What is Immutable Cloud Storage?

Utilizing the cloud for backup has become fundamental to business continuity and disaster recovery (BCDR) best practices. Managed service providers (MSPs) are realizing that not all solutions that employ the cloud are the same, however. There are significant differences in cloud design that can have a major impact on reliable backup and recovery of business-critical data.

These distinctions are coming into focus with threats to backup security on the rise, including hacking, human error, and malware. Research shows that ransomware, a subset of malware, is rapidly increasing the amount of downtime that businesses experience. The security and reliability of cloud backup infrastructure can make or break an MSP’s ability to steer its clients’ recovery from a ransomware attack, accidental data deletion, and other threats.

Immutable cloud storage is ideal for MSPs seeking the highest level of protection for their clients’ data. But what does it mean to be “immutable”? In computing, an immutable object is one whose state can’t be changed or modified after its creation. The opposite of this would be a mutable object, which can be modified once it has been created. Taking it a step further, the term “immutable storage” is applied to stored data that cannot be changed or deleted.

As it turns out, many solutions that utilize both public and private clouds for backup and recovery are mutable. They can still be corrupted by hackers, who are increasingly targeting backup systems to make it impossible for organizations to recover from a ransomware attack.

Multiple Levels of Security

Datto SIRIS backs up data to the immutable Datto Cloud. A purpose-built backup and recovery cloud made specifically for MSPs, the Datto Cloud’s immutable design provides maximum security and reliability for MSPs’ clients.

Multiple security layers are necessary to build an immutable cloud. In the case of Datto SIRIS, for example, it starts with mandatory two-factor authentication (2FA) for access to the cloud-based administration portal. All data is encrypted at rest in the cloud and optionally in the local hardened SIRIS appliance, helping to secure client data before it’s replicated in the cloud.

Once a granular backup or “snapshot” has been taken, additional safeguards contribute to backup security. In the case of SIRIS, a post-backup ransomware scan is performed to ensure the data has not been infected by ransomware.

Advanced Backup Verification with patented Screenshot Verification adds an additional layer of confidence, virtualizing and test-booting virtualized servers to detect any backup issues, assuring that backups will boot with all data intact and free from ransomware. Once the ransomware scan and advanced backup verification have been performed, backups are replicated to the secure Datto Cloud via AES 256 encryption.

Smart File Systems

The choice of file system is critical to immutable storage. Datto selected ZFS (the Zettabyte File System) for backup storage in the Datto Cloud. ZFS is also specified for Datto appliances including SIRIS and ALTO.

ZFS is an advanced file system that is combined with a logical volume manager, and cannot be corrupted. It provides copy-on-write snapshots, zero-copy writable clones, data compression, and deduplication. In addition, ZFS provides support for massive storage capacities, as well as continuous integrity checking and automatic data repair.

Data integrity is a key characteristic of ZFS, which includes end-to-end checksums and data authentication at multiple levels in its file structure. It excels at data integrity protection by detecting and addressing silent data corruption scenarios, including phantom writes, data corruption on the drive, misdirected reads, and accidental overwrites. The net/net is that ZFS cannot be corrupted by ransomware.

Cloud Deletion Defense also contributes to the immutability of the Datto Cloud. With its ability to “undelete” an accidental or malicious deletion, Cloud Deletion Defense provides yet another protection layer to MSPs and their clients.

Immutability Matters

Hackers are on the prowl, malware is lurking, and erroneous deletion is always a danger, making fully protected backups essential for preserving essential data. Immutable cloud storage is the key to reliable recovery when business systems are compromised.

To help your clients prepare for cybersecurity threats taking aim at backups, read our full eBook, Backup Under Attack: Protecting Your Last Line of Defense.