1. Are we following the 3-2-1 rule of backups?
Think of it as the golden rule for backups: three copies of data on two different media types with at least one offsite. In practice, this often means one backup is stored on local hard drives, a second committed to tape and a third stored offsite and in the cloud.
DISCOVER: Protect your organization's data against future threats.
But Jamie O’Hearn, technical partner manager for Veeam at CDW, suggests adding a fourth digit: zero. As noted by O’Hearn, “zero refers to zero errors — and speaks to the ability of companies to complete a secure backup process.” Veeam’s Secure Backup offering allows enterprises to conduct a full virtual restore on demand to ensure written backups are recoverable.
2. How are we securing data backups themselves against attack?
It’s also critical for companies to consider how backups themselves are secured against a potential attack. O’Hearn points to two common options: the write once, read many method, or WORM; and immutable object storage.
Used in tape storage, the WORM approach “means data can’t be overwritten or deleted. Ransomware can’t change the tapes.” Immutable object storage, meanwhile, is managed by a cloud service provider and delivers the same effect in practice: Data can only be read, not written. Companies can set up a cloud storage bucket with built-in immutable object storage; Veeam improves the operation by empowering companies to point specific backups at particular buckets and then sets clearly defined termination dates.
3. Are our data backups clean?
Backups only deliver protection against ransomware if they’re clean and uninfected. As a result, companies must regularly scan backups to ensure they haven’t been compromised. Veeam’s Secure Backup and Restore solutions use multiple third-party anti-virus platforms to verify the absence of malware. “If ransomware is detected,” says O’Hearn, “end users can either abort the restore process or restore it into a secure, isolated virtual environment.”