Protecting backups from ransomware (Backup to Basics)
The latest in our Backup to Basics series is about making sure hackers don't delete, encrypt, or exfiltrate your backups as part of a ransomware attack. (Our Backup to Basics series reviews topics from Curtis' latest book Modern Data Protection, which you can download at druva.com/e-book.) We talk about how and why hackers are specifically targeting your backup system to either disable it or use it as a source for exfiltration. Then we talk about a number of things you can do to defend your backup system against these attacks. This is our most important episode in a while.
Mentioned in this episode:
Interview ad
On this episode of restored all we're talking about how to secure your backup
Speaker:data, to make sure that it doesn't get attacked in a ransomware attack.
Speaker:Hope you enjoy.
Speaker:The episode.
W. Curtis Preston:Hi, and welcome to Backup Central's Restore it All podcast.
W. Curtis Preston:I'm your host, W.
W. Curtis Preston:Curtis Preston, a k a, Mr.
W. Curtis Preston:Backup, and I with me, a guy whose only major flaw is that he
W. Curtis Preston:won't go see scary movies with me.
W. Curtis Preston:Prasanna Malaiyandi.
W. Curtis Preston:How's it going?
W. Curtis Preston:Prasanna.
Prasanna Malaiyandi:I am good, Curtis.
Prasanna Malaiyandi:I, yeah, I'm not a big fan of scary movies, especially on a large screen.
Prasanna Malaiyandi:Um, I don't like, I know some people like you love it, but it's just I don't
Prasanna Malaiyandi:find joy in watching a scary movie.
Prasanna Malaiyandi:I do remember in college watching the Ring.
Prasanna Malaiyandi:On a big screen.
W. Curtis Preston:That movie messed with my head.
W. Curtis Preston:I remember coming home and asking someone to take my picture.
W. Curtis Preston:And saying, is there a thing in the picture?
W. Curtis Preston:You know, I was scared.
W. Curtis Preston:I was scared to take the picture.
W. Curtis Preston:Yeah.
W. Curtis Preston:That movie, that was, that was a fun movie.
W. Curtis Preston:Um, it really kind of messed with your head.
Prasanna Malaiyandi:And you just saw a scary movie just recently.
W. Curtis Preston:Yeah.
W. Curtis Preston:It, it,
Prasanna Malaiyandi:Well, I wouldn't know if I'd called
W. Curtis Preston:movie per se, it's more like a thriller.
W. Curtis Preston:Um, It's called the Menu and it stars.
W. Curtis Preston:Uh, Ralph finds, um, a k a Voldemort, and uh, Anya, the girl from the Queens gambit.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, and some other, other character actors that you may be familiar with.
W. Curtis Preston:Um, and, uh, it, it's, it's a movie that I, I enjoyed the movie.
W. Curtis Preston:I will just say this, um, trigger alert for those who are bothered by such things.
W. Curtis Preston:It does contain suicide.
W. Curtis Preston:Um, having said that, um, within the context of the show, it, it was a
W. Curtis Preston:significant part of the storyline.
Prasanna Malaiyandi:Mm-hmm.
W. Curtis Preston:Um, and um, but having said that, it
W. Curtis Preston:was a really unique storyline.
W. Curtis Preston:That's a commentary on Modern Day Society.
W. Curtis Preston:You know, there's a class thing, there's a, there's a, yeah.
Prasanna Malaiyandi:It's not often that you come out of a movie and be
Prasanna Malaiyandi:like, oh my God, that was so good.
W. Curtis Preston:yeah, it was, it was, I really enjoyed it.
W. Curtis Preston:I was like, oh, that was, I, I thought the ending.
W. Curtis Preston:I don't know.
W. Curtis Preston:I think I would've done something slightly differently within the ending, but the um,
Prasanna Malaiyandi:That is why you are not the director, Curtis.
Prasanna Malaiyandi:We're the writer.
W. Curtis Preston:Yeah, that's why I'm not the director or the writer.
W. Curtis Preston:I, I was not the only one, by the way.
W. Curtis Preston:I read some reviews and stuff, and a lot of people felt the ending
W. Curtis Preston:was somewhat anti cli climactic.
W. Curtis Preston:But it was one of those movies where you're like, what?
W. Curtis Preston:What is over?
W. Curtis Preston:Like, it's one of those kind of movies, but everything all the
W. Curtis Preston:way up to that point I thought, I thought was really, really good.
W. Curtis Preston:All the actors are really good.
W. Curtis Preston:Um,
Prasanna Malaiyandi:never seen a Bollywood movie?
W. Curtis Preston:yeah, what's
Prasanna Malaiyandi:Where it's like anti-climactic at the very end.
Prasanna Malaiyandi:It's like they literally, a lot of the movies boiled the ending down
Prasanna Malaiyandi:to like the last like five minutes.
W. Curtis Preston:interesting.
W. Curtis Preston:Um, this one,
Prasanna Malaiyandi:Shrek, oh, you would be proud.
Prasanna Malaiyandi:Shrek.
Prasanna Malaiyandi:And I watched while you were watching this movie, Shrek and
Prasanna Malaiyandi:I watched a Bollywood movie.
W. Curtis Preston:Uhhuh,
Prasanna Malaiyandi:On Netflix and it was also suspenseful and kind of a comedy
Prasanna Malaiyandi:thriller ish, but I would say that they basically wrapped up all the entire
Prasanna Malaiyandi:movie in the last like five minutes.
Prasanna Malaiyandi:And then at the end, Shraddha and I were like, what did we just watch?
W. Curtis Preston:Interesting.
Prasanna Malaiyandi:because we, because it left so many things open at the end and
Prasanna Malaiyandi:we're like, did we just watch all of that?
Prasanna Malaiyandi:Just for that last closing part?
W. Curtis Preston:That's funny.
Prasanna Malaiyandi:it's like two and a half hours also, so,
W. Curtis Preston:Interesting thing about this movie is, you know, how the movie's
W. Curtis Preston:gonna end about halfway into the movie.
W. Curtis Preston:Like they tell you how the movie's gonna end.
W. Curtis Preston:Um, it's just how it gets there.
W. Curtis Preston:It, it, it's just was, was really good.
W. Curtis Preston:Um, so I recommend it.
W. Curtis Preston:Um, and, uh, you know, the, the
Prasanna Malaiyandi:are you and
W. Curtis Preston:saga continues.
W. Curtis Preston:What I.
Prasanna Malaiyandi:Are you and Jeff gonna talk about it on
Prasanna Malaiyandi:your next, on the other podcast,
W. Curtis Preston:know, he keeps threatening to record another
W. Curtis Preston:episode and then he doesn't do it.
W. Curtis Preston:But I'll , I'll take
Prasanna Malaiyandi:I think Curtis is calling you out here.
W. Curtis Preston:Jeff and I actually recorded a new episode this week, so look
W. Curtis Preston:for it at, The Things That Entertain Us podcast, wherever you listen to podcasts.
W. Curtis Preston:Today we're going, we're continuing in our backup to basic series, and we're
W. Curtis Preston:covering, again, we're covering the book, modern Data Protection on Hold.
W. Curtis Preston:For those of you watching this on backup central.com where you can watch the video
W. Curtis Preston:of Prasanna and I waxing philosophical.
W. Curtis Preston:Um, and, uh, you know, what we're doing is we're sort of going through the book and
W. Curtis Preston:just discussing, you know, some important topics that I, that I found in the book.
W. Curtis Preston:Um, and this next one is about protecting backup and archive data, which I
W. Curtis Preston:think we can all agree is important.
W. Curtis Preston:If you would like to download a free e-book copy of Modern Data Protection,
W. Curtis Preston:you can do so at druva.comâ slash ebook.
W. Curtis Preston:Uh, we have to protect it from a couple of different things, right?
W. Curtis Preston:We have to, mainly what I'm talking about in here is protecting
W. Curtis Preston:it against attacks, right?
W. Curtis Preston:Um, both attacks from like a, um, like a disaster type type attack.
W. Curtis Preston:But, but mainly what I'm talking about is protecting it from cyber attacks, which.
W. Curtis Preston:Um, I'm gonna have these same conversations over and over, so
W. Curtis Preston:sometimes I forget what we say here versus what I say other places, but
W. Curtis Preston:it, it is a well acknowledged fact that some of the largest of the ransomware
W. Curtis Preston:bad actors are specifically targeting backup systems in order to do the.
W. Curtis Preston:The extortion style of ransomware attack, and let me specify what I'm saying there.
W. Curtis Preston:So, you know, a, a bunch of companies started realizing that, well, if I just
W. Curtis Preston:get a decent backup in recovery and disaster recovery system, I can say, you
W. Curtis Preston:know, pound sand to the ransomware folks.
W. Curtis Preston:Well, the ransomware folks then said, oh, well, we'll show you.
W. Curtis Preston:And so they developed this, this exfiltration style, right.
W. Curtis Preston:and the um, The idea there is that they find databases and file
W. Curtis Preston:systems and spreadsheets and whatnot that contains sensitive data.
W. Curtis Preston:That could be two different things.
W. Curtis Preston:That could be your company secrets.
W. Curtis Preston:It could be your company plans.
W. Curtis Preston:It could be your 11 herbs and spices or your, your, um, You know, your
W. Curtis Preston:corporate plans for the next year, you know, um, but it could also be
W. Curtis Preston:secrets that are like embarrassing.
W. Curtis Preston:Uh, I think the best example of that, and I know we've talked
W. Curtis Preston:about it, is the Sony attack
Prasanna Malaiyandi:This is the one where someone broke in to the
Prasanna Malaiyandi:movie studios and got a bunch of emails talking about scripts and
Prasanna Malaiyandi:actors and all the rest of that.
W. Curtis Preston:and very, some, some, and not very, not very flattering terms.
W. Curtis Preston:Yeah.
W. Curtis Preston:So it could be that, right?
W. Curtis Preston:But the point is, there is no way to protect against that once the data's out.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:It's not like the other attack.
W. Curtis Preston:If you get the, the old school attack, if you had a good backup system, you're good.
W. Curtis Preston:It doesn't matter how good of a backup system you have, if the data is
W. Curtis Preston:exfiltrated, uh, you're gonna be forced to make some major, uh, decisions, right?
W. Curtis Preston:So, um, so what, what these, uh, ransomware groups have started
W. Curtis Preston:realizing is, they, uh, instead the, the people are starting to
W. Curtis Preston:harden their primary environments.
W. Curtis Preston:Right?
W. Curtis Preston:And so, but one, you know, you, you, you've heard me talk, did
W. Curtis Preston:I say one thing that has never changed in backup and recovery in
W. Curtis Preston:the world of backup and recovery?
W. Curtis Preston:Do you, do you know what it is?
W. Curtis Preston:I often say like the one thing that has never changed,
Prasanna Malaiyandi:that the junior person is always responsible for backups
Prasanna Malaiyandi:and recovery.
W. Curtis Preston:that is technically a cause of the thing of the thing that
Prasanna Malaiyandi:
Speaker:No one who cares about
W. Curtis Preston:no one wants to do the backups, right?
W. Curtis Preston:No one wants to raise their hand and say that they want to be the backup guy.
W. Curtis Preston:So why does that matter?
W. Curtis Preston:Well, it's because it means that, that it ends up being an
W. Curtis Preston:an or and an ignored system.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:and as a result, it means that it gets ignored by everyone,
W. Curtis Preston:including the cybersecurity folks.
W. Curtis Preston:Right?
Prasanna Malaiyandi:They're like, ah, that's just a systematic in the corner.
Prasanna Malaiyandi:It's fine.
Prasanna Malaiyandi:We don't care about it except it contains all of our data.
W. Curtis Preston:Yeah.
W. Curtis Preston:And depending on how, how you handle, um, things like encryption,
W. Curtis Preston:they may be able to unen encrypt.
W. Curtis Preston:Said backups and then, you know, get the keys to the kingdom.
Prasanna Malaiyandi:Yeah, and like you were saying earlier, Curtis,
Prasanna Malaiyandi:the fact that a lot of people focus on production systems harden
Prasanna Malaiyandi:them, but they may not always be considering these backup systems.
W. Curtis Preston:Right, right, right.
Prasanna Malaiyandi:Easy target.
W. Curtis Preston:Easy target.
W. Curtis Preston:And so you need to.
W. Curtis Preston:not be such an easy target, right?
W. Curtis Preston:It's like the old joke about the guy, two guys crossing a field and they
W. Curtis Preston:see, they see a bull and the guy says, you know, can you outrun that bull?
W. Curtis Preston:He said, Nope, I don't have to.
W. Curtis Preston:What are you talking about?
W. Curtis Preston:All I have to do is outrun you,
Prasanna Malaiyandi:You
W. Curtis Preston:So, so you just want to be less of an interesting
W. Curtis Preston:target than the person next to you.
W. Curtis Preston:So the, the first thing that we talk about in terms of protecting
W. Curtis Preston:backup data is encryption,
Prasanna Malaiyandi:Yeah, which everyone should be doing.
Prasanna Malaiyandi:Like if no, if you aren't doing encrypting your backups, I don't
Prasanna Malaiyandi:know what's wrong with you.
Prasanna Malaiyandi:Like even if it's not encrypted, honestly,
W. Curtis Preston:Tell us what you really think.
Prasanna Malaiyandi:No.
Prasanna Malaiyandi:, no, because encryption isn't some heavyweight thing that it used to be.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:You don't have to go physically encrypt your data as it comes out.
Prasanna Malaiyandi:You could do disc level encryption, right?
Prasanna Malaiyandi:There's so.
Prasanna Malaiyandi:Ways you could leverage encryption to fit into your environment.
Prasanna Malaiyandi:It should be a no-brainer that all your data at rest is encrypted.
Prasanna Malaiyandi:And in a lot of companies, right?
Prasanna Malaiyandi:If you wanna fit, be sort of like, uh, what is it?
Prasanna Malaiyandi:If you wanna look at HIPAA com, uh, readiness or other things, right?
Prasanna Malaiyandi:Other regulatory obligations.
Prasanna Malaiyandi:A lot of 'em say All your data at at rest should be encrypt.
W. Curtis Preston:Mm-hmm.
W. Curtis Preston:. Well, I, um, I do think, I do think backup page backup data should be
W. Curtis Preston:encrypted for this very reason.
W. Curtis Preston:Right?
W. Curtis Preston:And I'll give you different reasons for the different things, right?
W. Curtis Preston:So if it's, if you got a backup server on-prem and you're
W. Curtis Preston:storing your backups on a.
W. Curtis Preston:File system, you know, an NFS mounted file system.
W. Curtis Preston:Then if they're unencrypted, you know
Prasanna Malaiyandi:Everyone has access.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:Everyone has access to those backups and a lot of these PR
W. Curtis Preston:backup products they offer like to, to, to, so some of the backup products store
W. Curtis Preston:the backups, not in a backup format.
W. Curtis Preston:They're in native format, so you could just mount a disc, right?
W. Curtis Preston:Other backup products, put it in a backup format.
W. Curtis Preston:but they offer an ability to read that backups like it,
W. Curtis Preston:it's, it's for DR purposes.
W. Curtis Preston:So, so if you're not encrypting them, then you're just, you're
W. Curtis Preston:just asking for trouble.
W. Curtis Preston:So that's the disc side.
W. Curtis Preston:The second side will be the tape side.
W. Curtis Preston:So if you are, and believe it or not, many people are still making backup
W. Curtis Preston:tapes and they're making 'em primarily, I think for offsite, uh, storage.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:And so, And this is the, this is the one where I'm like,
W. Curtis Preston:if you are ma, if you are putting your company's like crown jewels onto a little,
W. Curtis Preston:you know, plastic tape and then you're handing it to a man in a van and you are
W. Curtis Preston:not at this point encrypting that data, you know, professional malfeasance at this
Prasanna Malaiyandi:Well, and I wonder, it's almost as if that should be like
Prasanna Malaiyandi:a default, you know, like you can't write data out without encrypting it,
Prasanna Malaiyandi:but I guess you have to deal with key management and all the rest of that,
Prasanna Malaiyandi:and so, , do you have flexibility to shoot yourself in the foot?
W. Curtis Preston:yeah, exactly.
W. Curtis Preston:Um, but I will also say this encryption is only good, is only as good as the
W. Curtis Preston:authentication and authorization and key management system that is connected to it.
W. Curtis Preston:And if you can easily defeat.
W. Curtis Preston:That, uh, system then, you know, and, and, and I mentioned, so for example,
W. Curtis Preston:I know we mentioned it on the podcast, please do not make your backup server
W. Curtis Preston:part of your, uh, active directory.
W. Curtis Preston:What, what is it, what is it called?
W. Curtis Preston:A cloud?
W. Curtis Preston:Just a domain.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, please don't do that.
W. Curtis Preston:, so the next term is one that we can debate.
W. Curtis Preston:Uh, and I, I honestly, I don't even need you.
W. Curtis Preston:I can debate it myself, right?
W. Curtis Preston:It's one of those where I go back and forth, um, you
W. Curtis Preston:know, and that's the term air.
Prasanna Malaiyandi:What is like air gap?
Prasanna Malaiyandi:Curtis?
W. Curtis Preston:well, well, there is, what was an air gap?
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:It's, and it is where it, it is from once we get the term.
W. Curtis Preston:So the idea was to put a gap of error between the protection
W. Curtis Preston:copy and the protected thing.
Prasanna Malaiyandi:Or, or since you're dealing with plumbing
Prasanna Malaiyandi:right now, since you're dealing with plumbing right now, right?
Prasanna Malaiyandi:You have an air gap normally, right?
Prasanna Malaiyandi:When you think about your dishwasher
W. Curtis Preston:Now you made me think about the dishwasher that
Prasanna Malaiyandi:or,
W. Curtis Preston:life a living hell.
Prasanna Malaiyandi:Fine.
Prasanna Malaiyandi:Or a toilet.
Prasanna Malaiyandi:How about that?
Prasanna Malaiyandi:that's actually technically a water gap, but
W. Curtis Preston:
Speaker:Don't, you're killing me.
W. Curtis Preston:
Speaker:Don't be, don't be bringing plumbing into this.
W. Curtis Preston:
Speaker:Um, anyway, yeah.
W. Curtis Preston:
Speaker:So you, you had to separate the, and it meant, again, it meant the,
W. Curtis Preston:
Speaker:it meant the man in the van, right?
W. Curtis Preston:
Speaker:You, you, you, you put some tapes in a box and you handed that box to a, you
W. Curtis Preston:
Speaker:know, a man or a woman, and then they got into a van and they took it someplace.
W. Curtis Preston:
Speaker:And in order to get to that thing, you needed to physically, Um, access it.
W. Curtis Preston:
Speaker:Right?
W. Curtis Preston:
Speaker:Which meant that if you were a hacker and you wanted to get to it, it,
W. Curtis Preston:
Speaker:it would be virtually impossible.
W. Curtis Preston:
Speaker:Not completely impossible.
W. Curtis Preston:
Speaker:There's no, there's no, cuz I remember,
Prasanna Malaiyandi:than cyber.
W. Curtis Preston:yeah, I remember for example, we would, uh, once a
W. Curtis Preston:year at an unannounced time, we would attempt to circumvent the security of.
W. Curtis Preston:Uh, storage fender and we would, uh, use really good like liars and whatnot.
W. Curtis Preston:And more specifically, we would use someone like me that they
W. Curtis Preston:knew, they knew the person.
W. Curtis Preston:And so they would go over there and they would, and we would just have
W. Curtis Preston:this really, really like elaborate.
W. Curtis Preston:Scenario that basically would want, would want the, it would make the
W. Curtis Preston:person that works there want to leave us alone in the vault with the tapes.
W. Curtis Preston:And at least once we were able to do that,
Prasanna Malaiyandi:Hmm.
Prasanna Malaiyandi:Was a person go, or did the person have to go through training, I guess.
W. Curtis Preston:Yeah, I don't, I, you know, honestly, I was so long ago, I don't
W. Curtis Preston:remember what happened to that, to that person who left us alone in the vault.
W. Curtis Preston:But, so that's what I'm saying.
W. Curtis Preston:It's not, it, it was never 100%.
W. Curtis Preston:Right.
W. Curtis Preston:Um, the, um, I mean, you've seen the movies, you know, I've
W. Curtis Preston:seen Oceans 11 and 12 and 13.
W. Curtis Preston:The um, but the problem is most of us don't use tape.
Prasanna Malaiyandi:Mm-hmm.
W. Curtis Preston:And most of us, or many of us don't even
W. Curtis Preston:use a data center anymore.
W. Curtis Preston:So this idea of putting a, an actual air gap between A and B is quite difficult.
W. Curtis Preston:And so we've sort of adopted or adapted to the, you know, the virtual air gap.
W. Curtis Preston:Right.
W. Curtis Preston:Um, the, um, Uh, so this is separated in as many ways as we can.
W. Curtis Preston:I don't know.
W. Curtis Preston:You want to talk about
Prasanna Malaiyandi:Yeah, and I think we talked about this on the episode about
Prasanna Malaiyandi:backups, or maybe it was restores, but.
Prasanna Malaiyandi:It's even though they are available online, right, that second copy,
Prasanna Malaiyandi:so it's not the same as having that tape in a vault somewhere.
Prasanna Malaiyandi:You wanna make that, make it as close to that as possible.
Prasanna Malaiyandi:And we totally get that.
Prasanna Malaiyandi:You still have to have connectivity, right?
Prasanna Malaiyandi:It's still gonna be up, but can you lock it down?
Prasanna Malaiyandi:Can you basically make that target as inaccessible as possible?
Prasanna Malaiyandi:Uh, to prevent it from being attacked by say, someone, um, gaining access
Prasanna Malaiyandi:to your backup source, right?
Prasanna Malaiyandi:And now they have access to your vault.
Prasanna Malaiyandi:Uh, some of the examples are if you're backing up in the cloud, right, put
Prasanna Malaiyandi:it in a separate account that no one has access to other than whatever
Prasanna Malaiyandi:is transferring the data, right?
Prasanna Malaiyandi:Make it in a different region.
Prasanna Malaiyandi:So it's not easily accessible.
Prasanna Malaiyandi:And there are many, many, many other things you could do as well.
Prasanna Malaiyandi:But those are just some of the example.
W. Curtis Preston:Yeah, I like if we're talking cloud, I like the
W. Curtis Preston:idea of putting it in a different region and a different account.
W. Curtis Preston:Right.
W. Curtis Preston:Um, because we're not just talking about hacking.
W. Curtis Preston:We're also, we also need to think about like, Disaster recovery
W. Curtis Preston:and things like that, right?
W. Curtis Preston:So again, O V H Cloud, we don't want to have that happen to us.
W. Curtis Preston:So we want to make sure that a copy of the backup data is, is well far away
W. Curtis Preston:from the thing that it's protecting.
W. Curtis Preston:And yeah, separate account in a much more limited, an account with much
W. Curtis Preston:more limited access, and you can.
W. Curtis Preston:Um, you can consider using immutable storage, but we're
W. Curtis Preston:gonna talk about that later.
W. Curtis Preston:But essentially, this is the, we, we separated as much as possible.
W. Curtis Preston:This is why, um, you know, one of your previous employers data domain, right?
W. Curtis Preston:And, and, and, All of those things, they would always talk about
W. Curtis Preston:replicating to another data domain.
W. Curtis Preston:And I always, I always remember thinking, well, if I'm replicating to
W. Curtis Preston:another data domain, it's essentially like in order to do that, I gotta
W. Curtis Preston:have it in the same like land.
W. Curtis Preston:Right?
W. Curtis Preston:Or, or at least it's gonna look like it's in the land.
W. Curtis Preston:Right.
W. Curtis Preston:Um,
Prasanna Malaiyandi:that's why they actually introduced a
Prasanna Malaiyandi:feature, specifically talking about data domain, right?
Prasanna Malaiyandi:Their cyber recovery solution.
W. Curtis Preston:Mm-hmm.
Prasanna Malaiyandi:that allowed for writing to a lockdown data domain that
Prasanna Malaiyandi:didn't have access from anywhere else.
Prasanna Malaiyandi:And going back to the point you were talking about, Curtis, okay, is it
Prasanna Malaiyandi:on the network and I can connect to it then, doesn't that make it open?
Prasanna Malaiyandi:And so what it would actually do is shut down network ports right
Prasanna Malaiyandi:outside of your backup windows, such that it's not available, or
Prasanna Malaiyandi:at least your attack surface is.
W. Curtis Preston:Could you delete the backups?
W. Curtis Preston:Was it.
W. Curtis Preston:Could you delete the backups once you send it to it via the backup interface?
Prasanna Malaiyandi:Typically no.
W. Curtis Preston:Okay.
W. Curtis Preston:Because that, cuz that would be, that would be an important part.
W. Curtis Preston:Right.
Prasanna Malaiyandi:It would also replicate like your
Prasanna Malaiyandi:backup environment, right?
Prasanna Malaiyandi:So you'd have your own backup server in that vault, if you will.
Prasanna Malaiyandi:So there's no connectivity to anything outside, because if there
Prasanna Malaiyandi:is, then you're just open to risk.
W. Curtis Preston:Right, right.
W. Curtis Preston:Um, yeah, so just like, so I've got a list here on virtual air gap here.
W. Curtis Preston:So I talk about disabling or impairing R D P.
W. Curtis Preston:Why does that matter?
Prasanna Malaiyandi:Ah, so many ransomware issues have happened.
Prasanna Malaiyandi:Rdp, which
W. Curtis Preston:what is R D P by the way?
W. Curtis Preston:Thank you,
Prasanna Malaiyandi:right?
Prasanna Malaiyandi:Which is how most people connect remotely to a Windows client.
Prasanna Malaiyandi:Um, most people forget to turn it off or they leave it on because it's just easier.
Prasanna Malaiyandi:They don't need to physically connect to it.
Prasanna Malaiyandi:Uh, The only downside is it's a big attack surface, and there are
Prasanna Malaiyandi:a lot of exploits using R D P.
Prasanna Malaiyandi:And so when you enable R D P, you're letting yourself or leaving yourself
Prasanna Malaiyandi:open to hackers and other exploits coming in, which could then move
Prasanna Malaiyandi:laterally across your network and take out other pieces of your environment.
W. Curtis Preston:Yeah, there is a way to automate sort of disabling and
W. Curtis Preston:enabling R D P, um, like on a large scale.
W. Curtis Preston:Um, I also talk about putting it in a different operating system, right?
W. Curtis Preston:Not using the same operating system for your backups in your
W. Curtis Preston:primary, uh, if that's possible.
W. Curtis Preston:I know that there's a lot of big window shops and they use windows.
W. Curtis Preston:Uh, backup servers.
W. Curtis Preston:I don't think that's a good idea.
W. Curtis Preston:Um, but you know, Um, and by the way, I, I forgot to throw out our disclaimer.
W. Curtis Preston:I'll throw out, um, Prasanna.
W. Curtis Preston:Prasanna.
W. Curtis Preston:And I work for different companies.
W. Curtis Preston:I work for Druva.
W. Curtis Preston:He works for Zoom.
W. Curtis Preston:And this is not a podcast of either company.
W. Curtis Preston:This is an independent podcast and the opinions that you hear are ours.
W. Curtis Preston:And, uh, be sure to rate us@ratethispodcast.com slash restore.
W. Curtis Preston:And, um, if you'd like to join the conversation, you want to talk.
W. Curtis Preston:What's going on in your world?
W. Curtis Preston:Uh, you know, whether you're, uh, you know, an end user.
W. Curtis Preston:If you're an end user, we really want to have you, you know, real
W. Curtis Preston:people that actually do backups out there in the trenches.
W. Curtis Preston:Weed.
W. Curtis Preston:You're, you're it, man.
W. Curtis Preston:No I do, uh, you know, as soon as I think about, um, Back when I used to
W. Curtis Preston:be the person in the trenches, like when I was a consultant, and I, and
W. Curtis Preston:I, I flashback to this one time where we were completely redoing the backups
W. Curtis Preston:of, I'll just say a large television station, like, like a national
W. Curtis Preston:television station, and I remember.
W. Curtis Preston:I remember that time when the, when the, the, the director of it basically said,
W. Curtis Preston:nobody's going home until this is done.
W. Curtis Preston:He literally, I mean, there's a long story following up to this, but he basically,
W. Curtis Preston:um, held us hostage in the data center and said, no one's going home until this,
W. Curtis Preston:this thing that you said is gonna happen.
W. Curtis Preston:You said it's gonna happen.
W. Curtis Preston:I'm like, yeah, but it's not gonna finish until.
W. Curtis Preston:10 30 at night, he's like, yeah, so we're not going home until it's done.
W. Curtis Preston:And I'm like, okay, well this is kidnapping, but whatever.
W. Curtis Preston:Um, you know, uh, so I think about stuff like that, right?
W. Curtis Preston:I think about those moments of terror.
W. Curtis Preston:But yeah, so I, you know, I wanna live vicariously through those who have
W. Curtis Preston:been through those moments of terror.
W. Curtis Preston:Um,
Prasanna Malaiyandi:interesting to learn like what the more recent challenges
Prasanna Malaiyandi:are in environments, because otherwise
W. Curtis Preston:That too.
W. Curtis Preston:Yeah,
Prasanna Malaiyandi:otherwise, how do you build great products, you know, or build
W. Curtis Preston:Exactly, exactly.
W. Curtis Preston:So what, what I was thinking about saying, which is what reminded me to do the
W. Curtis Preston:disclaimer, is just that, um, you know, one way to have a different operating
W. Curtis Preston:system is to use a SaaS provider.
W. Curtis Preston:Druva is not the only one, uh, but there are SaaS providers
W. Curtis Preston:that are cloud native or use.
W. Curtis Preston:Non windows, uh, tools that, um, you know, you do that.
W. Curtis Preston:Also, you, you gain the second thing that I list here, which
W. Curtis Preston:is about separating the storage.
W. Curtis Preston:Please don't, um, you know, we talked, we talked about that already,
W. Curtis Preston:the, these replication, right?
W. Curtis Preston:Uh, but the, um,
Prasanna Malaiyandi:but it's also like, don't use nfs.
W. Curtis Preston:Yeah, exactly.
W. Curtis Preston:Yes.
W. Curtis Preston:Don't use NFS as a way to back up to the server use.
W. Curtis Preston:There are ways to back up to, for example, a data domain box in other boxes
W. Curtis Preston:without exposing the backups via nfs.
W. Curtis Preston:Uh, I also talk about using object storage.
W. Curtis Preston:I'm a huge fan of using object storage.
W. Curtis Preston:Now, some of you go, well, object storage is too slow, to which I
W. Curtis Preston:say, then you're using it wrong.
W. Curtis Preston:Right.
W. Curtis Preston:Um, Druva uses object storage.
W. Curtis Preston:All our backups are on object storage, and we are not too slow.
W. Curtis Preston:In fact, we get into competitions all the time with these big
W. Curtis Preston:on-prem companies and we win.
W. Curtis Preston:And here we are, we're a copy in the cloud and they're an on-prem
W. Curtis Preston:appliance, and we win that restore test.
W. Curtis Preston:Object storage is not too stor slow, but if you, if you treat it like file system
W. Curtis Preston:storage, I think then it is, right?
W. Curtis Preston:If you put.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:all your backups in one object, right?
W. Curtis Preston:Tonight's, tonight's backup of server X is an image, and that
W. Curtis Preston:image becomes an object on, uh, s3.
W. Curtis Preston:Yeah.
W. Curtis Preston:Then it's gonna be slow, right?
W. Curtis Preston:Um, we talk about using aut storage.
W. Curtis Preston:We're gonna come back to that in a minute.
W. Curtis Preston:Um, that, that's an option that we talked
Prasanna Malaiyandi:And then,
W. Curtis Preston:S3
Prasanna Malaiyandi:yeah, and then your.
Prasanna Malaiyandi:And then your favorite topic is using tape.
Prasanna Malaiyandi:I know, Curtis, you always like to throw out the disclaimer.
Prasanna Malaiyandi:Actually, I should thank you because before this podcast,
Prasanna Malaiyandi:I knew very little about tape.
Prasanna Malaiyandi:Now I know just a bit more about tape, given the number of experts
Prasanna Malaiyandi:who've come on in talking to you.
Prasanna Malaiyandi:But yeah, it's
W. Curtis Preston:There there's no, there's no beating the tape when it comes.
W. Curtis Preston:That's an actual air gap.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:right?
W. Curtis Preston:If, if you, if you want a real air gap, I'm, I know there's challenges with
W. Curtis Preston:it, you know, uh, but there is, you know, there is, there is an air gap
Prasanna Malaiyandi:Yep.
W. Curtis Preston:Uh, and I already talked about using a backup service.
W. Curtis Preston:So let's talk about immutability.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:Um, this,
Prasanna Malaiyandi:Is it a made up word?
Prasanna Malaiyandi:It sounds a little like a made up word,
W. Curtis Preston:you know, this is another one of those things
W. Curtis Preston:where we have to go back in time.
W. Curtis Preston:Historically immutability wa it, it, it was like a legal term that you needed
W. Curtis Preston:to be able to prove that the thing you were presenting in court had not changed.
W. Curtis Preston:It was immutable.
W. Curtis Preston:That's all, you know, immutable just means cannot be changed.
W. Curtis Preston:So when you're, when you.
W. Curtis Preston:uh, you pres, you, you know, you have to preserve chain of custody and you
W. Curtis Preston:have to, you have to be able to say, or it's really helpful if you're able
W. Curtis Preston:to say, this email that I'm showing you is exactly the same email as the email
W. Curtis Preston:that we got five years ago from Steve.
Prasanna Malaiyandi:Yep, and nothing changed and no one had
Prasanna Malaiyandi:the ability to change it yet.
W. Curtis Preston:That's where we used to talk about immutability.
W. Curtis Preston:Now we talk a lot about it in terms of cyber attacks.
W. Curtis Preston:And I would add to that, we also talk about it in terms of things like bit rot.
W. Curtis Preston:We've talked about bit rot on this podcast where this is
W. Curtis Preston:silent data corruption, right?
W. Curtis Preston:That bits just flip underneath magnetic storage devices.
W. Curtis Preston:It's just the way they work.
W. Curtis Preston:and the, you know, and if, if you've got, if you've got a bunch of petabytes
W. Curtis Preston:of data, you got flipped bits in there.
W. Curtis Preston:It's just a matter of, it's just
Prasanna Malaiyandi:when you're gonna run across it, right?
W. Curtis Preston:yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, so, so when we talk about immutability, we say, well, we, if
W. Curtis Preston:somebody says they have immutable.
W. Curtis Preston:Backups or immutable storage.
W. Curtis Preston:What you're saying is stuff that gets put here can't be changed.
W. Curtis Preston:And here's the thing.
W. Curtis Preston:on how you look at it, it's complete nonsense.
Prasanna Malaiyandi:Because everything's just software.
Prasanna Malaiyandi:Anything can be cheap.
W. Curtis Preston:is changeable.
W. Curtis Preston:Give me a torch, I'll change that.
W. Curtis Preston:S o b, right?
W. Curtis Preston:Give me phy.
W. Curtis Preston:So physical.
W. Curtis Preston:All bets are off.
W. Curtis Preston:Everyone knows that, um, if it's something on a server that you can, that, that,
W. Curtis Preston:that is in your data center, that also, in my opinion, is not really immutable.
W. Curtis Preston:Um, because if someone has root, uh, on that server, they can wipe the server.
W. Curtis Preston:Uh, it's even built, like, you know, when we talk about immutable storage on
W. Curtis Preston:Lennox, it's not really that immutable.
W. Curtis Preston:It's it's immutable ish.
W. Curtis Preston:So, so why do I say, like, why do I talk about it if it's bs?
W. Curtis Preston:Well, here's the point.
W. Curtis Preston:Nothing was ever a hundred percent immutable,
Prasanna Malaiyandi:Even that document right, that you were talking about.
W. Curtis Preston:Yeah, exactly right.
W. Curtis Preston:As long as like if, if, if you put something on a a, a, a, right once
W. Curtis Preston:cd, uh, optical platter, right?
W. Curtis Preston:A worm tape, it's immutable to a point.
W. Curtis Preston:If you have physical access, it's no longer immutable.
W. Curtis Preston:You could, you could say from a legal standpoint, you could later, if you have
W. Curtis Preston:the same disc and you've preserved chain of custody, and you could say, we can
W. Curtis Preston:show that this disc was not destroyed, and we can show via these check sums and
W. Curtis Preston:whatnot, that the stuff that we're giving you is the stuff that we have before.
W. Curtis Preston:Saying that you've got a storage system that can't ever, ever, ever be changed.
W. Curtis Preston:Um, I would argue it's just nonsense.
W. Curtis Preston:Right.
W. Curtis Preston:So it's, it's a, it's a, it's a, it's a degree.
W. Curtis Preston:It's a what, what did we call it?
W. Curtis Preston:Like a, like a spectrum.
W. Curtis Preston:Thank you.
W. Curtis Preston:I knew there was a word in there.
Prasanna Malaiyandi:And even
W. Curtis Preston:prism is what was coming to mind.
Prasanna Malaiyandi:and even for those storage systems that have immutability,
Prasanna Malaiyandi:right, that are used for like financial records and everything else, a lot
Prasanna Malaiyandi:of that is certified by the storage vendors saying they have all the checks
Prasanna Malaiyandi:in place and all the rest, right?
Prasanna Malaiyandi:In the end it's all just software, right?
Prasanna Malaiyandi:So they've built in the, into the software, those checks to make sure
Prasanna Malaiyandi:that data cannot be deleted, right.
Prasanna Malaiyandi:And is present.
W. Curtis Preston:And the, and you know, after we're doing all this, like
W. Curtis Preston:we're gonna, I'm slamming it and then I'm gonna talk about how important it's
W. Curtis Preston:. But the other is, um, Uh, I'd say the, the one that I like the best right now
W. Curtis Preston:is like the, the object lock and s3.
W. Curtis Preston:And what I like about that is because it's, it is at least
W. Curtis Preston:physically separated from.
W. Curtis Preston:You.
W. Curtis Preston:Now, that doesn't mean that somebody can't go crazy in the AWS data
W. Curtis Preston:center and, and blow it up, but even that, it's built into that.
W. Curtis Preston:So it, it would have to be like, it would have to be a really concerted
W. Curtis Preston:attack to be able to attack multiple locations of S3 to be able to do damage.
Prasanna Malaiyandi:it's, it's not only multiple
W. Curtis Preston:is as low as, what's that?
Prasanna Malaiyandi:It's not just multiple locations of s3, but also
Prasanna Malaiyandi:they have to tack your primary site as well, so everything needs to be
Prasanna Malaiyandi:coordinated across multiple vendors and corporations, which will probably have
Prasanna Malaiyandi:their own security practices, et cetera.
W. Curtis Preston:this is, this is that, this is that, uh, spectrum, right?
W. Curtis Preston:I, I'd put, I'd put that and write, you know, worm tape, write once,
W. Curtis Preston:read, write once, read many tape.
W. Curtis Preston:Um, and then, and, and optical plat.
W. Curtis Preston:I put that on one end of the spectrum.
W. Curtis Preston:on the other put at the end of the spectrum is I would have unencrypted
W. Curtis Preston:backup stored on a NFS mounted storage system behind a Windows backup server.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:that's your spectrum.
W. Curtis Preston:So we wanna be closer to this end than that end.
W. Curtis Preston:Right?
W. Curtis Preston:Um, nothing is ever
Prasanna Malaiyandi:downsides.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:And there are some downsides to immutability too, right?
Prasanna Malaiyandi:Uh, you can't, like once the data gets written, you can't delete it
Prasanna Malaiyandi:before that time period typically.
Prasanna Malaiyandi:So there are some challenges as well.
W. Curtis Preston:So, um, so what we need to do, Is we need to, I, I think
W. Curtis Preston:there's multiple things there is that, um, we need to protect against access.
W. Curtis Preston:We need to protect against, you know, change deletion, corruption.
W. Curtis Preston:Um, uh, what was I, what was I talking about?
W. Curtis Preston:Um, bit rot, right?
W. Curtis Preston:So there are vendors out there.
W. Curtis Preston:they're like, well, we have a, append only file system, and and,
W. Curtis Preston:and we have data lock on the backups.
W. Curtis Preston:And so they say, we're immutable.
W. Curtis Preston:And, and I'm like, okay.
W. Curtis Preston:And, and they say because they're saying that like, you can't encrypt the backups
W. Curtis Preston:with a, with a ransomware attack.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:and I, and I go, that's good.
W. Curtis Preston:That's farther, that's, that's closer to the other one than the other ones.
W. Curtis Preston:But it's like, well, what about other things?
W. Curtis Preston:Right.
W. Curtis Preston:What about other types of attacks that attack the operating system itself?
W. Curtis Preston:Right.
W. Curtis Preston:You know, if if you gain privileged access to that server,
W. Curtis Preston:right?
Prasanna Malaiyandi:And I wanna clarify though, what you're talking
Prasanna Malaiyandi:about is someone who's written their own file system or is leveraging a file
Prasanna Malaiyandi:system on top of a standard server.
W. Curtis Preston:Yes.
Prasanna Malaiyandi:Not a storage appliance, because I think that's a
Prasanna Malaiyandi:little bit more, that's like further along in the spectrum, I would say
Prasanna Malaiyandi:like a purpose-built storage appliance
W. Curtis Preston:yeah.
W. Curtis Preston:So, okay.
W. Curtis Preston:So, so, so we got a couple different types of backup servers here, right?
W. Curtis Preston:So we got the purpose-built backup appliance of various
Prasanna Malaiyandi:flavors.
Prasanna Malaiyandi:Yep.
W. Curtis Preston:flavors.
W. Curtis Preston:Sure.
W. Curtis Preston:Um, and I would put them.
W. Curtis Preston:More immutable, right?
W. Curtis Preston:So immutable is supposed to be a binary condition, but I
W. Curtis Preston:don't see it as that, right?
W. Curtis Preston:So, um, I put it more immutable than I bought a box.
W. Curtis Preston:I installed Windows or Linux, and I install my favorite backups or software.
W. Curtis Preston:Why?
W. Curtis Preston:Why, why do you feel that way?
W. Curtis Preston:I agree with you.
W. Curtis Preston:Why do you feel that way?
Prasanna Malaiyandi:I feel that way because when it comes to that appliance,
Prasanna Malaiyandi:typically there's more things locked down.
Prasanna Malaiyandi:There's less configuration options, right?
Prasanna Malaiyandi:It's kind of purpose built for that reason.
Prasanna Malaiyandi:Versus when you're rolling your own, you have to worry
Prasanna Malaiyandi:about all those dependencies.
Prasanna Malaiyandi:What flavor of the OS are you taking?
Prasanna Malaiyandi:Are you running through all the security patches?
Prasanna Malaiyandi:Is it, are there any nuances in the way it's being deployed
Prasanna Malaiyandi:today that leads to security vulnerabilities and things like that?
W. Curtis Preston:Yeah, exactly.
W. Curtis Preston:And, and when you update those appliances, you update an
W. Curtis Preston:image which updates everything.
W. Curtis Preston:Versus if I have a a box, a Windows box, I gotta update Windows or Linux.
W. Curtis Preston:I've gotta make
Prasanna Malaiyandi:the backup
W. Curtis Preston:following the new security, then you gotta
W. Curtis Preston:update the backup software.
W. Curtis Preston:So, yeah.
W. Curtis Preston:And these are, and I would say that's, so I would say that the
W. Curtis Preston:appliances are more immutable than.
W. Curtis Preston:Than the build drill in box.
W. Curtis Preston:Um, and the, uh, but I, but I'm just gonna say that if you, if we're
W. Curtis Preston:talking physical access, I still, I'm gonna put a service like S3 or a
W. Curtis Preston:service like Druva that's up in the cloud, farther down the immutability
W. Curtis Preston:spectrum than a survey, than a server that is sitting in your data center.
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:And I think it's important because everyone is now doing virtualized, right?
Prasanna Malaiyandi:It doesn't matter if it's a physical server or a virtual server.
Prasanna Malaiyandi:Anything that's running on your infrastructure or in your
W. Curtis Preston:Right,
Prasanna Malaiyandi:is less secure in that immutability spectrum.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um, the, uh, yeah, I put in the book a lot of things are mislabeled, immutable,
W. Curtis Preston:uh, I just, again, it's a spectrum, but.
W. Curtis Preston:If, if all you're doing is writing backups to a Linux file
W. Curtis Preston:system with the immutability flag turned on, that is not immutable.
W. Curtis Preston:I mean, it's, it is more immutable than not But if I, but if someone
W. Curtis Preston:with root can and, and you gotta have someone with root, right?
W. Curtis Preston:So if a person with root can go in and unset all those immutability flag,
Prasanna Malaiyandi:It don't matter.
W. Curtis Preston:That's, I don't know.
W. Curtis Preston:That's just not, it's be, it's better than nothing.
W. Curtis Preston:Right?
W. Curtis Preston:So I, I don't want to be the, the, you know, perfect is the enemy of good or
W. Curtis Preston:whatever, but I, I don't need perfect.
W. Curtis Preston:And so I don't wanna say that that's crap, but I, I think it's, it's not as immutable
W. Curtis Preston:as those appliances that we talked about.
W. Curtis Preston:And I still think that a service where nobody gets access to your
W. Curtis Preston:servers is more immutable than that.
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:and I still want everybody to back up everything to Tape
Prasanna Malaiyandi:Oh, Curtis, you and
W. Curtis Preston:although I work at, I work at a tapeless backup company.
W. Curtis Preston:Um, so
Prasanna Malaiyandi:But, but here's
W. Curtis Preston:Go
Prasanna Malaiyandi:one thing I wanna ask, and I know we've
Prasanna Malaiyandi:covered this on prior podcasts.
Prasanna Malaiyandi:What are things that an admin can do to understand where on that spectrum,
Prasanna Malaiyandi:when someone says, when a vendor says immutability, what are questions
Prasanna Malaiyandi:that they should be asking to be able
W. Curtis Preston:a great question.
W. Curtis Preston:Who has root or admin, right?
W. Curtis Preston:Who has that and what controls are placed over that?
W. Curtis Preston:So, um, if it's an appliance, so like I, I know of like one company.
W. Curtis Preston:They do have root, they have a password, they have the root password
W. Curtis Preston:on your system, or they have the password to an account that has
W. Curtis Preston:a u i D of zero for those of you.
W. Curtis Preston:Um, which is essentially the same thing, but in order to log into that account,
W. Curtis Preston:they can't log into that account remotely.
W. Curtis Preston:You have to.
W. Curtis Preston:You have to do an SSH tunnel and all that stuff, right?
W. Curtis Preston:You have to open up a door for them to log in.
W. Curtis Preston:Um, you know, what kind of protections are put against that.
W. Curtis Preston:Uh, if the answer is it's just a local box and you're the one that has route,
W. Curtis Preston:or there's unprotected route access from someone, um, I just, I worry well.
W. Curtis Preston:you know, so if, if, if you or anyone in your ministry in your
W. Curtis Preston:place has root, that's not very immutable, it's better than nothing,
W. Curtis Preston:but it's not very immutable, right?
W. Curtis Preston:If you know root, like if, if, if you normally never log into
W. Curtis Preston:the system as root, right?
W. Curtis Preston:No one in your, you only at you, you go to a ui, you log it as you, right?
W. Curtis Preston:Um, and.
W. Curtis Preston:There isn't direct route access by anyone.
W. Curtis Preston:And the only way you can get route access is you can, um, you do the SSH
W. Curtis Preston:tunnel thing that's more immutable.
W. Curtis Preston:I like that better.
W. Curtis Preston:Um, you still, but again, if you don't know this already, you still have
W. Curtis Preston:to do physical security against that
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:Exactly.
W. Curtis Preston:do every other box.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and then, You know, you ask a lot of que just ask a lot of questions.
W. Curtis Preston:What happens if so, for example, I'm currently wondering because I haven't
W. Curtis Preston:found a good answer online, I'm currently wondering what happens with Amazon S3
W. Curtis Preston:object lock if I delete my account.
Prasanna Malaiyandi:I don't think they allow you to.
Prasanna Malaiyandi:It depends on what type of object lock you're using, because there are
W. Curtis Preston:know what, I know what you're saying, right.
W. Curtis Preston:Um, but if I'm u is it the compliance mode?
W. Curtis Preston:It's the more,
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:yeah.
W. Curtis Preston:So assuming I'm using compliance
Prasanna Malaiyandi:Oh wait.
Prasanna Malaiyandi:Compliance is R L C R, lg.
Prasanna Malaiyandi:I think compliance is less in governance is more, or is it the
W. Curtis Preston:whichever it
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Whichever way
W. Curtis Preston:I think it's the other way around.
W. Curtis Preston:But anyway, so I'm using the more strict one.
W. Curtis Preston:and my credit card stops working.
W. Curtis Preston:Right.
W. Curtis Preston:It's not like they're gonna keep my storage forever.
W. Curtis Preston:You, when you say they won't let you delete it.
W. Curtis Preston:Well, I don't have to delete it.
W. Curtis Preston:I'm just gonna have my credit card not work anymore.
W. Curtis Preston:Right.
W. Curtis Preston:What
Prasanna Malaiyandi:like you said, it's not protected in all scenarios, right?
W. Curtis Preston:Right.
W. Curtis Preston:I don't know what the answer is.
W. Curtis Preston:I am curious.
W. Curtis Preston:I actually bought, I, I keep forgetting to do this, but I want to
W. Curtis Preston:go create an Amazon account separate.
Prasanna Malaiyandi:Mm-hmm.
W. Curtis Preston:Put some object lock stuff in there.
W. Curtis Preston:Not a whole lot, just like 90 days or something, but, but like a couple of
W. Curtis Preston:gigabytes or something, and then go delete my account and see what happens.
W. Curtis Preston:See if they let me delete the account.
W. Curtis Preston:Um, I did read something somewhere that, that there is
W. Curtis Preston:this like 30, 60 day timeframe.
Prasanna Malaiyandi:Hmm.
W. Curtis Preston:So again, that's still better because I'm assuming
W. Curtis Preston:that if you're using Amazon S3 and.
Prasanna Malaiyandi:by.
W. Curtis Preston:or any of the other folks you're gonna, you're gonna know
W. Curtis Preston:that somebody deleted your account
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and I know what I would want you to ask is what happens if, what happens
W. Curtis Preston:if someone gets through someone?
W. Curtis Preston:So I was just seeing a thing that said that it's like more than half of hacks
W. Curtis Preston:are through compromised credentials.
W. Curtis Preston:So what happens if someone, you know, you're a backup service?
W. Curtis Preston:What happens if someone gets ahold of my admin credentials
W. Curtis Preston:and is able to circumvent mfa?
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:How much damage can they
W. Curtis Preston:do you have against?
W. Curtis Preston:Yeah, how much damage they can do.
W. Curtis Preston:Can you undo any of that damage, et cetera, et cetera, et cetera.
W. Curtis Preston:I know that if we go back in time, let's say two years, I don't think
W. Curtis Preston:Druva had good answers to that question.
W. Curtis Preston:Right.
W. Curtis Preston:I remember being in those meetings and saying, Hey, we need to address this.
W. Curtis Preston:We have addressed that.
W. Curtis Preston:I think we now have really good answers to those questions.
W. Curtis Preston:Um, but does your, does you know, if you're not using Druva, does your vendor
W. Curtis Preston:have good answer to those questions?
W. Curtis Preston:I don't know.
W. Curtis Preston:Right.
W. Curtis Preston:So, yeah, so come up with worst case scenarios and that one.
W. Curtis Preston:Of compromised admin credentials, whether you're talking a service or
W. Curtis Preston:so, like for example, I know that like Druva has data lock, you know,
W. Curtis Preston:rubric and cohesive have data locks.
W. Curtis Preston:I know that with them, if you, if you compromise, uh, credentials and
W. Curtis Preston:you log into them and try to delete, if you, if you enable datalock,
W. Curtis Preston:you will not be able to do so.
W. Curtis Preston:Right.
W. Curtis Preston:So, , what is your vendor's answer to that question?
W. Curtis Preston:Um, and um, and then also ask 'em about bit rot.
W. Curtis Preston:What are they doing about bit rot?
W. Curtis Preston:If they're using object storage, I feel better cuz object storage
W. Curtis Preston:will automatically detect bit rot happening underneath.
W. Curtis Preston:Uh, cuz it will change the hash and somebody will be like, Hey, well not
W. Curtis Preston:somebody, a program will figure it out.
W. Curtis Preston:Um, I think Biro is rare.
W. Curtis Preston:Just for the record.
W. Curtis Preston:I think it's rare.
W. Curtis Preston:Um,
Prasanna Malaiyandi:It's rare.
W. Curtis Preston:bit error.
W. Curtis Preston:Right.
W. Curtis Preston:But,
Prasanna Malaiyandi:But it's still bad
W. Curtis Preston:not, not a problem.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:And the problem is when it's silent, that's the worst.
W. Curtis Preston:Exactly.
W. Curtis Preston:That's the worst.
W. Curtis Preston:All right.
W. Curtis Preston:Well enough about protecting backup data.
W. Curtis Preston:You got any final thoughts?
Prasanna Malaiyandi:Well, I think we covered it all.
Prasanna Malaiyandi:I really like virtual air gaps, but that's just me
W. Curtis Preston:I like the old school air gaps, but it's really
W. Curtis Preston:hard to do those these days.
W. Curtis Preston:All right.
W. Curtis Preston:Well thanks for listening to us.
W. Curtis Preston:Be sure to subscribe so that you can restore it all.
Listen On
