In Veeam Backup and Replication 9.5 Update 3, Veeam introduced a feature called “Insider Protection,” and updated it for the most recent release of Update 4. Insider Protection is a method used to combat the malicious or intentional (and perhaps even accidental) deletion of backup files by an “insider.” The insider may be a virus, person, script, etc. that has access to your network, for example, an employee. But “insiders” are now, more often, dangerous outsiders who have gotten “in”. While the Veeam feature provides some unique capabilities and protection, it can also cause storage issues for service providers as well as additional costs and complexity for customers. Let’s look at a little background information before moving on to Global Data Vault’s Enhanced Data Protection.
Veeam’s backup files are broken down by type and identified by file extension. For example, a full backup creates a file with a VBK extension, while an incremental and reverse incremental backup is a VIB and VRB, respectively. All the information related to the backup job is stored in the metadata file, or VBM. These files are stored in a folder that is related to the job, so your folder contents would then include a VBK, VIBs or VRBs, and a VBM. As the VIB/VRB files are part of a chain linked to the VBK file, all files must be present in order to restore to a specific point in time.
Now, we’ll dive into Insider Protection by examining the most probable methods of backup file deletion:
- Viruses and malware – have the ability these days to “seek and destroy” different types of backup files, even when stored in an alternate location such as the cloud
- Human by intentional action – disgruntled employees, terminated employees
- Human by unintentional action – the accidental deletion or “OH NO second”
As mentioned before, when a file in the chain of a backup is deleted, the backup itself is rendered useless. That is the malicious intent of such deletions, specifically if ransomware is involved, as the hackers will delete older backups, encrypt the most recent one, and demand payment. Insider Protection provides a recycle bin for your cloud service provider, which is in the Veeam repository location, to store deleted backup files. This recycle bin uses disk space, which is usually charged back to the customer to recover the cost. Veeam also recommends conducting an active full backup every few days, or weekly, as this prevents a break in a backup chain. Again, the challenge with this comes with the additional storage for both the primary repository and the recycle bin, which translates to higher costs for you, the customer.
GLOBAL DATA VAULT IS DIFFERENT.
Standing by our motto of “It’s always our problem,” we developed a proprietary technology to both take advantage of Insider Protection and keep costs down, and we call it Enhanced Data Protection (EDP). EDP provides an offline repository where the backup files are held in their truest form while not being accessible from the Veeam Backup Console. This means no one, except for Global Data Vault, can access them, thus protecting the files from insiders.
Here is the traditional Insider Protection recycle bin:
As you can see, there is no VBK file in the default recycle bin to complete the backup chain.
Enhanced Data Protection keeps a copy of the entire chain in an offline repository for each day, so the directory looks like this:
The files in the directories are the entire chain at the time:
On any given day, GDV can go back to any specific date and point in time so long as it falls within specified retention policies! Another great function of this is the reporting provided via the customer’s portal. GDV believes in transparency and allows you to see the files exist in the offline repository as well as the dates, sizes, etc., to ensure you are within your SLAs. As the customer, your EDP files are displayed in the portal but are not accessible to prevent tampering.
Your portal would show:
As you can see, the full backup chain is there for September 17th, and you may check any other day in a similar fashion.
Global Data Vault believes in providing the best possible service to our customers while keeping costs down as much as possible. With Enhanced Data Protection, we provide true insider protection. Check back often, as we will continue to innovate and provide more functionality and features to keep your data—and business—safe.