If you’ve invested in a backup appliance you may feel that your data is secure and protected. Yes, focusing on a backup and recovery strategy is a vital component of ensuring business availability and resilience. So, kudos to you for implementing this important data protection step. In fact, you’re already well ahead of the game, particularly if you backup data daily. Less than 10% of businesses report backing up data each day.
However, simply backing up data to an appliance that is within your own domain may still be putting your critical information at risk. It may seem like keeping your data close to you inside your own firewall is a safer and more controlled approach to data protection and retention. But you may want to think again.
Backup Data is a Threat Target
The risk of ransomware breaking into your domain is high. Black Hat reports that 67% of organizations believe they’ll experience a major security breach within a year. If your backup data is retained on the same domain as your users and other applications and services you risk the contamination of your backup data as well as your production data in the event of a ransomware attack.
It is also important to note that backup data is a high value target for cybercrime. Threat actors know that if they can hold your backup data hostage, it eliminates your ability to use it to recover and you’ll likely be even more motivated to pay the ransom.
This is an important point when developing your business continuity strategy. Simply put, if you can’t use your backups to restore your environment, especially if ransomware hits, what good is performing backups in the first place?
What are the points of vulnerability that make keeping your backup data inside your domain a dangerous decision? First, it’s where you also hold all of your user names and passwords. If your backup data lives in the same domain with your user credentials, you may just give cyber criminals the keys to your data kingdom. An advanced threat can easily break in, poke around and find all the necessary details needed to unlock data retained in your backups.
Furthermore, backups inside your domain are also inside the same authentication domain as all of your users. It would be exceptionally easy for ransomware to bypass your authentication measures once inside your environment.
Getting inside your environment is also easy, particularly today with more remote users accessing your environment from unmanaged networks and devices. This increases the attack surface for ransomware to break through and once in exposes your backups and prevents recovery.
Additionally, there is very little “air gap” between your production environment and backup appliance when you retain them both in the same domain. This increases the ease and speed of ransomware to penetrate your valuable protected data.
Finally, beyond ransomware there is still the risk of a single point of failure. Even if you use a local backup appliance that aggregates backups and sends them in chunks to the cloud, any device failure brings scheduled backups to a halt. According to Small Business Trends there are 140,000 hard drive failures weekly in the U.S. alone, so this risk isn’t small.
Backup-as-a-Service: A Secure Alternative
For the most secure data protection and backup strategy, consider implementing a backup-as-a-service (BaaS) solution. Here data is flexibly and securely protected with the off-site remote backups you need to defend against ransomware while also meeting compliance and business continuity requirements. BaaS will give you the protection of a wide “air gap” between your domain and your backup data so ransomware can’t easily hop from your production environment to contaminate backup data. Plus, data is secured behind a dedicated host and separate authentication process so security breakthroughs are next to impossible.
Make your backup process truly valuable by defending your backup data from ransomware contamination so that is ready and available to restore when you need recovery most. Don’t place data at risk in your own domain, consider BaaS as the alternative to ensure you are protecting data with ultimate reliability.
For more information visit the Veristor website.
Image licensed by freepik.com