In recent years, ransomware attacks have been on the rise, leaving many businesses struggling with encrypted and inaccessible production data. In response, Google has introduced an innovative backup vault feature in its cloud services, aimed at protecting organizations' critical backup data and preventing hackers from modifying or deleting these backups during secondary attacks.
Backups Are Not Enough, Protecting Them is Key
It’s well-known that backup data serves as the last line of defense when disaster strikes. However, traditional backup methods face a serious challenge: backup data can become the next target of ransomware attacks. Google has recognized this pain point and added new "immutable" and "undeletable" features to its Cloud Backup and Disaster Recovery (DR) service, ensuring that backup data cannot be tampered with or deleted. Even if attackers control the production data, organizations can still rely on backups for recovery.
According to Google, "When production data is unavailable or untrusted, backups are often the last resort for recovery. It’s crucial not only to back up critical workloads but also to ensure these backups aren't modified or deleted afterwards."
Isolated Protection for Data
The new feature adopts an isolated protection mechanism where backup data is stored in a separate project managed by Google, logically isolated from other Google Cloud projects controlled by the organization. This means users within the organization cannot directly access or modify the backup data, effectively preventing direct attacks on these resources.
Google emphasized that when creating a backup vault, administrators can set a mandatory minimum retention period, ensuring that during this time, the backup data cannot be modified or deleted. This layered protection mechanism helps achieve data immutability and complies with many security programs and regulatory requirements.
Flexible Recovery, Even If the Source Resources No Longer Exist
Google’s new feature also provides great flexibility, allowing users to configure backup vaults in different projects from the source project, ensuring that backups remain accessible and recoverable even if the original project or resources are no longer available. This enables businesses to design more resilient backup strategies to protect against the loss of source projects or resources.
Google stated, "You can create backup vaults in a different project from the source, ensuring that backups remain accessible even if the source project or resources no longer exist."
Comprehensive Recovery Support
Google's backup vault functionality supports a wide range of systems and applications, including Compute Engine VMs, VMware Engine VMs, Oracle databases, and SQL Server databases. Additionally, the new feature allows the immediate recovery of production applications to pre-existing or newly created projects, particularly useful in scenarios involving recovery testing or forensics following a ransomware attack.
This new backup vault feature provides businesses with robust data recovery capabilities, preparing them for future cyberattacks.
Conclusion
Google’s newly introduced backup vault feature significantly enhances the security and flexibility of cloud backups, providing a strong shield against ransomware in today’s increasingly threatening landscape. It ensures that backup data remains recoverable even under the most extreme circumstances, thereby safeguarding business continuity.
For organizations concerned about data security, this new feature from Google Cloud is an indispensable tool.
