360 Managed Backup. You can establish a new bucket in the MSP360 Managed Backup control panel or use an existing bucket in your S3 account that has the object lock option enabled. Go to the Storage / Storage Accounts panel, select an AWS account, and click the gear symbol to accomplish this. Here, you can update an existing bucket or add a new one with immutability enabled.

The confirmation message will appear. After reading it and checking the I Confirm Enabling Immutability box, click Confirm.

On the Organisation tab, under the Audit Log section, you can see if you turned it on or not.

Enabling Immutability (Object Lock) for Wasabi

Select an existing account or create a new one in the MSP360 Managed Backup control panel to generate an immutable backup in MP360 Managed Backup with Wasabi.

Click Add Destination Bucket or modify an existing destination to add a new location for Wasabi immutable backups. Fill all the needed information and choose the Allow Immutability checkbox in the Destination Bucket section.

Enabling Immutability (Object Lock) for Backblaze B2

Go to the Storage tab, Storage Accounts section, and either add a new backup destination or modify an existing one to establish an immutable backup with Backblaze B2. By choosing the Allow Immutability option in the Destination Bucket section, you can enable immutability.

The Governance option, which permits changing with particular permissions, is the default setting for MSP360 Managed Backup’s immutability, although you can change it later.

The next action is to create an unchangeable backup. Click the gear icon of the computer for which you wish to generate an immutable backup in the Remote Management section, then select Show Plans.

Select the type of backup plan, then select Try New Format. As directed by the wizard, proceed. Select an immutability-enabled destination in the Where to Back Up step.

When you get to the Retention Policy step, enable GFS and set the retention times for daily, weekly, and yearly backups. Please be aware that for GFS to function, at least one full backup must be scheduled per week or more frequently.

Confirm that you want to make backups unchangeable by clicking Enable Immutability. Execute the plan as planned.

All backups covered by the GFS retention policy will now be immutable for the time frame you’ve given. This implies that, for example, if you decide to keep two weekly and two monthly GFS backups, no one will be allowed to edit these four datasets (unless they have appropriate permissions – for the “Governance” mode) until their retention periods are up. After a week, the weekly backup will become mutable again, and after a month, the monthly backup will too.

An immutable backup cannot be erased before the allotted time has passed unless you totally destroy your storage account. You are responsible for paying for the storage that immutable backups require during this time, so keep that in mind as you plan your budget.




MSP360’s Approach to Ransomware Protection

In addition to immutability, MSP360 Managed Backup offers several other security features to protect your data from ransomware and other threats:

  1. Two-factor authentication: This feature adds an extra layer of security by requiring a second form of authentication, such as a time-based one-time password (TOTP), in addition to a password, to access the MSP360 Managed Backup control panel, preventing unattended access.

  2. IP allowlisting: You can restrict access to the MSP360 control panel to only specific IP addresses, allowing only authorized users to access the console and preventing unauthorized access from other IP addresses.

  3. Different permission levels: MSP360 allows you to set different permission levels for sub-admins and users, limiting access to certain sections or settings in the control panel, ensuring that only authorized users have access to sensitive functions.

  4. Restricted access for endpoint users: MSP360 allows you to disable data deletion for endpoint users or even hide the agent interface altogether, preventing accidental deletion of data by end-users.

  5. Encryption and passwords: MSP360 supports encryption of data, making it more difficult for unauthorized users to steal data. Additionally, strong passwords can be enforced for user accounts to prevent unauthorized access.

  6. Activity logs: MSP360 provides comprehensive logging and reporting features that allow you to monitor and track all activities related to your backups, helping you keep an eye on any potential security issues.

MSP360 Managed Backup is designed to prioritize data security and offers a range of features to protect your data from cyberattacks and other threats. Immutable backups are an additional security feature that ensures the integrity of your backup data and helps you recover quickly in the event of a disaster. Contact MSP360 for more information and to enable immutable backups for enhanced data protection.