In the event of a ransomware attack, the backup data is crucial for recovery. Therefore, the security of the backup environment requires special care. Last year’s events have shown that backup servers and their data storage can be attacked in a systematic approach and thus become inoperable. Once the backup data and/or metadata are encrypted, it is no longer possible to restore the production environment.
The following points will help you to quickly evaluate existing backup environments for possible risks. The primary aim is to increase the security of the system through configurations and processes. An investment in additional storage or other hardware is not the focus here.
- The backup server and repositories should not be in the same domain
- Check backup admin roles and permissions (do not manage everything via one account)
- Backup service accounts should only have the essential permissions
- Check the password strength
- Is the backup data stored in a third copy (3-2-1 rule) on secure storage (tape, object storage)?
- Store the third copy on S3 storage in the cloud (public/private)
- Review and assess the protection of the backup metadata and perform a backup test if necessary
Further steps should then be considered in detail, depending on the backup software used. The manufacturers offer different options for further securing the backup environments. This also includes evaluating the storage systems you are using (block, file, object, tape). The SVA Software, Inc. specialists can assist you effectively in these areas.