I’m terrified of our backups being wiped out along with our primary data during a ransomware event. We currently use an on-site NAS for our backups. If an admin account is compromised, the attacker could easily delete our entire history. What are the most reliable methods for creating "Immutable Backups" that can't be modified even by someone with full administrative access?
3 answers
To protect against ransomware, you need to implement the 3-2-1-1-0 rule: 3 copies of data, 2 different media types, 1 offsite, 1 immutable (offline), and 0 errors. For immutability, look into Object Lock technology provided by cloud providers like AWS S3 or Wasabi. Once a backup is written with a lock, it literally cannot be deleted or changed by anyone, including the root user, for a set period. On-site, you can use a Linux-based hardened repository. The goal is to create a physical or logical "Air Gap" so that your recovery path remains clean regardless of how deep the infection goes in your main network.
Are you testing your "Restore Speed" regularly, or are you only focused on the storage part of the backup process right now?
Use Multi-Person Authentication (MPA) for your backup deletion tasks. It requires two people to approve a delete request, preventing a single compromised admin from causing total data loss.
Adding a second set of eyes to critical deletions is a simple but incredibly powerful layer of defense that many companies overlook until it's too late.
Michael, that's where most people fail! We realized that while our cloud backups were safe, it would take us 14 days to download everything over our current internet connection. We’ve since moved to a hybrid model where we keep a "Snapshot" on a disconnected local drive for the first 24 hours, and then ship the older data to the immutable cloud. This gives us the speed for small restores and the absolute security for a total disaster. Testing a full recovery once a quarter is the only way to sleep soundly.