Utilizing the cloud for backup has become fundamental to business continuity and disaster recovery (BCDR) best practices. Small business owners are realizing that not all solutions that employ the cloud are the same, however. There are significant differences in cloud design that can have a major impact on reliable backup and recovery of business-critical data.
These distinctions are coming into focus with threats to backup security on the rise, including hacking, human error, and malware. Research shows that ransomware, a subset of malware, is rapidly increasing the amount of downtime that businesses experience.
Immutable cloud storage is ideal for business owners and organizations seeking the highest level of protection for their data. But what does it mean to be “immutable”? In computing, an immutable object is one whose state can’t be changed or modified after its creation. The opposite of this would be a mutable object, which can be modified once it has been created. Taking it a step further, the term “immutable storage” is applied to stored data that cannot be changed or deleted.
As it turns out, many solutions that utilize both public and private clouds for backup and recovery are mutable. They can still be corrupted by hackers, who are increasingly targeting backup systems to make it impossible for organizations to recover from a ransomware attack.
Multiple Levels of Security
Datto SIRIS backs up data to the immutable Datto Cloud. A purpose-built backup and recovery cloud, the Datto Cloud’s immutable design provides maximum security and reliability. Multiple security layers are necessary to build an immutable cloud. In the case of Datto SIRIS, for example, it starts with mandatory two-factor authentication (2FA) for access to the cloud-based administration portal. All data is encrypted at rest in the cloud and optionally in the local hardened SIRIS appliance, helping to secure data before it’s replicated in the cloud.
Once a granular backup or “snapshot” has been taken, additional safeguards contribute to backup security. In the case of SIRIS, a post-backup ransomware scan is performed to ensure the data has not been infected by ransomware.
Advanced Backup Verification with patented Screenshot Verification adds an additional layer of confidence, virtualizing and test-booting virtualized servers to detect any backup issues, assuring that backups will boot with all data intact and free from ransomware. Once the ransomware scan and advanced backup verification have been performed, backups are replicated to the secure Datto Cloud via AES 256 encryption.
Smart File Systems
The choice of file system is critical to immutable storage. Datto selected ZFS (the Zettabyte File System) for backup storage in the Datto Cloud. ZFS is also specified for Datto appliances including SIRIS and ALTO.
ZFS is an advanced file system that is combined with a logical volume manager, and cannot be corrupted. It provides copy-on-write snapshots, zero-copy writable clones, data compression, and deduplication. In addition, ZFS provides support for massive storage capacities, as well as continuous integrity checking and automatic data repair.
Data integrity is a key characteristic of ZFS, which includes end-to-end checksums and data authentication at multiple levels in its file structure. It excels at data integrity protection by detecting and addressing silent data corruption scenarios, including phantom writes, data corruption on the drive, misdirected reads, and accidental overwrites. The net/net is that ZFS cannot be corrupted by ransomware.
Cloud Deletion Defense also contributes to the immutability of the Datto Cloud. With its ability to “undelete” an accidental or malicious deletion, Cloud Deletion Defense provides yet another protection layer.
Immutability Matters
Hackers are on the prowl, malware is lurking, and erroneous deletion is always a danger, making fully protected backups essential for preserving essential data. Immutable cloud storage is the key to reliable recovery when business systems are compromised.
Contact our team to learn more or to request a live demo Sales@DataSafellc.com