May was a busy month! I had the opportunity to present at Pure//Accelerate again this year and we just wrapped up VeeamON 2021. By the way, both events now have content up for replay, so it’s the perfect time to catch up!
One of the common themes that I had for both events was some perspective around ensuring reliable data recovery from a ransomware incident. With the current threat atmosphere today, this is the opportunity to shine for backup software as well as modern storage systems.
I’ve spent much of the past few years focusing on ensuring organizations can recover data in a ransomware incident. I talk a lot to customers who drive successful recoveries as well to the outstanding staff at Veeam who support customers in these precarious scenarios.
There is a missing link. A copy of data on an ultra-resilient media. In Veeam terms, ultra-resilient media would be a restore point on a media that is either offline, immutable or air gapped. The missing link is when discussing scenarios where recovery could not occur, there is a common theme of organizations not having a copy of backup data that is ultra-resilient. Below is a list of some of the ultra-resilient media options which is a famous slide I like to use in presentations:
On this list, a few standout points can be made:
- Tape: Media outside of the library, and marked as WORM, will actually exhibit all three characteristics: immutable, offline and air gapped.
- Insider Protection: Veeam Cloud Connect has a capability available for service providers to have a copy of backup data out-of-band from the end user.
- Rotating drives: Drives that are ejected and removed are offline (common in rotating drives and use with enclosures).
- Immutable backups: The public S3 and S3-compatible object lock capability brings immutable object storage (and potentially off site).
- Hardened Repository: The newest Veeam V11 capability allows backups to be written with immutable attributes in Linux.
What can modern storage bring to a ransomware recovery scenario?
This is an area where Veeam can shine with our rich integration with many storage systems in the market today. Storage systems can bring some inherent ransomware resiliency into the conversation. Let’s talk about Pure Storage.
Pure Storage is a Veeam partner that has a very compelling technology, SafeMode Snapshots. I’ve followed Pure Storage for a long time and very much admire their culture and approach to a market (enterprise storage) that was ripe for some innovation. In fact, the entry into a market ripe for innovation sounds very familiar as that is very much Veeam in the backup space!
SafeMode Snapshots are immutable and easy to set up. This is a great way to incorporate an ultra-resilient copy of data. An additional level of control is that SafeMode Snapshots can only be accessed at the direction of Pure Storage Support.
How can I leverage Pure Storage and Veeam to ensure data recovery from ransomware?
This becomes very interesting as there are a number of ways to leverage SafeMode Snapshots to ensure data recovery in a ransomware incident. One approach is to put the Veeam Hardened Linux Repository on a Pure Storage FlashArray system. This is a very easy way to have not one but *2* levels of immutability with robust technology from Veeam and Pure Storage. But the options do not stop there.
If the Veeam Hardened Linux Repository is part of the Veeam Scale-out Backup Repository, backup data can be sent to an AWS S3 bucket with Object Lock enabled for immutability (or an S3-Compatible system on the Veeam Ready list with Object Immutability). If you are keeping score at home, this would be an immutability triple play! Be sure to see the VeeamON replay demo session “Modern Immutability Options” where I demoed a multi-tiered immutability approach.
Veeam and Pure Storage: Integrated & Immutable
Be sure to check the Veeam solution page for Pure Storage that will cover more than just SafeMode snapshots. There you can see how Veeam integrates with Pure Storage FlashArray limitless snapshots, providing superior backup performance, more rapid recoveries and easy access to production data copies for development and compliance testing.