Introduction to Immutable Backups
Immutable data backups are a crucial component of data protection strategies. They are designed to be unmodifiable, ensuring that your data remains safe from ransomware attacks, accidental deletions, and other threats. In this video, we'll explore the concept of data immutability and how it can safeguard your valuable information. You'll also learn how MSP360's immutable data backups and remote monitoring management solutions can provide you with peace of mind.
Immutable data backups are crucial for any given organisation's data protection strategy. When you back up your data, one of the worst scenarios imaginable is losing your data due to ransomware or another type of cyberattack. Data protection is a burning issue right now due to these attacks, and the best way to keep your data safe is to use the most current cybersecurity technologies, such as immutable data backups.
What Is Immutability (Object Lock)
Immutability offers complete immunity to any changes to your data, providing a significant leap forward in keeping your data safe. The immutable data backups are a copy of your dataset that cannot be modified, deleted, or overwritten. The data saved in an immutable storage format remains fixed due to the WORM (write-once-read-many) mechanism. This mechanism ensures that a backup dataset is locked safely away from any type of alteration.
Further reading Beyond Technology: How Immutable Data Backups Build Trust for MSPs
Importance of Immutable Data Backups
Immutability (object lock) is currently the highest level of backup protection possible. Immutable data backups are not prone to ransomware, unattended access, or human factors. Even if you lose all your data, an immutable backup will help you to rebuild everything from scratch, using clean, uncorrupted data. Here are some examples where immutable data backups can help:
- If an intruder gains access to the server or endpoint using some malware. This is one of the most widespread threat types, and intruders often go further, aiming to delete all your backups, so that you can’t just restore your data instead of paying the ransom. Immutable data backups are the best way to protect your data from this threat type, as no one except employees you trust can erase or overwrite anything from the backup dataset.
- If you fall under compliance that requires you to store several copies of your data. The immutable backup is a guarantee that these copies are completely accurate and will remain in the unchanged state until the immutability period ends.
- If you encounter a disaster and lose all your data. Backup storage in this case acts like a blood donor; it provides you with an appropriate volume of data for transfusion, so that you can continue running your business. This data, like blood, should be of appropriate quality – sufficient amount, no viruses, etc. Immutability ensures that your “blood” set is exactly the same as it was when you sent it to the storage – fully compatible with your business.
Further reading How to Meet Cyber Insurance Requirements with MSP360 Immutable Data Backups
Immutable Data Backups: How they Work
When you choose to create an immutable backup, you enable object lock. Object lock prevents a dataset from being altered within a given period of time. During this time, the dataset is WORM-protected, which means that it can be read, but nothing can be written to or deleted from this set. After the retention period expires, the lock fades and the backup dataset loses its immutability. Of course, you can set an indefinite period, but the relevance of data decreases with time, so there aren't many cases when it is worth keeping the data forever.
Immutable data backups are bulletproof to ransomware attacks because the data that was backed up can’t be altered. There’s always a guaranteed clean copy for recovery if your entire environment is hit by ransomware.
How Immutable data Backups Work in MSP360 Managed Backup
In MSP360 Managed Backup, immutability is supported for Amazon S3, Wasabi and Backblaze B2 storage providers.
How to Enable Immutability (Object Lock) for Amazon S3
To create an immutable backup in MP360 Managed Backup, you need an Amazon S3 account. You can use an existing bucket with an enabled object lock feature inside your S3 account or create a new bucket inside the MSP360 Managed Backup control panel. To do this, proceed to the Storage / Storage Accounts section, choose an AWS account, and click the gear icon. Here, you can add a new bucket with immutability enabled or edit an existing bucket.
You’ll see the confirmation message. Read it, mark the I Confirm Enabling Immutability check box, and click Confirm.
You can check whether or not you switched it on in the Audit Log section on the Organization tab.
How To Enable Immutability (Object Lock) for Wasabi
To create an immutable backup in MP360 Managed Backup with Wasabi, select the existing account or create a new one in the MSP360 Managed Backup control panel.
To add a new destination for immutable data backups with Wasabi, click Add Destination Bucket or edit an existing destination. In the Destination Bucket section, fill in the required data and tick the Allow Immutability box.
Depending on preferences, the dataset can be totally invulnerable to any changes or can be modified by users with specific permissions. These modes are called “Compliance” and “Governance”, respectively. The “Compliance” mode provides full immutability; even a root user cannot modify the protected data within the retention period you specify. The “Governance” mode allows alteration with permission; it can be used for testing immutability or when you want to protect backups from “regular” users, not admins. By default, immutability in MSP360 Managed Backup works in Governance mode.
How to Enable Immutability (Object Lock) for Backblaze B2
To create an immutable backup with Backblaze B2, go to the Storage tab, Storage Accounts section and either create a new backup destination or edit the existing one. You can enable immutability in the Destination Bucket section by selecting the Allow Immutability option.
By default, immutability in MSP360 Managed Backup works in Governance mode (the one that allows modifying with specific permissions), but you can change this later.
The next step is creating an immutable backup. In the Remote Management section, click the gear icon of the computer for which you want to create an immutable backup, then click Show Plans.
Choose a backup plan type and click Try New Format. Follow the wizard instructions. In the Where to Back Up step, choose the destination with immutability enabled.
When you reach the Retention Policy step, switch on the GFS feature and specify periods of retention for daily/weekly/yearly backups. Please note: you need at least one full backup scheduled weekly (or more often) for GFS to work.
Click Enable Immutability and confirm that you want to make backups unchangeable. Continue with the plan and run it.
Now, all the backups that fall under GFS retention policy will be immutable for the period of time you’ve specified here. That means that, for instance, if you choose to keep two weekly and two monthly GFS backups, no one (unless they have specific permissions – for the “Governance” mode) will be able to modify these four datasets until their periods of retention expire. The weekly backup will lose immutability after a week, and the monthly – after a month.
Before the specified period of time expires, an immutable backup cannot be deleted, unless you delete your storage account completely. Bear this in mind when you plan your budget, as you pay for the space immutable data backups take up during this period.
MSP360 Managed Backup for Microsoft 365 and Google Workspace with Object Lock (Immutability)
We've also implemented the Object Lock (Immutability) feature for Microsoft 365 and Google Workspace Backup for AWS, Wasabi Hot Cloud Storage and Backblaze B2 to ensure that backup administrators have a robust data protection tool in place. With this feature, MSP360 Managed Backup strengthens protection against evolving security threats.
Read the most popular articles
Before our last words here, explore cost-effective backup solutions, what is remote monitoring management, why Amazon's EC2 and S3 are fundamentally different types of service, how to resize partitions on Linux, how to retrieve Amazon Access Key ID and AWS Secret Access Key, an overview of SQL server backup types, what is backup software and an article highlighting a comparison: Exchange Online vs. Exchange On-Premises.
MSP360’s Approach to Ransomware Protection
Immutability provides a high security level but it is not the only MSP360 feature that protects your data within the solution. MSP360 was designed to secure your data from ransomware and other threats. To name just a few options:
- Two-factor authentication. With this, you can prevent unattended access to the MSP360 Managed Backup control panel.
- IP Allowlisting. You can ban any IP but yours from access to the console.
- Different permission levels. Limit access to certain sections or settings in the MSP360 control panel for sub-admins and users.
- Restricted access for endpoint users. If a backup is not immutable, a user might delete something just by mistake. In Settings/General Agent Options, you can disable data deletion for your users or even choose not to show them the agent at all.
- Encryption and passwords. Encrypted data is much harder to steal.
- Activity logs. A system of logging and reporting allows you to keep an eye on everything that happens with your backups.
Keeping your data safe is our job. Immutable data backups are another great addition to our security feature set. With immutability, your backups are even more protected, and it ensures that, in the event of a disaster, you’ll be up and running in a short period of time. Start using MSP360 Managed Backup to enable immutable data backups and prepare for any kind of cyberattack. Should you have any questions, please contact us.
- Cloud and local backups protection
- Backup and recovery operations
- How to use backup software to centralize backup operations