Immutable Backups: How They Work and Why State and Local Agencies Need Them

What Constitutes an Immutable Backup for Government Agencies? 

Various kinds of memory systems have been used over the years to provide recoverable storage. For decades, the go-to was tape, often kept in an offsite data vault. Optical discs have also been in the mix, but all forms of air-gapped physical storage require an authorized human being to go and get them and feed the information back into the production IT system.

The disadvantage is that this type of data protection, while robust, can be cumbersome and slow to recover.

These days, magnetic storage disks are most common, but the data must be cordoned off from prying eyes outside (and possibly inside) the enterprise. Immutable backup depends on “write once read many” (WORM) memory that can’t be altered once it has been saved.

“If engineered correctly, immutability in backup products should not be a feature that can be disabled by an administrator or a cyber adversary with compromised credentials,” says Travis Rosiek, public sector CTO at Rubrik. “In the case  of a ransomware attack, immutable backups can help customers securely recover data to production servers immediately.”

PREPARE: Harden your data centers against climate risks.

Can Bad Actors Attack Government Immutable Backups? 

Standard backup systems depend on options to enable or disable immutability. Air gap software is available to automate the opening and closing of network ports between storage devices.

“Be aware this kind of air gap is not identical to physical air gaps and has its limitations from a security perspective,” Gartner warns. Hackers can gain access and turn down immutability retention settings, then lock the data or exfiltrate it, moving it out of the IT production system altogether.

“State and federal agencies must remain vigilant, understanding that if they can activate security measures like immutability and encryption, threat actors can also disable these measures,” Rosiek says.

There are key ideas to keep in mind when building an immutable backup system, says Stephen Manley, CTO at Druva:

• Make sure the data can’t be deleted or modified
• Determine what kind of security is available to guarantee this 
• Learn where metadata describing the backup files lives and protect it 
• Create a system to check backed-up data for malware and move clean information back into production

The troubling fact remains that ransomware can lie dormant in a network for weeks or months. It’s possible that your backup files have already been compromised before you protect them in a WORM drive and consider them pristine.

Can Government Agencies Set Up an Isolated Recovery Environment?

Gartner describes an isolated recovery environment as a platform “equipped with resources to verify and recover data from an immutable backup copy that does not replace traditional backup and disaster recovery systems.”

In short, an IRE is a sandbox separate from the production system where immutable files can be scanned for malware and cleaned before being reinstalled. It requires a dedicated, independent network that includes Active Directory, DNS, DHCP and NTP services, Gartner says. And the effort can require “significant additional investment,” including extra staff and a secured VPN to move backups from an immutable vault back into production.

It’s a big, expensive and complex undertaking. “Why would you possibly want to do this on your own?” Manley says.

LEARN MORE: Vendor-agnostic MSPs offer greater cyber resilience.

Druva offers a data resiliency guarantee backed by $10 million in indemnification. The company provides multifactor authentication, immutable backups and zero-trust security, among other services. “We have 1,000 people who wake up every day to do just one job,” he says, And it all sits in the cloud.

Marlon Hughes, vice president of public sector engineering for Cohesity, estimates that about 75% of his company’s state and local customers rely on hybrid data protection architectures, and most are moving quickly to cloud-based SaaS systems.

Local agencies have valuable personal data that cyber criminals are looking for, Hughes says. Whether it’s a water bill or student information, these organizations have small IT departments that are stretched thin. They’re easy marks for the bad guys.

How Do Governments Use Immutable Backups?

Yuba County in California was hit with a ransomware attack in 2021. The trouble started when a DoppelPaymer ransomware note showed up on several servers and PCs.

“By the time we got to it, it had encrypted roughly 50 PCs and 100 servers,” said Paul LaValley, former CTO for the county, in a Rubrik case study. “We knew through forensic analysis that Dridex, Cobalt Strike, IcedID and PowerShell scripts were all used for portions of the attack. Based on that, we realized our compromise was a Kerberos attack, traditionally called a Golden Ticket attack.”

But even with essential data encrypted by the attackers, LaValley knew he wouldn’t have to pay the criminals to have the files restored — and that it wouldn’t take long to get the county’s IT system back up and running.

DISCOVER: State and local governments strengthen services with data center optimization.

“Rubrik saved our data during this sensitive time thanks to its immutability,” LaValley said. All of the backups were restored within seven days.

San Joaquin County used backup tapes for years, but the IT department didn’t have much faith in their security, and even their accessibility was in doubt. After trying another cloud-based vendor, the county chose Rubrik.

Then Assistant Director David Newaj was particularly glad to get help protecting backup files. “Its native immutability offered me peace of mind with regards to cyber threats,” he recalled in a separate Rubrik case study. “We were able to replace multiple backup solutions with a standardized data management platform across all departments.”

It certainly brought relief. Before, it was one person’s full-time job simply to manage tapes, Newaj noted. Afterward, the county could “repurpose that IT headcount to focus on planning for the future, like cloud initiatives and solidifying a DR strategy,” he said.

RELATED: DRaaS is vital to state and local government recovery efforts.

Numerous vendors currently offer data backup with immutability, including Rubrik, Druva, Cohesity and others. Gartner recommends that potential buyers look closely at the offerings.

“Immutability is used differently by vendors and varies in implementation and effectiveness. Therefore, it’s important to understand what each vendor means by ‘immutable’ and how its functionality is implemented,” Gartner says.

Also, state and local agencies should do an inventory of data assets and decide which really need to be stored in an immutable backup. Not everything will rise to that level.