Immutability Explained: What Does It Really Mean?

By Josh Winters, Xigent Service Delivery Consultant

Immutability. What is it? Why does it even matter? At a time when ransomware attacks have pushed security to the forefront of IT strategy, immutability is a buzzword for technology vendors and cyber liability insurance companies. Let’s break down the basics:

What is immutability?

A definition: an immutable repository protects your data against tampering, modification, or deletion by bad actors. Quite simply, it’s a backup storage copy of your data that is untouched and can be used to recover critical data and applications—no matter what happens. If your data can be read, but not updated or deleted, it’s saved and safe.

Why is this important?

Very few organizations are running without backups, but what happens when your backup data is compromised? Without a proper immutable backup solution, you can lose your backup repository. Cybercriminals are now targeting your backup data first as part of their ransomware attacks, using weaknesses within your solutions to modify, encrypt or delete your backup data. Once your backups are unusable, they can go after your production data and send you a ransom demand, knowing that you are in a difficult position and more likely to pay.

What about air gapping?

A well-designed and protected system requires air gapping: an off-site file system with separation of management to isolate and protect your data. That way, if a disgruntled employee or cybercriminal has administrator account access to your backup, air gapping protects that backup by making sure no one can hit delete, modify, or suddenly add encryption to your data, making it impossible to access.

How can this affect my cyber liability insurance?

Cyber liability insurers are increasingly requiring that your backups are protected with an air gap to get coverage. Not all immutability solutions are equal. Your solution may be enough to get coverage, but not necessarily guarantee a payout. If you fall victim to a cyberattack and your insurer determines your solution wasn’t as protective as it should be, you won’t get the insurance payout that you thought you were entitled to. 

Can I create an immutable solution myself?

The best immutable solutions are managed, maintained, and credentialed separately from your regular production environment, requiring you to move beyond self-administered options. A strong third-party partner provides not only a separate, offsite location for your data but also can handle monitoring and restoring that data if needed.

Xigent’s IT consultants can help your organization design, test, and manage a backup and disaster recovery solution that includes true immutability to protect your data and ensure business continuity—even if the unthinkable happens.

Request an Immutability Consultation