Commvault Unveils Clumio Backtrack - Near Instant Dataset Recovery in S3
Over the past few years, we have seen that traditional data protection methods needed to evolve in order for organizations to better protect themselves from potential threats, both internal and external. We also see that as customers continue to embrace cloud-first and cloud-native strategies, they need to ensure that their data protection strategies can evolve as quickly as their workloads. In this guest blog post, I’ll discuss some of these challenges, and how Clumio helps customers overcome these challenges.
Customers are continuing to see an evolution in the number and types of threats that they face. No longer is the concern of accidental file deletion or loss of a primary site enough for an organization to worry about – these days, customers need to be sure that they are protecting against a variety of threats and ensure that their data is protected, even during scenarios that aren’t top of mind. Let’s look at a few in further detail:
One of the larger benefits to the Clumio service is that it provides customers with an air gapped and immutable data protection solution for storing backup data. Let’s take a deeper look into how Clumio is able to achieve this.
To achieve the air gap for data protection, Clumio stores all data on Amazon S3 located in a separate Clumio-owned AWS account. A customer does not have direct access to any resources residing in the Clumio service. Role-Based Access Control is only possible via the Clumio service UI (or Clumio REST APIs) which limit the operations that a customer can perform by design. Second, when backing up data, Clumio never overwrites existing data on Amazon S3, it will only append. This ensures complete data integrity for the restore points that are defined as part of a Clumio Backup Policy.
These approaches help customers solve for a number of potential areas of concern that have been previously mentioned in this post, specifically :
Ransomware – There are ransomware variants such as Ryuk that look to encrypt backups as part of an attack pattern. With Clumio, having your backups stored in an immutable format in a separate account which you don’t have access to ensures a solid layer of protection against such an attack. If a ransomware attack were to occur, customers can simply choose a restore point prior to the ransomware incident, and recover from that point. Clumio also provides customers the ability to restore to a different AWS account of your choosing (if needed), which can be beneficial for IT Security teams to perform a full forensic analysis on the impacted AWS account, while not impacting business operations once the restore to a new AWS account has completed.
Bad Actor – For situations where account credentials are compromised and critical resources are modified or deleted, Clumio’ s air gapped protection ensures that a bad actor (no matter if internal or external) cannot delete the backups that exist in the Clumio service. This is a better approach than simple Amazon EBS and Amazon RDS snapshot storage in the same AWS account, since a bad-actor can also choose to delete historical snapshots with no recourse available to the customer once the snapshots have been deleted. This also provides a layer of protection beyond cross-account snapshot copies when the second account is owned by the customer, since destination AWS account may not always be properly secured, or cross-account roles with sufficient privileges could exist between both accounts that would allow for deletion of cross account snapshot copies to occur.
Accidental Snapshot Deletion – When using Clumio, it is impossible for a customer to delete restore points -even accidentally – within the Clumio service. Should a customer accidentally delete an Amazon EBS or Amazon RDS snapshot and the resource is protected by the Clumio service, this does not impact the functionality of the Clumio service, and you would still be able to recover from previous Clumio restore points. Scheduled Clumio backups will still continue to function normally as well, causing no disruption in operations
We’ve seen how there are multiple threats that customers need to account for when defining a data protection strategy for their organization, although we just scratched the surface by naming some specific threats.