Keeping all aspects of your IT secure can seem daunting. Even backups are at risk, despite trying to provide a safe haven for your data. This is where Complete IT Systems and Blocky for Veeam can help. By applying a systematic approach to your security, you can protect data-at-rest and data-in-transit.
In a series of articles over the coming weeks, we will outline how to secure your backed-up data, and how to adopt a pragmatic, practical apprach to doing so.
In this article, part one, we look at how to understand cyber criminals’ motivations, the role of backups in limiting the impact of ransom attacks, and how Veeam backup encryption helps.
Knowing your enemy
The first step to knowing how to protect your backups is to understand your enemy. Cyber attackers target backed-up data for two main reasons. First, preventing an organisation from operating means there is no revenue coming in. Customers are uncertain, and this uncertainty almost guarantees some lost income.
Hackers stop businesses from functioning by locking firms out of their own data. They also extract sensitive personal data (PII) which can be a serious problem in the wrong hands.
The role of backups
Backing up data is a funadmental to good business practice. They also offer a good safeguard against ransom attacks by enabling a restore to the most recent point in time prior to an attack. Applying the 3-2-1 principle to backup means that you avoid placing all your eggs in one basket by storing data on different types of storage.
In the event of a ransom attack that encrypts an organisation’s data against them, with good backups in place IT teams can restore to a known point in time before the attack took place. For these reasons, it is not only essential to take regular backups, but to protect the data as it moves between locations and when it is in its final destination.
Encrypting Veeam backups
Encryption is a vital compont of protecting data. It is also a common trick cyber criminals use to lock organisations out of their own data.
With Veeam, you automatically have inbuilt encryption with the Backup & Replication solution. This enables you to switch on encryption on multiple levels:
- Backup jobs
- Backup copy jobs
- VeeamZIP
- Tapes
But there are some important considerations to keeping your backups completely secure.
If Veeam’s encryption has not been enabled for an existing backup job, the previous chain is not captured in the backup for that job. In other words, Veeam Backup & Replication’s encryption is not applied retrospectively.
To solve this, it is possible to start a new chain to enable the previously unencrypted chain to be siloed and then secured separately. Enabling encryption for an existing job then allows the in-built Veeam solution to create a full backup file.
What about deduplication?
Using a deduplicating storage appliance as the target for backed-up data means encryption can have a negative impact on deduplication ratios.
Since a separate encryption key is used for every job session, blocks that may be the same can appear to be different despite contaning the same data. By disabling data encryption, higher de-duplication rates can be achieved. The downside of this is that security is reduced.
Risk assessments therefore need to be conducted to balance deduplication with security.
Look out for our next blogs where we will go into more detail on this topic.
Find out more
Read more about Blocky for Veeam and view a short introduction video.
As Blocky for Veeam Certified Partners, Complete IT Systems have a team of specialists on hand to demo the solution. We can discuss business benefits and help you understand how the technology works for your organisation. We also offer exclusive 30-day FREE trials.
To get in touch or request a demo please contact us.
