Disaster Recovery Journal Fall 2023

n The backup appliance itself to access its management console and/or its backups. The latest disk-based target backup appliances offer multiple features to make them more resilient against these attacks. These resilience features include the following: n Data immutability . The data immutability feature can prevent anyone or any task from changing or deleting backups stored on a backup appliance. This feature has become almost a prerequisite for backup appliances. Storing data in an immutable format addresses two specific challenges. Should ransomware locate the shared folder with backups on the network, it cannot delete or change. Also, should a hacker compromise and access the backup appliance, the hacker cannot change or delete backups through the management console. Almost all legacy and new disk-based backup appliances now offer data immutability. However, some disk-based backup appliances implement it with an option that allows someone with administrative permissions to still delete backups. Organizations should verify which options a specific disk-backup backup target appliance supports. n Data encryption . Organizations should also take care to encrypt their backups. While data immutability protects backups from being changed or deleted, hackers can still potentially access and read the backups. If they can read them, some ransomware strains may copy the data to their site. Once copied, they still demand a ransom or else they threaten to publicly release the data. Encrypting backups as they get stored ensures even if ransomware copies them the hackers can do nothing with them. n Role based access controls (RBAC) . Disk-based target backup appliances may require a username and password combination to log into the appliance. Unfortunately, organizations may never change an appliance’s default username and password combination or use a simple username and password combination. These approaches made it easy for hackers to guess the combination and log into the appliance. To counter this, the latest disk-based target backup appliances offer role-based access controls. These appliances may still require individuals to use a username and password to log in. However, they integrate with an organization’s implementation of Active Directory. These often require the use of complex passwords and assign a specific administrative role. Once logged in, the individual can only perform tasks according to the permissions assigned to their role. On some appliances performing a task such as moving or deleting backups on the appliance may require a second administrator to approve the execution of the task.

This combination of technologies proved so successful, inno vation in backup appliances slowed over the past two decades. Disk-based backup providers continued to introduce new and larger disk drives, faster network interfaces, and appliances in various form factors. However, 20 years later, these backup appli ances still primarily serve as tape replacements, the same role they originally fulfilled. Shortcomings of Legacy Backup Appliances Today using many existing disk-based backup appliances as tape replacements may no longer meet current organizational backup requirements. Organizations have new requirements that disk-based backup appliances may fail to, or only partly, address. Ransomware attacks represent the primary new threat for which organizations must specifically account. Disk-based backup appliances, when first introduced decades ago, made no provisions for ransomware attacks. This threat simply did not exist, so there was no reason for providers to account for it. However, the threat of ransomware exists today. This requires disk-based target backup appliance providers to minimally account for it in two ways. n First, they must account for ransomware potentially attacking the appliance itself. This requires the appliance to protect itself and the backups it hosts from ransomware attacks. n Second, these appliances must position organizations to rapidly perform restores and do recoveries. These two modern-day requirements represent shortcomings of many disk-based target backup appliances. When developed, providers focused on and optimized them for ingesting backups and minimizing their data storage requirements. Even today, pro viders still promote their appliances’ backup throughput rates and deduplication ratios. While backup throughput rates and deduplication ratios still matter, they no longer suffice. Organizations now need these appliances to deliver additional capabilities. These features should minimally ensure the appliances can withstand ransom ware attacks. Ideally, they should also position organizations to restore and recover their data. It Begins with Resilience Many organizations report foiling ransomware attacks using a combination of their perimeter cybersecurity defenses and recov ering from their backups. This has led hackers to now create ransomware strains which specifically attack the backup infra structure. Once initiated, the ransomware may attack an organization by scanning its network for: n Shared folders and then looking for backups in them.

20 DISASTER RECOVERY JOURNAL | FALL 2023