Safeguarding data against ransomware and malicious attacks is paramount. Customers that subscribe to Vitanium’s Veeam Cloud Connect service can benefit from its Insider Protection feature, designed to protect cloud backups from intentional malicious deletion or cyber-attacks.
What is Insider Protection?
Insider Protection is a critical feature of Veeam Cloud Connect which can be enabled by Vitanium. It ensures that backups stored in Cloud Connect are safe from accidental deletion or deliberate attacks on your Veeam environment. This is particularly vital during ransomware attacks when remote data stored in Veeam Cloud Connect might be targeted and deleted.
The Challenge
Since Veeam Cloud Connect is integrated with the Veeam console, backups are visible and accessible to the end user. While this accessibility is beneficial for legitimate use, it does pose a risk if an attacker gains control of the Veeam server. The attacker can then delete the remote backups, and Cloud Connect, seeing a request from a valid account, will comply.
How Insider Protection Works
Think of Insider Protection as Veeam Cloud Connects Recycle Bin. When enabled, any file deleted from the cloud repository isn’t immediately erased. Instead, it is moved to a special folder within Vitanium’s Cloud Connect Backup Repository for a period of time which is NOT accessible from the Veeam console and completely safe from deletion. Its important to note that Backup Files put in the Recycle Bin do NOT count towards your Cloud Connect storage quota.
Configuring Backup Jobs for Optimal Protection
Backup jobs using Forever Forward Incremental or regular Backup Copy jobs with a single full backup file can be problematic. These configurations mean the full backup is continuously updated by merging old incrementals, preventing the full backup file from ever being placed in the Insider Protection Recycle Bin. Therefore, in the event of a complete deletion, no full file will be available for restore.
For Insider Protection to be truly effective, you need to use a backup mode that periodically creates full files that remain unchanged once created. This allows these files to age, be deleted by job retention, and subsequently moved to the Insider Protection Recycle Bin.
If the backup mode does not periodically create full files you will receive this warning
“Your service provider has implemented backup files protection against deletion by an insider for this cloud repository. To protect against advanced attack vectors, we recommend that you configure your cloud backup jobs to keep multiple full backups on disk (as opposed to forever-incremental chain with a single full backup).”
We recommend Backup Jobs you want protected by Insider Protection be configured with GFS and you use at least 1 Weekly archival backup. These backups live outside of the Backup Copy job chain and are stored as .vbk files. Meaning that they are able to be imported and restored in your Veeam infrastructure.
Conclusion
By understanding and properly configuring Veeam Cloud Connects Insider Protection, you can significantly enhance the security of your backups against malicious attacks and accidental deletions. Proper configuration ensures that even if backup files are deleted, there will always be a consistent backup available for restoration.
Final Thoughts
Implementing these best practices will ensure that your data remains secure and recoverable, even in the face of advanced threats. Veeam Cloud Connects Insider Protection is a powerful tool in your data protection arsenal, but its effectiveness hinges on proper configuration and periodic creation of full backups.
By staying vigilant and proactive, you can safeguard your valuable data and maintain business continuity, no matter what challenges arise.
Vitanium are experts in Data Protection, if you want advice on how best to protect your company from data loss, please do not hesitate to contact us.