Security challenges for IT professionals and organizations today are multitudinous. Every day we learn of an organization that became a victim to a cybersecurity breach or other malicious event, such as ransomware, essentially putting their business and their customers’ sensitive data at risk. Your infrastructure, networks and data should be protected, and most organizations strive to implement appropriate risk aversion measures and tactics.
Best practices service providers employ to keep your data safe
Veeam Cloud & Service Provider (VCSP) partners have mastered the concept of cybersecurity protection better than most. Service providers often manage complex infrastructures of various sizes and types and have gained mastery through their industry experience and technical education to be able to identify and mitigate these threats.
What a customer needs, what a vendor provides, and what a partner implements determines the ability to best protect and respond to security threats. We work closely with our VCSP partners to educate and assist them while discussing and delivering best practice configurations. Our partners often manage Veeam deployments of various sizes. They often provide DR planning and assistance via replication services. Here are some best practices and common infrastructure configurations VCSP partners use in their customers’ environments and to protect their own infrastructure.
Protecting from ransomware
To protect your most recent backup data from ransomware attacks or other malicious activities, Veeam has introduced features our VCSP partners use to mitigate the threat. Adhering to the 3-2-1 Rule is the recommended configuration to prevent an on-premise issue from affecting remote backups. Typically, our VCSP partners leverage the two methods below to provide this protection.
- Backup Copy Jobs to Cloud Connect Repositories w/Insider Protection
- This method provides off-site backups to a storage agnostic target. Insider Protection provides mitigation for, you guessed it, threats from inside your organization or the organization’s data center and network.
- Scale-out Backup Repositories to Object Storage w/Immutability
- This method provides off-site backups but only to an Object Storage provider. This could be a public cloud entity or a VCSP partner’s own deployment.
- Configuring immutability for data stored in Object Storage is a new and exciting capability for Veeam Backup & Replication!
Encryption
- Backup and Backup Copy jobs can be encrypted at rest. Configuring this option appropriately will prevent unauthorized access to backup files; essentially rendering them useless to a party without the decryption password.
- Network traffic between backup
and replication components can be encrypted via Network Traffic Rules. (All data
transferred between public networks are encrypted by default!)
- Nobody is able to “snoop” on data traffic between Veeam components or remote repositories when configured correctly!
- Veeam Agent backup jobs are
encrypted between source and destination in transmit. We also suggest
configuring at rest encryption for their backup jobs!
- Lots of customers use Veeam Agent for Microsoft Windows to send backups directly to the cloud. These options protect sensitive user data!
- These options are available for our Linux Agents today and for the upcoming Veeam Agent for Mac!
Protecting your infrastructure
Critical systems, like those running your managed Veeam Backup & Replication infrastructure, should be protected by best practices and the best toolsets! It’s common for VCSP partners to invest in tools that provide:
- Secure remote access for managed systems
- Multi-factor authentication
- Critical infrastructure configured to allow “least privileged” access
You’ll notice the common theme here is all about controlling access. Having multiple secure barriers to entry is the first step in guarding your data.
Partnering with a VCSP partner is simple
Understanding the risks and having a data protection plan in place is the first step in mitigating against cybersecurity threats and attacks. Leveraging IT partnerships can fill the gap between your configured solution and what might be missing. Many customers have differing needs and that’s why Veeam has a network of service providers available to help take the burden of protecting your data off your shoulders. Check out our Veeam-powered BaaS and DRaaS page to learn more and to find a VCSP partner that can guide you to the right solution to fit your needs.