On-Premise Backup Repository

Does your on-premise backup repository have truly immutable properties? If your data can essentially be edited or modified-in-place, with or without admin credentials, then your underlying storage is effectively “mutable”!

Our Cloudlake^® Rapid Recovery Vault powered by Scality ensures data can be secured at the all-important hardware appliance level, not just the application level. Most so-called “immutable” solutions are useless if a threat actor gains access to admin credentials. True immutability provides a critical last line of defence against ransomware attacks and data loss by preventing any alteration or deletion of data. Hence the requirement for on-premise, immutable repositories to provide improved RTO for critical data.

Why Cloudlake^® Rapid Recovery Vault?

In the event of a ransomware attack, the first course of action is to disconnect from the outside world whilst implementing your recovery strategy. This typically results in a lack of external connections for 5-10 days, often increasing RTOs for critical data beyond an unacceptable level. If your only truly immutable backup is sitting within a cloud repository, this can result in even longer recovery times.

With backup repositories targeted in 93% of ransomware attacks, organisations are seeking reliable ways to mitigate risk, avoid paying extortionate ransoms, and maintain uninterrupted business operations amidst inevitable assaults on their data. An essential way to do this is to protect their backups with immutability the second they are written.

Cloudlake’s Rapid Recovery Vault powered by Scality offers the optimal balance of security, performance, and ease of use. It’s the most secure, efficient, and simple target for Veeam backups.

What is True Immutability?

Immutability is great in theory. Unfortunately, in practice most “immutable” backup solutions fall short of delivering on the promise of truly ransomware-proof protection.

The reasons for these failures are varied: some systems make data immutable with scheduled, periodic snapshots that leave open windows of vulnerability; other solutions fail because they implement immutability only at the API level, but not in the underlying architecture. Simply put, they’re attempting to build an immutable backup system at the software level, but implementing it on top of a core architecture that isn’t itself intrinsically immutable. This creates multiple viable avenues for a skilled attacker to bypass the system’s defences using common tactics like privilege escalation and time-shift attacks.

Designed to provide the strongest form of immutability plus end-to-end cyber resilience, our Cloudlake Rapid Recovery Vault (RRV) powered by Scality is the only solution that safeguards data at five core levels for unbreakable protection against evolving cyberthreats.

1. API-level resilience – by mimicking application commands, ransomware attackers attempt to encrypt, modify, or delete stored backups. Cloudlake’s RRV stops these attacks in their tracks with support for S3 Object Locking APIs, ensuring backups are immutable the instant they’re created.
2. Data-level resilience – while application-level immutability provides powerful defence against ransomware, it can’t prevent data exfiltration attacks or other malicious access on the network or by unauthorised admins. Cloudlake RRV thwarts would-be attackers with advanced data-at-rest encryption, user authentication, secure connections and more.
3. Storage-level resilience – if attackers can’t defeat higher-level defences, they may attempt to penetrate the system below the API layer in order to modify data on the physical disk drives themselves. With Cloudlake RRV, the success of these low-level attacks is virtually impossible thanks to distributed erasure coding technology that renders data indecipherable.
4. Geographic-level resilience – data stored within a single location is particularly vulnerable to cyberattacks. Even air-gapped systems can be breached by attackers with unauthorised physical access, or destroyed by fires, flooding, or other natural disasters. To eliminate the risks of single-site backup storage, Cloudlake RRV employs replication for mirroring of data across data centres and enables easy multi-site deployment for application-managed replication.
5. Architecture-level resilience – storage solutions designed before the ransomware era can be defeated by attacks below the API, network and administrative layers. Cloudlake RRV is true object storage solution that’s intrinsically immutable, meaning data is always preserved in its original form once stored. A security-hardened operating system mitigates the impact of common vulnerabilities and exposures.

Cloudlake^® is a registered trademark of Autodata Products Limited.