Various technologies used for data backup have been declared "dead" several times. In addition to the long-running tape, the hard drive was also repeatedly attacked. Far from it - we explain why!
It's often said that flash storage will replace everything and that disk backups are a thing of the past. The reality is different: Disk backups are becoming more important, helping to reduce the cost and hassle of flash storage and last line of defense technologies. We'll show you why.
The new complexity of data protection
Due to the increased threat of ransomware and cyber attacks, the focus has shifted from pure backup (i.e. backup) to data backup with fast and secure recovery. This increases the complexity in the storage area. In addition to the classic backup-to-disk, backup-to-flash ensures that modern technologies such as continuous data protection (CDP), forever incrementals and instant recovery can contribute to the low RTO.
Backup-to-(virtual)-tape is also experiencing an unexpected boom, albeit under a new name: Air-Gap. Media that can be physically removed from the system are considered a silver bullet against the consequences of a ransomware attack, as they are 100 percent protected against manipulative access. And for the cheap storage of large amounts of data, such as backup archives, online storage should be used, in which data can also be protected by immutability.
Don't just rely on air-gap and immutability
There are various technologies to protect data from unauthorized access and thus from manipulation. The best known is Air-Gap, which is often equated with tape. In the meantime, the principle of immutability on a remote server “in the cloud” is also considered a worthwhile alternative to the air gap. An archive sealed by hardware WORM can also fulfill this function.
Nevertheless, it is not for nothing that these technologies are considered the "last line of defense", i.e. the very last resort for data recovery. However, this is not the solution to the danger of cyber attacks, since older data sets are usually stored on such "cold" media, which are usually not immediately available for a restore. Tape archives are purely linear and require a lot of manual and time-consuming effort when creating and restoring them. By definition, cloud archives are not available locally. In the event of a cyber attack, the first thing that should be done is to disconnect from the Internet, which also prevents access to this data.
Since IT failure is the largest cost factor in a ransomware attack, these poorly accessible archives do little to mitigate the consequences of such an attack. In fact, they are only seen as a last resort when all other data is lost.
The headquarters: backup-to-disk
Disk backups have been around for decades as a way of quickly backing up data and providing quick and random access to backed up data. Due to the sharp increase in data volumes, conventional RAID storage is no longer sufficient. Modern disk arrays have to be scalable almost indefinitely without requiring changes to the configuration (scale up).
However, the costly last instance can only be reduced if extensive measures are taken to protect against failure and attacks during the disk backup for data protection. The threat of targeted attacks that first spy on the IT infrastructure – often for months – and then try to make backups inaccessible is becoming ever stronger. If that succeeds, the "last line of defense" must actually take effect. To prevent this from happening, there are several measures to protect the disk backup.
Three key steps to protect your disk backup
- 1. Difficult access: Normal network admins or even "bosses" often have access to backup servers, usually through integration into standard authentication via Active Directory (AD). This represents the most obvious security gap. NAS storage for backups should not be mounted directly as drives, but via protected UNC paths. Access to all backup machines should not be via AD, but should be protected by multi-factor authentication.
- 2. Automatic, inaccessible snapshots: At regular intervals, the backup storage should automatically create snapshots that can only be deleted from the system and after the set retention period has expired. The frequency and duration must be set in such a way that they enable the highest possible level of security with a capacity that is just about acceptable. Since attackers often "look around" in the IT system for several weeks, the retention period should be as long as possible. The outsourcing of snapshots, for example to air-gap media or cloud storage, also depends on these settings.
- 3. Geo-redundancy: To protect against the failure of entire instances or locations, backups should be replicated to a second location, if possible using functions anchored purely in the storage that are not in the normally accessible network. The data store at the second site must not be accessible from the main network except for the purpose of replication. Since it is necessary to optimize the RTO (fastest possible recovery) that the data backup takes place where the data is generated or is needed again, this central backup area should be implemented on-premises, i.e. on site.
Isn't that also possible with flash storage?
Flash storage is fast, but also expensive - (still) significantly more expensive than hard disk storage. Flash is now considered set for primary storage. For individual instances with limited capacity, the speed advantage outweighs the higher costs.
The situation is different when the security measures outlined above are implemented. If these are also carried out on the primary target, the flash storage, the cost difference is multiplied compared to hard disk storage. The longer storage time and the capacity required as a result does the rest to push the costs into areas that are disproportionate to the speed advantage that can be achieved. For the reasons described above, direct outsourcing of long-term backups via air gap or cloud storage is not expedient in terms of RTO and RPO.
Conclusion: Invest in secure disk backup
In summary, it can be said that the more secure and comprehensive the central area of backup-to-disk is implemented, the less effort has to be invested in additional technologies for data backup that are difficult to access and sometimes involve a great deal of manual effort. The area of the primary target - flash storage - can be selected as large as necessary and as small as possible, which reduces costs and additional work. Since attacks are increasingly targeting the backup infrastructure first, disk backups must not only be specially protected against data medium failures, but also against these attacks.
More at FAST-LTA.de
About FAST LTA the FAST LTA is the specialist for secure secondary and long-term storage systems. The combination of durable and low-maintenance hardware, integrated software for data backup and on-site maintenance contracts with a term of up to 10 years ensure long-term, cost-effective storage of data from archive and backup applications. In-house developments such as local erasure coding, sealing using hardware WORM and efficient energy management help medium-sized customers to protect themselves against data loss through ransomware attacks and misconfiguration and to meet regulatory and legal requirements (GDPR). The Munich provider's solutions have proven themselves in thousands of installations in healthcare, public administration, film/TV/video and industry.