Immutable Storage: why use it?

Elisa Bondavalli
Digital Marketing Manager
December 20, 2022
4 MIN
Security
Security
Cloud Awareness
Cloud Awareness
Immutable data storage
Contents
H2 Heading
H3 Heading
H4 Heading
H5 Heading
H6 Heading
Share

All of us, especially in the past year, have heard stories of how large companies, hospitals, and government offices have been affected by ransomware attacks, and how they have sharpened and improved their techniques. Indeed, such threats have evolved and continue to do so by becoming more human and consequently more difficult to recognize in time. Thanks to this distinguishing feature of theirs, combined with increasingly AI-driven capabilities, the malicious agents in question are able to achieve, ever more easily, their goal: to corrupt and erase data, both production and backup, and then demand a ransom.

Their "progress" is also confirmed by the fact that they have become able to circumvent the most sophisticated market-leading data protection solutions, giving the perception that the action is being carried out by authorized users.

There are two choices for protecting data in these cases:

  • Use of Tape Library to store data in a maximum-security structure, while still limiting the management and retrieval of the data in a short time frame;
  • Using Immutable Storage,which we explore in more detail in this article.

What is meant by Immutability of data?

We have already addressed this topic a few months ago, more technically, Scalable Storage: how we made our Ceph storage immutable with Veeam, which I invite you to read if you haven't done so yet.

However, coming back to us, immutable data is defined as any information in a database that cannot be deleted or changed. In fact, in most traditional databases, data are stored in mutable states that are overwritten whenever new data are available.

In contrast, databases that store immutable data do not overwrite an old item when new information is available; instead, they preserve historical and current data values.

Dealing with ransomware or malicious attackers, immutability is one of the first technologies to implement to protect backups. By storing in an immutable repository, in fact, it is possible to define policies for a given period that effectively make backups immutable until the chosen deadline.

This means that regardless of whether you face a ransomware attack or an unauthorized administrator, or simply meet regulatory compliance requirements, your data will be safe.

What threats does Immutability protect against?

In most cases, when we talk about threats that can compromise the protection of our data, we are not referring to an "if" it will happen, but to a "when." For this reason, here are what are the possible scenarios in which data immutability can give us comfort.

  • Using storage technology that is unsuitable for the type of data and the needs of the business can cause the data to deteriorate;
  • Intrusion by a malicious external agent can lead to data breach and loss;
  • Actions that can be traced back to an internal malicious agent, which could potentially be an employee who modifies production code and facilitates the intrusion of malicious actors;
  • Physical removal or destruction of data;
  • Accidental errors that could cause data loss if proper and sufficient redundancy is not provided.

As varied as the possible causes are and may be perceived to be far removed from our realities, we should not underestimate them.

The Solution: Immutable Storage

CloudFire, in order to address the need for data integrity, first refers to Veeam's 3-2-1-0 rule, which defines that to ensure data recoverability when most needed, it is necessary to have: three copies of data, on two different devices, with an off-site copy. In addition to the canonical rule you also prepare at least 1 additional immutable offline copy and expect 0 errors with sure backup recovery verification.

Regola 3-2-1-1-0 di Veeam
3-2-1-0 rule

In CloudFire, we apply the concept of data integrity for a specific period of time, minimizing risk and ensuring storage scalability and flexibility with two different solutions:

Scalable Storage Immutable with Veeam

The solution combines the scalability of our Storage Ceph with theimmutability of Veeam .

To activate it, the requirements are:

  • Veeam side: to connect our Scalable Object Storage to Veeam you need to have Scale Out Repository functionality in your licenses. That is, a repository with horizontal scalability for multi-tier data storage, consisting of one or more repositories that can be expanded with additional repositories for long-term storage.
  • S3 Storage Side: on the Storage side, by choosing CloudFire, there are no further implementations to be made as our Scalable Storage, based on Ceph and compatible with the AWS s3 API, supports Veeam's Immutability feature, making the contents of the Tier capacity unalterable for a period of time set at the time of backup creation.

Acronis Cyber Backup Immutable Storage

Through Acronis Cyber Backup 's Immutable Storage solution you get immutable storage functionality ensuring that backups cannot be encrypted or deleted by any attack on the endpoint.

In conclusion, with the increasing number of ransomware attacks and the other possible causes, immutable storage becomes an essential tool for your security strategy.

I hope you found this article useful and helpful in making an informed decision about the potential related to storage immutability, and if not, please do not hesitate to write and ask us more.

You might also be interested

What's New
What's new CloudFire January - March 2024
Find out what's new in CloudFire in the first quarter of 2024: structural improvements to the Cortex platform, new features for users and ISO certifications.
Read the article →
Cloud and ISO: our first step towards Cloud compliance
Being certified to ISO 27001 and ISO 9001 means a constant commitment to ensuring cloud data security and the quality of processes.
Read the article →
Private Cloud Guide: Security, Control, and Performance
Discover the advantages of Private Cloud with CloudFire: security, total control and customized performance for a dedicated cloud IT infrastructure.
Read the article →
Microsoft 365 Backup: Is It Really Necessary?
Discover the motivations and importance of Microsoft 365 Backup for your 365 environments and data: a smart and forward-looking business decision.
Read the article →
CloudFire logo
CloudFire Srl
Via Giambattista Vico 93
42124 — Reggio Emilia
VAT ID: IT02764700353
Contacts
info@cloudfire.it+39052217534
Badge UNI EN ISO 9001Badge ISO/IEC 27001
Products
Openstack as a ServiceS3 Scalable Object StoragevSphere as a ServiceBare Metal as a ServiceAcronis Cyber BackupVeeam Cloud PlatformTalky Time Direct RoutingSIP Account3CXQbox emailCloud InterconnectSOC and NOCManaged Backup
Solutions
Backup & Disaster RecoverySecurityManaged IaaSUnified CommunicationInternal Development PlatformComposable Stack PlatformKubernetes MulticloudKubernetes Disaster Recovery
Resources
Login/RegisterBlogKnowledge BaseTech TalksHelpdeskStatus PageInformation and Policies
Why CloudFire
Partner ProgramCortexTechnologiesInfrastructureCompliance and SecurityAbout usCareersCertifications and QualificationsContact us
Follow us on
Privacy Policy
|
Cookie Policy
Copyright © {year} CloudFire Srl