During our live Q&A in June discussing the top 10 takeaways from VeeamOn 2021, we heard over 200 great questions! Here are some of the most common questions our audience asked about backup and disaster recovery technology and trends and the answers that can help you build a more secure IT environment.
Q: What is an immutable backup?
A: An immutable backup is a copy of data that is read-only and cannot be deleted or changed. No one, not even an administrator or threat actors, aka “bad guys”, can make changes to it. And that’s important because ransomware is increasingly targeting backup data so “immutability” ensures you’re protected.
Q: What do you need besides an immutable backup to make sure data is always recoverable?
A: An immutable backup is only one piece of a strong security and disaster recovery strategy, which includes:
- Asset management: Organizing and prioritizing your company’s digital assets are critical to protecting data and making sure it is always available.
- Passphrases vs. passwords: Strong passwords (i.e., no passwords like “123456” or “password”) are essential to security. However, long passwords can be hard for employees to remember. Passphrases make it easier for employees to use and harder for hackers to figure out.
- Multi-factor authentication: Hackers can steal passwords through phishing, brute force attacks that use a computer to figure them out, or by other means. Multi-factor authentication requires a user to provide at least one other way to confirm their identities – such as a security token or biometric data – to gain access to the network.
- Next-generation firewalls: Firewalls inspect and control traffic in and out of your network, but a next-gen firewall includes additional features that keep malicious traffic out, such as intrusion prevention (IP), deep packet inspection (DPI), and advanced threat protection.
- The Principle of Least Privilege: It isn’t necessary for everyone to have administrator privileges on IT accounts. Only grant the required level of permission for employees to do their jobs – and if an account is compromised, the hacker won’t have admin privileges either.
- Security awareness training for end users: Protecting data and your business requires more than deploying technology. Each employee needs to understand threat actors’ tactics and how to avoid becoming one of their victims.
Q: How do different “tiers” of data work?
A: We’re often asked how to “tier” backups to meet various levels of RTO and RPO.
- Recovery Time Objective (RTO) is the greatest amount of time that your business can withstand after an outage so that there is minimal impact on your operation.
- Recovery Point Objective (RPO) is the amount of data your business could lose and have the ability to re-create as needed so that there is minimal impact on your business.
Those metrics will become smaller for mission-critical workloads and data.
Establishing “tiers” for your data and workloads helps you decide which workloads to “replicate” (constantly copying somewhere else), which simply to backup nightly (pretty much everything), and what data belongs in long term, cheap, archival storage.
Q: How can you convince management to follow the 3-2-1 Rule?
A: The 3-2-1 Rule is:
- Always keep three copies of your data.
- Store data on two different types of media.
- Make sure one copy is off-site.
With ransomware and other types of malware becoming more common, best practices for backup includes an additional 1 and 0 to the end of the rule:
- Make sure one copy is offline.
- Verify that backup copies have zero errors.
In the past, organizations justified their decision not to follow this rule based on budget concerns, but the average cost of a ransomware attack, including downtime and IT repairs, is now close to $2 million. This far exceeds the cost of ensuring you always have an uncompromised copy of your data using the 3-2-1-1-0 Rule. With massive ransomware attacks continually making the news, your business’ management team should see the value.
Q: Can you back up a hybrid environment with just one software?
A: Yes! We use Veeam to protect our clients’ IT environments, and it’s specifically designed to back up cloud, virtual, SaaS, Kubernetes, and physical data workloads.
Whether during a webinar or just when you have questions, Virtual Systems is always here to help. For answers to your questions about protecting data, contact Solutions@vsystems.com.