Integrated Appliances VS. Target Repositories
Integrated All-in-one Backup Appliance versus separated Target Repository.
It’s the age-old dilemma of ease of use versus security. This tug-of-war will probably continue forever, but the stakes have recently grown even higher regarding your Data Protection environment.
Ransomware and breaches have become daily news. Where IT viruses and malware were once considered nuisances, they now continuously pose critical risks to businesses.
Today’s devastating combination of ransomware, data exfiltration, and other breaches often threatens a business's very existence.
This is no longer a situation where you want to sacrifice security for ease of use and convenience.
The Problem with Eggs and Baskets
The old saying goes, “Don’t put all of your eggs in one basket,” which applies to the world of data protection even more now than ever.
In today's new reality, the statement is not “if you get hacked” but “when.”
However, there is no need for despair. Proper planning, increased awareness, and adherence to the ever-evolving philosophies and procedures of defense can keep your data safe and protected.
Veeam is helping drive better cybersecurity best practices, and its new Zero Trust Data Resilience (ZTDR) philosophy proves they have increased focus on the ever-changing attack landscape. ZTDR is based on the Zero Trust maturity model and expands those concepts into Backup Software and Backup Storage.
The Zero Trust framework comprises several tenants, one of which is the concept of segregation. To protect your data protection setup effectively, you must separate the elements on which it is built. No building is completely impenetrable, but some are much easier to get into than others, and if you have more buildings, the thief’s task is made significantly more difficult.
Separated Vs. Integrated
It is important to remember that the Veeam Backup Repository is the crown jewel of every data protection setup. You can afford to lose everything except the Veeam repository and its backups. All-in-one backup appliances significantly increase your exposure in the case of a breach.
A Veeam Backup repository that has been completely separated from the rest of the backup components must also be hardened. This means removing all unnecessary software components and closing all ports that are not required to transfer the backup data securely.
An integrated backup solution, or, stated differently, an all-in-one setup, has a large attack surface by its very nature. Backup management and countless other software components must reside in the same box, significantly easing an attacker’s task. It is like one of those superstores that has everything. Get through the door, and all that you need is at your fingertips.
The Hypermarket store concept of “get everything in one place” is better suited to grocery shopping than data protection.
While ransomware and other malicious threats constitute a considerable risk for an all-in-one backup appliance, traditional dangers to your data, like physical disasters, also pose a risk for the all-in-one. Don’t put all your eggs in one basket, or you may end up with a big mess on your hands.
No one likes a mess! What then should organizations do to follow proper Zero Trust? Is there an easy way to implement this and equally as important keep it Zero Trust, since the attack vectors keep changing and evolving.
The answer is in fact a simple one, separate your VBR server from your storage and make certain that the storage you are using for your backups is as secure as possible.
An Object First backup repository (OOTBI) marks all the checkboxes for a secure zero trust backup equation. Secure, Simple and powerful. There is no access to root with only minimal access for the secure transfer of your backup data. It also provides immutability so even if you are breached the bad actors will not be able to delete your backups. Best of all, you don’t need to be a security expert to keep up with the constantly evolving threats. Object First will do that for you.