What does immutable really mean?

We know immutable storage is an effective defence against ransomware, but is all immutability made equal?

Definition: unchanging over time or unable to be changed.

Immutable storage is data that once stored, cannot be modified, moved, or deleted.

The idea of immutable storage is actually nothing new. In fact, we’ve been using the WORM (Write Once Read Many) method of storing data since the days of tape and punch sheets before that. There are several use cases for immutable storage from legal hold archives in eDiscovery to backup.

What are immutable backups?

Today, you’ll hear immutable storage talked about mostly within backup and recovery.

An immutable backup (a backup that cannot be deleted or altered) serves as invaluable protection in the event of a ransomware or malware attack. Ransomware encrypts data and deletes the original files. To recover, it’s critical that backups can’t also be encrypted or deleted. Immutable backups stop this as they don’t allow data to be changed in any way.

However, immutable storage doesn’t mean your backups are infallible. Stolen credentials, disgruntled employees and privilege escalation are all potential security risks that immutable backups alone cannot protect against.

How do you make your backups immutable?

There are two places you can set immutability: at the backup software level and at the storage level. There are strengths and weaknesses of each approach.

Immutability set at the backup software level

Strengths

  • Protects against deletion and expiration of backups within the timeframe set

Weaknesses

  • Backup administrators can delete or expire backups
  • Ransomware attacks can encrypt backups through privilege escalation

Immutability set at the backup storage level

Strengths

  • Protects against ransomware, disgruntled backup admins, stolen admin credentials and privilege escalation

Weaknesses

  • Cloud data can still be destroyed by deleting a cloud account, disgruntled cloud admins or stolen cloud credentials
  • On-premises data can also be destroyed by storage administrators

There is a common downside of setting an immutable storage policy, either at the software or storage level - it will increase how much data is stored. Once the pre-defined period is set, you are committed to that policy.

What is an air gap?

Another method of making backups immutable is to introduce an air gap.

An air gap is a physical space separating parts of the network. This makes it impossible to connect to backups from the production environment.

Tapes had an air gap built-into their process. They were removable storage media so when they were taken to off-site storage, there was always a physical air gap preventing that data from being changed.

When the industry moved to disk and cloud backups, the physical air gap was lost and a logical air gap was introduced instead to keep backups isolated and protected. You can create that logical air gap with network segregation and isolated storage accounts.

Why you need immutable backup  

With the ever-increasing number of ransomware attacks, immutable storage is an essential arm of your security strategy.

As we’ve seen, there are benefits and risks to immutability set at the backup software level and storage level.

Now hopefully you can go on to make an informed decision in what immutability features will work best for your organisation.