Skip to main content

I sort of understand backup and recovery...but if you have data, you have data, no? What were the reasons you use a backup or recovery service? I don’t understand what problems it might solve

Hello
I m note sure to understand your question :D 
You mean why do you need backup ? 


@Stabz Yea - what does it actually do for an organisation to have backups? I can only assume it’s my own ignorance on this topic, but I assume if you have data - you have data.


You can lost your datas with a disaster like hardware failure,fire or by an cyber attack, your datas could be encrypt by a ransomware, you will have your datas but they ll be unreadable.

The only solution to find back your production it’s to have a disaster recovery plan. 

You can find some very good informations about the 3-2-1 backup rule here:
https://www.veeam.com/blog/321-backup-rule.html


@Stabz If you have an attack like a ransomware attack, isn’t that payload sitting on the backup?


@Stabz If you have an attack like a ransomware attack, isn’t that payload sitting on the backup?

You have several options to protect your backups (Immutability, Offload to a Service Provider, Tape, etc.)


@cymon But if you have immutable backups, aren’t you just making whatever is on the backup immutable? So if a payload is sat there or the datas encrypted, you can’t restore


@Stabz If you have an attack like a ransomware attack, isn’t that payload sitting on the backup?

I can see why you’d think this, but thankfully proper backup solutions don’t do this.

 

Within Veeam you have a retention policy. You keep ALL backups for either X number of days, or Y number of backups.

 

Say you keep backups for a week, and you backup every day. And then 3 days later you get ransomware’d, you would restore your data from the day before and you’ve then got your data back. This doesn’t tackle questions of HOW you got attacked as that’s another issue entirely, but your data isn’t lost which is a fundamental starting point. If you don’t have your data, you don’t have your business.

 

To pivot the question to what about your backups getting encrypted, this is why you:

  • Shouldn’t join the backup solution to your domain, to prevent domain compromises from impacting your backup solution
  • Should have an “immutable” or “offline” backup. Immutable backups are ones where you can write the data somewhere, such as AWS S3 or Azure Blob, and tell them to not let the data be modified until X days later. So you can’t delete or Ransomware the data. Offline backups could be USB drives that are unplugged or a tape that isn’t in the tape drive.

As for if the payload is within your backups, assuming these are server backups and not backups of file shares, you can start your server backups in isolation, such as a virtual server with no network access, or using Veeam’s secure restore to scan your backups for viruses before recovering.


Backup is only one part, it is also important to protect the backup infrastructure itself as good as possible, as well as to make regular restore tests to ensure that in case of a restore the data is recoverable.

With Veeam, backups can also be scanned for malware with an up-to-date virus signature before a recovery.


Yep you should design your backup infrastructure to be secure by design (Veeam Servers should not be in production Domain, apply the 3-2-1 backup rule, apply hardening etc...)

Your backups are your last defense in case of a disaster. 


Immutability means that your backups cannot be deleted prior to a defined retention time. The data is readable the whole time. An attacker can delete your production data, but not the backups. So, you can restore your production from the backups.

 

I think you question is about service providers, correct?

The big advantages of a service provider for your backups are:

  •  you have no work with the backups.
  • the service provider is under normal conditions an expert for backup/restore and disaster recovery, not every company will have an expert for these topics.
  • the data is copied to the service providers infrastructure (in case if Cloud Connect) and is completely separated from your infrastructure. There are mechanisms like Insider protection that prevent even employees to delete your backups completely.

Hi….I’m sure you’re a clickbait…. but you’re right... backups don’t help if you have servers in a box


@cymon @Stabz @JMeixner @MicoolPaul @Andanet Thank you, I really appreciate the feedback and help


Hi @mudbed, there are numerous reasons for this and the list goes on,, and on! All answers above are correct. But I think in a nutshell,  the purpose is to create a copy of data that can be recovered in the event of a failure. Having backup in place will help your BCDR practices by minimising the effect of disruptions etc. I think you will find these links interesting: https://www.veeam.com/data-backup-recovery.html#:~:text=It%20enables%20an%20organization%20to,ransomware%20protection%20and%20data%20security

Let say you wish to protect M365, In this link, you will find numerous reasons to.

For the best recovery service, use VEEAM! You can read more here: https://go.veeam.com/veeam-vs-competition#:~:text=Veeam%20provides%20Modern%20Data%20Protection,settle%20for%20legacy%20backup%20solutions


You can start here by downloading the VEEAM BACKUP & REPLICATION COMMUNITY EDITION from this link and also learn about the its capabilities.


Comment