In January's webinar on the 23rd, Object First speakers Geoff Burke, Community Manager, and Matt Price, Solutions Content Manager, demoed how Ootbi (Out-of-the-box immutability) enhances backup security. Geoff and Matt specifically discussed Ootbi’s integration with Veeam and highlighted the features related to Identity and Access Management (IAM) and Security Token Service (STS).
Here's an overview of the demo's highlights:
The live session opened with a brief introduction to Object First and its purpose-built appliance, designed from the ground up to work seamlessly with Veeam software. Our star product, Ootbi, is anchored by three core pillars: security, simplicity, and performance.
Security: Ootbi operates on a hardened Linux backend with built-in immutability and ransomware protection. Users leverage the proven S3 protocol for data integrity. The design eliminates vulnerabilities associated with traditional setups, where user access and command lines can introduce risks.
Simplicity: From unboxing to operational readiness, Ootbi is pre-configured according to Veeam’s best practices. Users can rack and stack within 15 minutes, minimizing the potential for operational errors. Plus, anyone can do it—you don’t have to be a security or Linux expert.
Performance: Ootbi ensures high performance needed for Veeam functionalities. With flash caching and smart object storage API integration, the appliance supports fast data ingestion and recovery, enabling processes like instant recovery and running multiple VM operations concurrently.
Advancements in IAM and STS
A significant portion of the webinar was dedicated to demonstrating how IAM and STS can enhance backup security, particularly in multi-tenant environments.
IAM/STS Overview: IAM and STS offer enhanced permission management for Veeam Agent backups, allowing for greater control over who can access what data. Geoff’s demo illustrated the risks associated with sharing credentials across users, which could expose sensitive information. The solution is to use STS to provide secure, temporary credentials, ensuring that even if a user’s account is compromised, the attacker cannot access other users' data.
Practical Demonstration: Geoff’s demo also displayed configuration of different access permissions to the object storage repository through Veeam, proving the importance of using IAM STS for secure access. He revealed how incorrect configurations could lead to unauthorized viewing of sensitive backups—even more reason for stringent access controls.
Disaster Recovery (DR) Testing
A key takeaway from the webinar was the importance of regular DR testing to ascertain that backup solutions can be effectively utilized during a disaster situation without compromising production systems.
Read-Only Access for Testing: The session discussed implementing a read-only policy for object storage buckets, enabling DR testing without risking ownership conflicts with a production server. Doing this instills confidence that during a crisis, recovery efforts will be successful and non-disruptive.
To Wrap Up
All in all, Burke and Price gave powerful recommendations for backup and disaster recovery. They encouraged users to employ a 3-2-1 retention strategy, in which users maintain multiple copies of data across different locations—keeping one backup immutable and separate from on-premises (or change to on-site) data.
Object First focuses on making data protection simple and secure. As ransomware attacks get more frequent and destructive, the need for strong backup solutions to protect data will only grow stronger. We encourage organizations to take proactive steps to protect their data while ensuring that the backup process is user-friendly and efficient.
Want to watch the recording? Check it out here on the Object First YouTube channel, along with additional resources related to Veeam integration and IAM/STS capabilities.
