Securing backups – The choice of storage

      No Comments on Securing backups – The choice of storage

Preamble

In my previous article, Backup Security-Why Choose On-Premise Object Storage, I talked about why choosing on-prem object storage has become so important.

Now, for this second article in the series about backup security, I will look at what other options we can offer our customers.

Intro

When starting a new project for a client, the first thing we ask ourselves is: what does he need and what is he asking for?

As solution architects, we have to work like tailors creating a tailor-made suit.

There’s no one ‘solution’ per se, but rather guidelines that help us keep a clear head about what needs to be done in each case.

When designing backup solutions, it’s essential to have a storage solution that extends its horizons toward security.

Hacker attacks are always increasing and they’re using new ways to get hold of and profit from sensitive company data. These attacks will mainly target backup data and try to avoid recovery without paying the ransom.

So data protection standards just aren’t enough to keep data safe, and we need to find new ways to make sure it is.

One of these is the 3-2-1 backup rule, which has evolved into the 3-2-1-0 method.

There’s one condition that says you have to store at least one copy offline, or if you’re a fan of the cloud, it has to be immutable, meaning you can’t modify it at all.

But now, the new thing is to make sure that copy is kept offline, i.e. on your own production site.

So, how can we guarantee that this copy won’t be modified?

So, there are different solutions, like using a hardened repository, physical storage with S3 protocol,  immutable snapshots for deduplication storage or doing a WORM copy.

Look the solutions

Let’s take a look at them in this table:

Solution Pros Cons
Hardened Repository
  • It’s got high physical security, like being isolated from the network, and logical security, like multi-factor authentication.
  • The operating system keeps things permanent by being immutable.
  • Cost: If you’re looking to save some cash, a high-density server with XFS is a great deal.
  • Limited scalability: It can become expensive and complex to scale the infrastructure to handle large volumes of data.
  • Physical access: Requires physical access to retrieve data when needed.
  • Complex management: Managing a hardened repository can be complex and requires a skilled team.
S3 Storage appliance
  • Flexibility: Thanks to the interface and use of the S3 protocol, it is compatible with many backup software.
  • Scalability: Can be easily scaled to handle large volumes of data.
    Integration with cloud solutions:
  • It can be used to replicate data to the cloud for greater protection.
  • Tech startup and maintenance costs: you’ve got to think about the costs of investing in it and keeping it up especially in the case of scalability.
  • Risk of data loss: Physical storage can be subject to physical damage, natural disasters and/or theft.
Deduplication Immutable Snapshots 
  • Efficiency: They are part of the software and take up little space thanks to deduplication.
  • High costs: Deduplication storage has high acquisition costs.
  • Deprecation from best practice: In fact, to date it is not recommended to be used as the primary write tier of backups.
WORM (Write Once Read Many) Magnetic tapes:

  • Advantages: High capacity, low cost per gigabyte, long-term reliability.
  • Disadvantages: Sequential access (slow search operations), technological obsolescence.

Optical disks

  • Advantages: High data density, resistance to physical damage and heat.
  • Disadvantages: Limited capacity compared to tape, slower write speed and higher cost per gigabyte.

Solid State Storage (SSD) WORM

  • Advantages: High performance, low power consumption, longer life than mechanical disks.
  • Disadvantages: Higher cost, lower capacity than tapes.

Cloud storage WORM

  • Advantages: Infinite scalability, accessibility from anywhere, high availability.
  • Disadvantages: Dependence on cloud provider, potential recurring costs (Egress).

Solution selection

So, what’s the best solution for the customer? Well, that depends on a few things. First off, it depends on the infrastructure size and how much data needs to be protected. Then there are other factors to think about, like security requirements, how easy it is to add more data if the solution can easily integrate with the current infrastructure, and the in-house skills of the IT team. And of course, the budget is important too.

Once we’ve got all this info, we can cut the best solution for the customer and suggest it based on everything we’ve learned.

We’re also good at offering advice as well as simple implementation. You can combine several solutions, carry out regular tests to make sure the backups are usable, and make sure that all implementations comply with the regulatory requirements based on customer’s sector.

So, to sum up, choosing an on-prem immutable copy solution means thinking carefully about what you need.

If you need any more details or want to chat about the best solution for your infrastructure, just give me a shout. I can set up some POCs with a bunch of different object storage options and show you how they work and how they integrate with some of the most popular backup software out there.

 

Post Views: 33