Security challenges for IT professionals and organizations today are multitudinous. Every day we learn of an organization that became a victim to a cybersecurity breach or other malicious event, such as ransomware, essentially putting their business and their customers’ sensitive data at risk. Your infrastructure, networks, and data should be protected, and most organizations strive to implement appropriate risk aversion measures and tactics.
Best practices service providers employ to keep your data safe
Veeam Cloud & Service Provider (VCSP) partners have mastered the concept of cybersecurity protection better than most. Service providers often manage complex infrastructures of various sizes and types and have gained mastery through their industry experience and technical education to be able to identify and mitigate these threats.
What a customer needs, what a vendor provides, and what a partner implements determines the ability to best protect and respond to security threats. We work closely with our VCSP partners to educate and assist them while discussing and delivering best practice configurations. Our partners often manage Veeam deployments of various sizes. They often provide DR planning and assistance via replication services. Here are some best practices and common infrastructure configurations VCSP partners use in their customers’ environments and to protect their own infrastructure.
Protecting from ransomware
To protect your most recent backup data from ransomware attacks or other malicious activities, Veeam has introduced features our VCSP partners use to mitigate the threat. Adhering to the 3-2-1 Rule is the recommended configuration to prevent an on-premise issue from affecting remote backups. Typically, our VCSP partners leverage the two methods below to provide this protection.
- Backup Copy Jobs to Cloud Connect Repositories w/Insider Protection
- This method provides off-site backups to a storage agnostic target. Insider Protection provides mitigation for, you guessed it, threats from inside your organization or the organization’s data center and network.
- Scale-out Backup Repositories to Object Storage w/Immutability
- This method provides off-site backups but only to an Object Storage provider. This could be a public cloud entity or a VCSP partner’s own deployment.
- Configuring immutability for data stored in Object Storage is a new and exciting capability for Veeam Backup & Replication!
- Backup and Backup Copy jobs can be encrypted at rest. Configuring this option appropriately will prevent unauthorized access to backup files; essentially rendering them useless to a party without the decryption password.
- Network traffic between backup and replication components can be encrypted via Network Traffic Rules. (All data transferred between public networks are encrypted by default!)
- Nobody is able to “snoop” on data traffic between Veeam components or remote repositories when configured correctly!
- Veeam Agent backup jobs are encrypted between source and destination in transmit. We also suggest configuring at rest encryption for their backup jobs!
- Lots of customers use Veeam Agent for Microsoft Windows to send backups directly to the cloud. These options protect sensitive user data!
- These options are available for our Linux Agents today and for the upcoming Veeam Agent for Mac!
Protecting your infrastructure
Critical systems, like those running your managed Veeam Backup & Replication infrastructure, should be protected by best practices and the best toolsets! It’s common for VCSP partners to invest in tools that provide:
- Secure remote access for managed systems
- Multi-factor authentication
- Critical infrastructure configured to allow “least privileged” access
You’ll notice the common theme here is all about controlling access. Having multiple secure barriers to entry is the first step in guarding your data.
This blog was originally written by Tim Hudson for Veeam Blogs.