Posey's Tips & Tricks
Another Reason for Using Immutable Backups
Immutable backups can serve as a long-term safety net beyond ransomware protection, preserving critical data that may fall outside traditional backup retention windows and go unnoticed until it is too late.
Immutable storage has gotten a lot of attention over the last few years, and for good reason. Writing backup data to immutable storage is arguably one of the best defenses against ransomware attacks targeting your backups. After all, ransomware cannot encrypt read-only data. Similarly, many organizations write their backups to immutable storage because doing so can sometimes make regulatory compliance easier. Recently however, I found another benefit to using immutable storage.
In order to better illustrate what this benefit is, I need to give you a bit of background on the data protection strategy that I use within my own organization. My production servers exist as Hyper-V virtual machines, and so Hyper-V replication is my first line of defense. My production VMs are replicated from one Hyper-V server to another, resulting in a complete copy of those virtual machines, residing on different hardware. Hence, if something happened to my primary server or my primary storage, I could simply fail over to the replica. The way that I have Hyper-V replication configured also causes the replication process to create hourly recovery points that I could use to roll back a virtual machine by up to 24 hours.
My next line of protection involves a typical disk to disk backup which performs data backups every 30 seconds.
In addition to my primary backups, I have two tiers of air gapped backups. An air gapped backup is simply a backup that is written to removable media and then ejected from the system. The idea is that if the system were to be damaged by ransomware, a lightning storm, or some other catastrophe, the air gapped backups should not be impacted because they are not physically connected to anything. My first air gapped backup tier creates daily air gapped backups and my second tier creates air gapped backups on roughly a weekly basis.
Finally, I write immutable backups to WORM disks on approximately a monthly basis. The reason why I don't create immutable backups more frequently is because the media is slow, expensive, and has a limited capacity.
So now that I have told you about how I handle data protection in my own environment, let me tell you about how my immutable backups recently paid off in an unexpected way. It all comes down to data retention policies.
Retention policies are based on the idea that most backups eventually outlive their usefulness. There comes a point at which a backup is so old that there is almost no chance that it will ever be restored. Similarly, there is a point at which the cost of storing an old backup exceeds the value of the data contained within the backup. Hence, retention policies cause these aging backups to be purged in an effort to make space for newer backups.
My primary backup system's storage capacity limits the number of backups that I can retain. The system is only physically capable of storing backups for a few weeks. Similarly, my Tier 1 air gapped backups get rotated each day, but are overwritten after about a week. My Tier 2 air gapped backups are also rotated, but the oldest backup is usually less than a month old. In other words, cost and logistics have led to me creating a backup retention policy that spans roughly about a month.
The problem with these types of retention policies is that data loss is not always immediately obvious. A few days ago, I decided to take a look at the Microsoft Word document associated with a book that I wrote several years back. Much to my surprise, the file was gone! I don't really know when or how the file was deleted (although I have my suspicions), but one thing was certain. The deletion occurred more than a month ago. None of my normal backups contained a copy of the missing file.
Fortunately, my immutable backups were not affected by these retention policies. It doesn't really cost anything to store physical media indefinitely, so I have immutable backups going back for more than two years. As such, I was able to easily locate and restore my missing file from an immutable backup that was created way back in 2023.
About the Author
Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.