Imagine a ransomware attack has hit your company or hackers have deleted your data. You recover your backup data, only to find that it has also been compromised. It's a nightmare scenario. Unfortunately, it's an all too common occurrence. But with the latest technology from Ahsay, you can protect your customers' production systems and critical data from the increasing threats of ransomware and cyberattacks.
With an Ahsay immutable backup, your backup data cannot be changed, deleted, modified, or encrypted. It means you’ll always have a reliable and unaltered copy of your backup data. So, even if your customer loses all of their production data, they can rebuild everything from scratch using unaltered and uncompromised data. With Ahsay's immutable backups, you can rest assured that your customer's data is safe and secure.
Ahsay immutable backup currently supports the following storage types:
-
AhsayCBS
-
Microsoft Azure
-
Amazon S3
-
Any S3 compatible storage
-
Google Cloud Storage
-
Backblaze B2
-
Wasabi
How can immutable backups help?
-
Ransomware protection
No one can modify immutable backup data, which is NOT affected by ransomware that alters and encrypts your files.
-
Human error, malicious employees, and hackers
No one can delete immutable backup data. It safeguards your data from accidental deletion, malicious employees, and hackers.
-
Regulatory Compliance
Immutable backups allow businesses to comply with regulatory or legal requirements. It proves that all historical backup data is authentic because it is unchanged.
How does it work?
Ahsay’s immutable storage policy is based on an enhanced access control method which provides both data immutability and flexible storage management.
A backup to an immutable storage destination requires two separate accounts to function:
-
A “regular user” account is used solely for backup purposes, which only has written permission to save backup data onto the designated storage.
-
An “admin user” account with modify or delete permission is used to delete any backup data. For increased security, the login credentials of the “admin user” account are never saved, so there are no details for potential hackers to retrieve and use to compromise the backup data.
-
Any data modification or removal must be validated using two-factor authentication as an additional safeguard.
How does Ahsay's immutable storage policy implementation differ from other backup solution providers?
Legal hold and time-based methods are The most commonly used to ensure storage immutability. Each method has its strengths and weaknesses
-
Legal hold
A legal hold storage policy is traditionally used to preserve data that a business believes may be relevant to pending, ongoing, or future litigation. Some providers now adopt this method to implement an immutable storage policy. Once a legal hold is applied to the relevant backup data, it cannot be modified or deleted until after the legal hold is removed. In the meantime, the data can be accessed and read normally. The downside is that the user account used to enable legal hold conveniently has permission to turn off legal hold! Therefore, if a hacker gains access to this account, they can quickly turn off the legal hold and delete all your backup data.
-
Fixed time retention policy
Time-based immutable storage policy is based on a fixed time period. Once the backup data is saved onto cloud storage, a time lock is added to the files for example 7 years. These files cannot be modified or deleted until after the time lock has expired, but in the meantime, the data can be accessible and read. The major downside is that storage management is severely restricted. As time progresses, backup data can grow quickly; over time, some may become outdated. However, you cannot delete or update this data due to the time-based immutable storage settings. You may end up paying more for storage charges on large amounts of backup data which is no longer useful or relevant to your customers' business. This could be over long periods!
Why is Ahsay immutable backup better?
With Ahsay's immutable backup solution, you get the best of both worlds: complete data immutability combined with high levels of security and total storage management that other backup solutions cannot provide.
-
Security
Even if hackers could gain full access to an MSP Ahsay backup system, they would not be able to delete any backup data, as the "admin user" credentials required to delete backup data are not stored anywhere in the system.
-
Adaptable to changes
You are allowed to change how long you want to keep your data in retention when different business requirements arise without being tied strictly to the retention policy set initially, after a second level of authentication, e.g. 2FA, is performed. You maintain complete control over your backup data to minimize storage charges. This is especially useful when MSPs encounter the situation where users are no longer willing to pay for backup services they promised initially and it is absolutely necessary to move all data from cloud storage to stop future storage fees.
However, if it is absolutely necessary that a retention policy of certain time to be enforced due to regulations, you can configure a default retention time for all new objects created on your cloud storage providers, e.g. S3, Google Cloud Storage etc, to augment the built-in user access level protection already in place. Please beware of the financial consequence of this action.