We’re playing Whack-a-Mole with vulnerabilities and zero-day exploits, and there is no light at the end of the tunnel. Accept that this is our everyday challenge for the foreseeable future. You will retire fighting this problem. The best way forward, then, is using that mentality and assuming that being attacked is not a question of IF but WHEN.

So when you design your network and security around the concept that a bad actor WILL gain access via an exploit (that PrintNightmare vulnerability has been around for 18 years!), it will have lots of layers of access, alerting, and carefully segmented backups.

Immutable backups have been all the rage the past couple of years as the feature set has rolled out. And rightly so – bad actors aren’t always on the outside. Disgruntled or careless employees pose a threat to your data as well.

Many storage venders have touted “immutable” backups locally using storage arrays. However, you must be careful with these options, as many are just snapshots on the same storage unit, or sometimes another unit running the same firmware/OS. In that case, admin privileges or a vulnerability (much like the one for Western Digital My Book Live) can still erase those “un-erasable” backups. That’s why it’s vital to have your backups on multiple different types of storage from different manufacturers. See: NetApp’s solution of replicating from one SAN to another. If there’s a vulnerability in the firmware or OS, it affects your entire backup solution.

That brings me back to our age-old 3-2-1 rule for backups: three copies of your data on two different types of media, one being offsite. And when I say “offsite” now, that means air-gapped too.

So how can you accomplish air-gapping your backups? You have several options: push backups to the cloud and allow it only to connect on a brief basis to take backups; or use drives and tapes that you connect into your backup system to collect the data, and then disconnect and physically take to a different location. Or a combination of both to accomplish offsite and air-gapped, but not in the same solution.

The choice is up to you.

We’re here to help you pick the best backup options, though, so drop us a line at info@mirazon.com or call us at 502-240-0404!