Immutable Backup: The Best Defense Against Ransomware

By Lauren Wahlman

July 14, 2022 | min

Data is the lifeblood of today’s enterprises, and an extremely lucrative target for attackers. Ransomware, which essentially holds data “hostage” by encrypting it until a ransom is paid by the company, is increasingly common and becoming more advanced every day. 

In fact, some estimates say that a ransomware attack occurs every 11 seconds. These attacks can cripple an organization, causing unexpected downtime and wreaking havoc on an enterprise’s operations, production, customer service, and even future reputation. 

It can cost a lot of time, effort, and money to recover from a ransomware attack. Simply having a backup of your data is no longer sufficient, because attackers can now infiltrate backups as well. 

In addition to practicing “defense in depth,” IT professionals are now beginning to see the critical need for immutable backups as a last line of defense from ransomware and other attacks—and a smart way to maintain a successful strategy for business continuity and disaster recovery.

What Is Immutable Backup?

The term “immutable” means “not capable of or susceptible to change.” An immutable backup, therefore, is a copy of your data that, once saved, cannot be modified, overwritten, encrypted, deleted, or altered in any way even by the applications, users, administrators or the systems that generated the data.

Immutability helps defend against many typical causes of data corruption or deletion, from malicious viruses and ransomware to administrative errors to intentional sabotage and software bugs. 

Traditional mutable backups can be subject to encryption or other tampering after the fact and can present a serious vulnerability in any enterprise’s IT ecosystem. 

While every organization can benefit from immutable backups, they’re especially critical in enterprises that must comply with strict data protection mandates, such as healthcare or financial organizations. Law enforcement agencies also often use immutable backups to protect evidential video and audio data. 


2021 Gartner Magic Quadrant for Distributed File Systems & Object Storage

How Immutable Backups Work

For many immutable backups, data bits are copied to the cloud as soon as they are created by a user. When the data is in the cloud, users can flag the system to lock the data down for a set amount of time, or indefinitely. Once locked down, the data can be read many times, but not written again, even by system administrators. 

The cloud is the most common medium for immutable backups because it’s typically “air-gapped” from an enterprise’s main storage medium, such as an on-site data center. Cloud is also preferred because it can be accessed from virtually anywhere, making recovery quick and painless—unlike recovery with physical tape media, for instance, that could take days to be retrieved from an archive across the country. 

A system for immutable backups will keep a predefined number of setpoints, essentially an archive of immutable backups, so an organization always has the most recent clean copy of its data in case of attack or other unplanned event. 

Protect Backups from Ransomware and Other Attacks

Traditional data backups simply can’t protect against ransomware or other intentional or unintentional data modification or loss. While conventional protection measures such as file permissions or access control lists are an essential part of any data security strategy, they can be sidestepped by bad actors. 

Immutable backups help keep enterprises immune to ransomware and many other types of attack. While attackers may try to hold an organization’s data hostage, the effect is nullified when the organization can simply recover its data via an immutable backup without having to pay the ransom.  

Other benefits of immutable backup

Besides protecting data from ransomware and other malicious attacks, immutable backups offer additional benefits, including: 

  • Assured data integrity – knowing your data will remain accurate and intact can provide peace of mind for an organization.
  • Simplified compliance – keeping an immutable copy of critical data, especially information that is highly protected by governmental regulations, helps organizations maintain compliance more easily. 
  • Elimination of accidental data changes – immutable backups cannot be changed or altered in any way, not even by system administrators, so there’s no concern that someone will accidentally change or delete critical information. 
Tech Brief

The Ransomware Threat

What to Look for in an Immutable Backup Provider

Immutable backups solutions vary when it comes to features and capabilities—they’re not all created equal. When selecting a vendor for immutable backup, here are some considerations to keep in mind: 

  • Built in, not bolted on – immutability should be built-in to the solution architecture, not added on as an afterthought.
  • Hyperscale architecture based in the cloud – make sure your backup data is placed into clusters that no outside person or application can access. 
  • Read-only backup snapshots – store snapshots as read-only, and ensure that incremental backups are written to read-only clones. 
  • WORM support - policy driven Write-Once-Read-Many (WORM) support where users can create immutable data sets and put a retention date at the granular level to protect the data from any modification or deletion until the retention period passes.

When integrated with end-to-end data encryption and strong role-based access control, immutable backup can help you solidify data security and integrity, and protect against attacks. 

How to Implement Immutable Backup

The best way to implement an immutable backup solution is to begin by asking questions to understand your organization’s specific business and technical requirements. It can take a lot of discussion and thought to figure out your data protection needs, then implement and test a solution. 

The following are considered best practices for implementing your immutable backup solution: 

  • Maintain data integrity by storing it on a platform that keeps everyone from making changes or deleting data. Many organizations choose object storage solutions for this. 
  • Embrace a “zero trust” approach that makes verification of identities mandatory—strengthened by multi-factor authentication, perhaps—for everyone who wants to access the backups. 
  • Increase resiliency by making immutable backups just one part of a holistic defense that includes other advanced data protection tools and training for personnel in regard to data security. 
  • Detect ransomware early with behavioral anomaly detection capabilities. 
  • Set up automatic alerts and mitigation responses in your backup system to help prevent system “infections” from spreading, especially in off hours when employees aren’t on-site.
  • In case an attack is detected, setup configurable remediation policies that allow for automated response in the form of blocking of the offending client session or IP address. 
  • Make recovery simpler by keeping WORM (write once read many) immutable backups. Avoid reinfecting data by scanning your backup for signs of tampering or malware before you restore it to your system. 
  • Automatically generate an impact analysis report that will not only help with the recovery efforts but also help in preparing for any future potential attack.

Coach Clinic: Easy Ways to Secure Your Environment and Beat the Ransomware Threat

How Nutanix Can Help

Nutanix has a wide range of advanced tools designed to help you prevent, detect, and recover from ransomware and other attacks. Nutanix Unified Storage offers a single data storage platform, Nutanix Objects with its immutable storage buckets, Nutanix Data Lens delivering integrated security and ransomware protection capabilities for unstructured data residing on Nutanix Files. With the multicloud security of Nutanix Flow, disaster recovery features of Nutanix Mine for Backup, or any of our other security-smart solutions, we can help you protect the data your business runs on.