Can “backup in a box” replace air-gapped immutable solutions?

By Michael Kedik, Xigent VP Offering Management

Backup Storage

2021 has been the year of the cyber security boogeyman. According to Gartner’s latest Emerging Risks Monitor Report, the threat of “new ransomware models” has surpassed all other concerns as the top worry of senior executives.

Many IT leaders understand that their organizations need immutable backups, untouchable repositories that can be used to recover critical data and applications. It can be tempting to look at “backup in a box” solutions that promise un-erasable copies at a fraction of the price of an air-gapped backup system.

However, before you build your cyber security and resiliency strategy around one “set it and forget it” piece of hardware, there are a few factors you need to consider:

  • Is your backup data being kept onsite? Some vendors promote “immutable” backups that are just snapshots of your data, kept on a local storage unit. Hardware can fail and the worst can happen. If your snapshots can be destroyed by physical damage, like natural disaster or mechanical failure, you’re at risk.
  • Do you know if your data has been compromised? Some ransomware strains target backup files and encrypt your backup data first, making it useless for recovery. Your files can be infected for days, weeks, or even months without your knowledge. If that data in the “backup box” is not validated, you don’t know if it can be used to restore or replicate.
  • Who can access your backup repository? Cybercriminals have grown more sophisticated in their attacks and will take advantage of weaknesses in your network to target your backups. Insider threats, non-segmented networks, zero-day operating system vulnerabilities, and unprotected management interfaces can leave your backups vulnerable. For real protection, you need a copy that is segregated from your company—your employees and network—otherwise known as air gapping.
  • Is your backup and recovery solution being regularly tested? A recent national survey showed that only 35% of organizations test their recovery plan. And of those who test, 63% fail that test. Chances are very good your IT team isn’t testing your backup and recovery solution, which means you don’t know if it will actually work when you need it.

Xigent’s IT consultants can help you evaluate your backup and disaster recovery plan, helping you evaluate your cyber security liability and technology solutions.

Request an Immutability Consultation