For years, cybersecurity experts have talked about the importance of robust data backup environments for protecting organizations from ransomware attacks. But as hackers have grown more sophisticated, there is increasing concern that they will simply find a way to access backup environments, leaving organizations no way to restore their data without paying a ransom.
This fear is sparking greater interest in immutable storage, which creates backups that cannot be altered or deleted for a set period of time, even by authorized users. In the event of a ransomware attack, organizations can restore their environments from their immutable backups, allowing them to resume their normal business operations.
“Immutable storage has been around a lot longer than ransomware, and it was originally designed to prevent any kind of accidental or purposeful destruction by internal users,” says Phil Goodwin, a research vice president at IDC. “But it really has taken on a renewed importance with regards to ransomware because it provides some level of protection against the bad guys making changes to the data or deleting it.”
Ransomware Attacks Are Now Ubiquitous
According to a new report from Veeam, 85 percent of organizations suffered at least one cyberattack in the past 12 months. Of those hit by ransomware, only 16 percent were able to recover their data without paying a ransom. And, of the 80 percent that did pay a ransom, only around 75 percent of these companies were actually able to recover their data.
While immutability can be applied to data stored on a variety of platforms — including tape, disks and solid-state drives — it often is used to make cloud backups invulnerable to deletion. In addition to protecting organizations against cyberattacks such as ransomware, immutability can be used to ensure that data is held for a certain period of time to comply with legal or regulatory requirements, to provide a documented chain of custody for important data, and to simply safeguard data backups against equipment failure and human error. Immutable storage options are offered by most major storage and backup solution vendors, including Acronis, Commvault, Veeam and Veritas.
The percentage of organizations that suffered at least one cyberattack in the past 12 months
Source: Veeam, “2023 Global Report: Ransomware Trends,” May 2023
How to Get the Most From Immutable Storage Providers
Goodwin notes that only about 20 percent of data within most organizations is truly valuable, and he says that IT leaders typically apply immutability only to this more sensitive information. It is important, he says, for organizations to ask probing questions of vendors to make sure that their immutable storage options will fully meet their needs.
“One of the biggest things that people miss is that immutable storage is not always truly immutable,” Goodwin says. “There can be workarounds. Immutability is driven by specific time periods, and if someone can do something as simple as going in and changing the system clock, then the data is no longer immutable. It also might be possible to compromise credentials and change the policy on immutability. Then, the bad actor — whether it’s an internal or an external threat — can just change the policy, and the data can be deleted.”
One of the biggest things that people miss is that immutable storage is not always truly immutable.”
Research Vice President, IDC