Immutable Backups
A-to-Zerto Glossary of Terms
Overview
Immutable backups describe a type of data backup where the data is unchangeable and cannot be deleted. Data has become a rich target for attackers, and even your backups can be encrypted or deleted during attacks. Immutable data is critical when you are creating a backup or disaster recovery plan, particularly when ransomware strikes.
What Are Immutable Backups ?
An immutable backup features immutable data, meaning data that is an unalterable state. Data is said to be in WORM format (write once, read many).
Traditional data backups are not always effective when you are trying to restore data that has been attacked (since the backups may have been attacked as well). Immutable backups can protect from various planned and unplanned events:
- Viruses
- Ransomware
- Planned outages
- Natural disasters
- Accidental or planned deletion
What Is Backup Immutability?
Backup immutability is about securely storing data that cannot be modified or deleted for a set period. Once past that retention period, the immutable backup can be replaced.
This characteristic provides the ability to manage the backup infrastructure, in terms of storage volume and cost, while ensuring the integrity of the data, making it an effective defense against ransomware and malicious tampering, as attackers can't alter the backups to compromise data recovery processes.
Access to Immutable Data Copies with Zerto
Your organization will inevitably be hit by ransomware, so you need to be prepared. Ransomware attackers are hoping that you are unprepared: they hope that your legacy recovery solutions are still in place and inadequate to the task of recovery.
As mentioned above, it is possible that even remote recovery data could be targeted by ransomware. Zerto provides the option for immutable replicas that cannot be encrypted or corrupted by ransomware and are always available for recovery. This option, combined with Zerto’s continuous data protection, can help you prepare for a ransomware attack in the future.
Zerto offers an extended journal copy on AWS S3 storage or on Azure blob storage, that includes immutability.
You can also achieve data immutability with Zerto Cyber Resilience Vault, an offline, locked-down vault that combines Zerto’s recovery software with the power of HPE Alletra Storage MP, HPE ProLiant servers, and HPE Aruba Networking.
Achieving Data Immutability with Zerto
Zerto Cyber Resilience Vault
FAQs about Immutable Backup
Generally, yes. Immutable backups are considered safe from ransomware because they are designed to be unalterable and tamperproof, using write-once, read-many (WORM) principles. However, attackers have, in some cases, found ways to remove immutability by manipulating the systems the backups reside on.
To ensure maximum protection, organizations should retain one copy that is both immutable and isolated (air gapped) to guarantee access for recovery. For this reason, the traditional 3-2-1 backup rule is often updated to the 3-2-1-1 rule:
- 3: Keep three copies of your data.
- 2: Store copies on two different media types.
- 1: Keep one copy offsite.
- 1: Ensure one copy is both immutable and isolated.
If both immutability and isolation aren't feasible, prioritize immutability to safeguard data integrity.
According to a survey conducted by IDC1, 48% of organizations who paid a ransom did so despite having good backups. Even with good backups, the top reasons for paying the ransom were being able to recover more data and a faster recovery time than recovering from backup.
Although an immutable backup can be safe from attackers, traditional backup technologies are not always enough to prevent data loss or recover quickly enough in an attack. Organizations should consider cyber recovery solutions like cyber vaults with fast recovery times in isolated, cleanroom environments.
Source:
1.https://www.zerto.com/page/idc-the-state-of-disaster-recovery-and-cyber-recovery-2024-2025/
An example of an immutable backup is Amazon S3 Object Lock, which allows organizations to store data using WORM policies.
A backup is a copy of data, generally in the form of a large data file. A backup file can typically be made immutable by the storage on which it resides either by file-level or container-level policies. Immutability is sometimes called a WORM state that is protected for a period of time during which the locked state cannot be shortened or removed.
The main difference between regular backups and immutable backups lies in the protection against modification or deletion, which enhances resilience to threats like ransomware or insider attacks.
Here's a detailed comparison:
Regular backups | Immutable backups | |
Protection against ransomware | Vulnerable to encryption or deletion by ransomware, which can render recovery impossible. | Ransomware cannot encrypt or delete immutable data. |
Compliance and governance | Suitable for general backup and recovery needs but may not meet strict regulatory requirements. | Meets stringent requirements (e.g., GDPR and HIPAA). |
Configuration and management | Easy to configure with flexible policies. | Requires up-front planning, as policies like retention periods typically cannot be shortened once set. |
Other Resources
LATEST FROM ZERTO SEE ALL
Resource Center
Discover and access content from Zerto and 3rd parties (IDC, Gartner, ESG, etc.) related to Backup & Recovery.
As World Backup Day Turns 10, Here’s Why It’s Still As Important As Ever
Reflection on the last 10 years over backup technology and the pace of business evolution.
Data Protection Blog
Get information related to data protection in this dedicated blog category.
What is Zerto?
Learn about Zerto and how it can help you solve your data protection and recovery challenges.