LTO storage, while capable of high single stream bandwidth, does not support multi-streaming which can impact backup windows and restore performance. However, certain object stores may provide air gap capabilities (❖)įile-systems are the highest performance targets often designed purely for performance. Object stores are designed to be online and backed by disk, so they are not air-gapped. LTO is designed to be a “read only”, write once medium making it immutable. It has an added advantage in that this immutability can be turned off if needed if backup copies need to be deleted.įile-systems are always online and do not provide any kind of air-gapping capabilities. While object storage is built on disk (++ some exceptions exist), most provide immutability or an “object locking” capability. However, LTO immutability is less flexible than object storage. ZFS), it is not a default feature in most file systems. While some file systems support immutability (e.g. Public (AWS S3, Google Cloud, Azure Blob, Wasabi, Seagate LyveCloud etc.) This enables a stronger level of protection against multi-location attacks. Geo-Spreading : In addition to making multiple copies, certain backup targets can manage multiple copies across multiple geo-spread locations. Snapshots are also a key feature enabling “rollbacks” to a good restore point in case of a ransomware attack. This form of maintaining multiple copies is often more efficient than backup app-based multi-copy creation. Multiple Copies or snapshots : While backup apps can make multiple copies, certain backup targets have a built-in ability to replicate data. Hence, the backup target must allow for direct access to the backup copy without lengthy wait times for restores. Rapid access : In case of a ransomware attack, the ability to quickly access and verify that the backup copy is complete and accessible is essential to determining if the ransom demand should be paid.
If backup targets cannot support parallelization (multi-streaming, multi-threading), backup performance can be impacted thus leaving data vulnerable. While air-gapping is an important capability, it also implies that in case of an attack, the backup data is more difficult to verify.īackup & Retrieve Performance : The ability to support high-performance backups ensures that backup windows are met and data is properly backed up.
Object storage) can ensure that your backups complete on time.Īir-gapping : Air-gapping is a term made popular recently referring to disconnected or on-the-shelf media that cannot be altered by malicious software like ransomware. A high performance backup application paired with a high performance backup target (e.g. With growing amounts of data, it is important to employ a backup application that can regularly finish backups in the desired window. LTO in addition to object storage which allows for multi-location replication. It is a good idea to have a copy on an “air gapped” medium e.g. Having a backup application make multiple secondary copies is essential in guaranteeing that recovery is possible. Much like any data loss scenario, ransomware affects primary data copies. This can be invaluable in detecting that a ransomware attack is in progress. Backup applications that allow for a “percentage change threshold” will not perform the backup if the incremental change is greater than the threshold.This can serve as an early warning sign of an attack. However, when ransomware strikes, there will be a spike as a large number of files will be encrypted and get picked up for backup.
For example, it can be expected that after the first full backup, incremental changes will be in the 10%-15% range. Incremental backups tend to be consistent in terms of change percentages.
Backup applications work by performing an initial full sync and then incremental backups after that.Ensure your backup application can roll back individual files and more importantly entire volumes to a previous point in time. Snapshots can be enabled via backup apps or via the backup target. Snapshots are also critical to recovering from a ransomware attack. Thus, if you get hit by ransomware, the encrypted files will not be picked up ensuring you have clean backups with ready restore points. *.jpg, *.jpeg, *.bmp etc.) ensures that only those files will be picked for backup. For example, if your job is backing up image files, then having a whitelist of image files (e.g. A backup application that supports ransomware whitelists ensures that only those file types that need to be backed up are protected. Locking ransomware works by encrypting your files to a new file-extension.