For most organizations, data sits at the heart of their infrastructure. In the case where the live production data is tampered, ransomed, or lost, data backup is vital for survival of the organization. There is a strong emphasis on adding layers of protection to back up data. Backup Exec already offers encryption for data at rest as well as ransomware resilience solutions to protect the storage data against unauthorized access.
Even though multiple levels of protection play their role in securing the backup data, security threats are evolving and continue to find gaps in an organization’s security proving that data security is difficult for both administrators and users. This is where Object Lock is a welcome addition. Object Lock enables customers to send backup data to Write-Once-Read-Many storage devices and offers data immutability and indelibility for a defined period.
Adding Object lock to an organization’s backup policy offers many advantages and some of the key ones are listed below:
Ransomware Protection
Ransomware attacks typically attempt to modify the data by encrypting it. Object Lock prevents any attempt to modify, encrypt, or even delete the data, thereby maintaining the integrity of data and helps organizations to recover data quickly with minimal disruptions.
Internal Data Security Threats
Internal data security threats, such as data theft, data sharing, data tampering, use of unauthorized devices, or even accidental deletion are factors that threaten an organization’s data security. Since the data protected by Object Lock is immutable, it safeguards the data even under such an environment.
Meeting Regulatory Compliance
Organizations have a need to demonstrate their ability to selectively retain or delete data according to the compliance and legal requirements mandated by their industry. Object Lock plays a vital role in meeting these expectations by offering Object-level retention control.
Backup Exec Object Lock support
Backup Exec 21.4 has introduced the Object Lock support feature that offers the ability to add additional security to backup data leveraging immutable storage by adding the retention lock capability to its backup policy. So far, the retention of backup data was associated with the backup set instead of the storage. With this release, the same retention is now extended to WORM-capable storage media.
Leveraging the OpenStorage model
Backup Exec has always supported many storage platforms and continues to offer heterogeneous support for immutable storage across different OST vendors. Given the nature of OpenStorage interface, as and when multiple OST vendors start to support immutable storage devices, Backup Exec can extend support to them automatically with minimal or no changes.
Backup Exec 21.4 release has added Object Lock support for Data Domain and AWS S3 via Backup Exec Cloud Deduplication (MSDP-C) as shown in Fig. 1. Most notably with MSDP-C, customers get the ability to store immutable backups with the same deduplication efficiency in the cloud that customers get on-premise.
Immutable Storage Configuration
Configuring immutable storage is no different from regular storage. Backup Exec 21.4 automatically detects WORM enabled storage devices and reflects the WORM capabilities in the device properties page as shown in the Fig.2.
Backup Retention Lock
When a backup job is configured to a WORM enable storage device, the backup job properties give you an option to Enable Retention Lock for backup sets created by that job. As shown in Fig. 3, you can define the retention period for which the backup set is locked both at the Backup Exec level as well as the storage level.
Until the time the retention period expires, the backup data can neither be modified nor deleted. When the amount of time to keep the backup data expires on the backup set level as well as the storage device level, data lifecycle management (DLM) deletes the backup set and the data according to its rules and frees the disk space.
The Object Lock feature introduced in Backup Exec 21.4 allows you to minimize ransomware attacks and simultaneously aids in meeting the regulatory compliance requirements. It does this in a simple and easy way of leveraging the OpenStorage technologies that are already in place allowing you to focus on other related tasks.
And finally, it represents a continued commitment from Backup Exec to bring incremental improvements to new features that are released based on your feedback.
If you are not a Backup Exec customer, you can learn more about the solution at the following link: www.backupexec.com
Related articles:
Backup Exec Ransomware Resilience
