The Need for Backup Data Protection
In today’s world, by relying on various third party providers and applications, many organizations have the misconception that their corporate data is protected. As we know too well, this could not be further from the truth.
As the attack surface expands and networks become more complex, new threats are discovered daily. The list of breached organizations reads like a “Who’s Who” of the Fortune 1000. The adage: “It’s not a matter of IF you will be breached, but WHEN”, has become a painful reality to many in today’s challenging world.
When catastrophe strikes in the form of a breach or failure, it is crucial that you can trust the critical backup files on hand when restoring the devices in question. If the backup file that is to be used in the restoration of a device has been tampered with in any way, the devices being restored can be exploited by attackers taking advantage of a manipulated backup file. This could potentially provide attackers access to an organizations internal devices, causing a significant outage or potentially exposing sensitive information. In short, it can turn an already unfortunate set of circumstances into a true disaster affecting all facets of the organization.
How can we be sure that our data has not been tampered with? Security and policy enforcement professionals need the assurance that the data being backed up, hasn’t changed or been corrupted in any way prior to restoring.
Enter Immutable Data. Immutable data procedures ensure that files once initially saved, will remain unchanged and will not have been tampered with. Two key factors make this possible: Firstly, signatures of the files guarantee that the files remain unchanged, since initially being saved. Secondly, saving data files in areas that are completely protected from outside access provide a robust layer of defense. Collectively, these elements provide the assurance required to confidently access or restore these immutable files the next time they are required.
BackBox and Immutable Data
How does BackBox help keep your data safe?
Whenever BackBox executes a backup, it retains a hash of every saved file. In the event of a monitored device on the network failing, or perhaps when there is a maintenance task to restore a device to a previous state, BackBox will immediately calculate the current hash of the files and will compare it to those originally saved. BackBox is then able to immediately display to the user if the saved backup files have been tampered with in any way.
Recently, more and more organizations are finding themselves in the headlines due to crypto attacks, or ransomware attacks. The unfortunate evidence and outcome of this type of attack is the encryption of the compromised data of the organization. This data remains encrypted until the attacker’s ransom is paid and the attacker chooses to decrypt the data. In some cases, attackers have been known to gain access to local backup files, encrypting these critical files, rendering them unusable.
BackBox has long had the ability to export saved data files to a remote location. We continue to improve our export capabilities by adding options to encrypt exported data to a secure vault, using the likes of Amazon Glacier. This feature ensures that clients of BackBox will always have a secure, unaltered copy of their critical files available. Should the need arise, these files can be securely retrieved from the vault with the appropriate ID, saved to BackBox, and used to restore any supported device to a functioning state.
By using BackBox, and securing these critical files in such a manner, organizations can be confident that even if compromised elsewhere in their environment, these critical files remain unaffected.