-
- Enthusiast
- Posts: 78
- Liked: 4 times
- Joined: Jun 14, 2012 7:13 pm
- Full Name: Ken Applebaum
- Location: Rochester, NY
- Contact:
Has anyone ever used Myota to secure Veeam backups?
Hi,
We have been contacted by a company called Myota. This company provides a method to process backups to S3 Compatible block storage that are broken up into blocks across backup targets, and those blocks are encrypted. They call this Myota’s BucketZero Object Storage, and is used as ransomware protection. I won't go through what they promise in their marketing materials. However, they do market themselves as being a Veeam certified solution.
Any internet search of Veeam + Myota brings up a bunch of hits from Myota, and other resellers. However, I have yet to find any information about Myota from Veeam or the Veeam forums.
Has anyone used this company? If so, what are your impressions of Myota, and their solution?
I am inherently distrustful of 3rd party applications I have never heard about, and even more so when the company that they indicate they work with (Veeam), does not appear to mention them anywhere on their official platforms.
Any information about your experience with, and knowledge of Myota will be appreciated.
Thanks,
Ken
We have been contacted by a company called Myota. This company provides a method to process backups to S3 Compatible block storage that are broken up into blocks across backup targets, and those blocks are encrypted. They call this Myota’s BucketZero Object Storage, and is used as ransomware protection. I won't go through what they promise in their marketing materials. However, they do market themselves as being a Veeam certified solution.
Any internet search of Veeam + Myota brings up a bunch of hits from Myota, and other resellers. However, I have yet to find any information about Myota from Veeam or the Veeam forums.
Has anyone used this company? If so, what are your impressions of Myota, and their solution?
I am inherently distrustful of 3rd party applications I have never heard about, and even more so when the company that they indicate they work with (Veeam), does not appear to mention them anywhere on their official platforms.
Any information about your experience with, and knowledge of Myota will be appreciated.
Thanks,
Ken
-
- Veeam Software
- Posts: 304
- Liked: 146 times
- Joined: Jul 24, 2018 8:38 pm
- Full Name: Stephen Firmes
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
@kapple Veeam doesn't have a certification program. We do have our Validation program which is called Veeam Ready and Myota is not listed as a validated product with our software at this time.
Also we have our Unofficial Object Storage Compatibility list for Veeam Backup & Replication and they aren't listed there either.
While their product might work with Veeam, it hasn't been validated via the Veeam Ready Program.
Hope this helps.
Also we have our Unofficial Object Storage Compatibility list for Veeam Backup & Replication and they aren't listed there either.
While their product might work with Veeam, it hasn't been validated via the Veeam Ready Program.
Hope this helps.
Steve Firmes | Senior Solutions Architect, Product Management - Alliances @ Veeam Software
-
- Enthusiast
- Posts: 78
- Liked: 4 times
- Joined: Jun 14, 2012 7:13 pm
- Full Name: Ken Applebaum
- Location: Rochester, NY
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
Thank you Steve, this is good information to have.
-
- Chief Product Officer
- Posts: 31840
- Liked: 7331 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
Did you understand how it provides a better protection of your data against ransomware vs. simply enabling backup encryption in Veeam from technical perspective? Can you share?
I do see added opportunity for data loss due to backups being spread across different backup targets, as the overall reliability is reduced proportionally to the number of backup targets (you need ALL of them to be able to restore, losing even one means losing everything). And also opportunities for data corruption due to much additional data processing (chunking data across backup targets and encrypting data outside Veeam).
But I don't really see any benefits... what am I missing?
I do see added opportunity for data loss due to backups being spread across different backup targets, as the overall reliability is reduced proportionally to the number of backup targets (you need ALL of them to be able to restore, losing even one means losing everything). And also opportunities for data corruption due to much additional data processing (chunking data across backup targets and encrypting data outside Veeam).
But I don't really see any benefits... what am I missing?
-
- Enthusiast
- Posts: 78
- Liked: 4 times
- Joined: Jun 14, 2012 7:13 pm
- Full Name: Ken Applebaum
- Location: Rochester, NY
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
Gostev,
The basic premise is that they "Shred and Spread" the backup data, and encrypt each chunk of data using a randomly generated encryption key. The encrypted chunks are then encoded into multiple immutable data 'shards.' These shards are encrypted versions of the file that are then stored across multiple storage nodes with double parity.
I am just familiarizing myself with what their service offers, but for now, this is my basic understanding of what their software does.
The basic premise is that they "Shred and Spread" the backup data, and encrypt each chunk of data using a randomly generated encryption key. The encrypted chunks are then encoded into multiple immutable data 'shards.' These shards are encrypted versions of the file that are then stored across multiple storage nodes with double parity.
I am just familiarizing myself with what their service offers, but for now, this is my basic understanding of what their software does.
-
- Chief Product Officer
- Posts: 31840
- Liked: 7331 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
Got it, thanks. Your explanation sounded way too familiar and I realized I heard recently about a virtually identical company called Calamu. Sharing just in case you want to check out someone more known.
Personally I see zero added value from such offerings comparing to just enabling regular backup encryption in Veeam and using an immutable storage. These offerings seem to be built for storing unencrypted production data like documents, there their value prop does make sense. While for backups which can be encrypted natively, in my opinion they add nothing but a bunch of unnecessary recovery risks.
Personally I see zero added value from such offerings comparing to just enabling regular backup encryption in Veeam and using an immutable storage. These offerings seem to be built for storing unencrypted production data like documents, there their value prop does make sense. While for backups which can be encrypted natively, in my opinion they add nothing but a bunch of unnecessary recovery risks.
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Jan 23, 2024 9:55 pm
- Full Name: Gabe Gumbs
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
Hello,
I am Gabriel Gumbs from Myota and I think I can help clarify some of this. We have not done a good job communicating our Veaam relationship so allow me to address our Veeam certified status. We are working our way through Veeam’s readiness process. Veeam introduced support for object storage in January 2018 with the release of v9.5 update 4, and since then Myota has been used as either object storage or file storage to secure our joint customers’ data - including their Veeam backups. Myota is used as a SOBR with Veeam (a backup repository), and with the introduction of Veeam 12 you can also go direct to Myota as an object storage target.
Since I’m already clarifying, let me spell out some other things we should do a better job communicating to the broader audience:
• Backup encryption keeps information confidential (so long as the keys are safe), but it does not prevent data from being re-encrypted which threatens the availability of that data. Confidentiality is crucial. But threats like ransomware don’t (only) attack that. Ransomware attacks availability. Myota’s Shred & Spread™ encryption method is not susceptible to availability attacks as the data is encrypted in shards, geographically dispersed, and uses a unidirectional gateway to air-gap the encrypted pieces. A confidential backup is no good if you lose access to it. That’s the added protection of Myota plus the existing encryption.
The suggestion was made to use regular encryption with an immutable storage. Myota is an immutable storage which ensures data remains unchanged once written. Myota also allows operations on that encrypted data without decrypting it – backup restoration can be performed without decryption. Things such as object lock and other governance controls meant to preserve the integrity of the data are great when used in combination with Myota’s homomorphic immutability, but by themselves, object locking is easily bypassed with Privilege Escalation attacks (https://attack.mitre.org/tactics/TA0111/) – a problem worsened when an organization uses a singular cloud root account. Again, that is all additional protection on top of what Veaam already provides.
• The same fault tolerance process used to ensure the availability of data (even in the loss of a backup target) is tasked with performing erasure coding and continuous integrity checks. This guarantees recovery in the event of a loss backup target. This is a design feature of Myota’s Spread and Shred™ which does not rely on needing all of the data from each backup target to restore. This fault tolerance is configurable by the customer to account for different risk tolerances – additional targets can be auto-provisioned to self-heal.
It's important to note that Myota's approach does not require modifications of metadata and file operations, except for collecting data from storage nodes. This makes it a flexible and scalable solution for implementing various backup and data protection strategies - this means less infrastructure (and the cost that goes with it) is needed.
One of the most significant advantages of Myota is its impact on real-time recovery. Traditional methods, with their rigid structures, can delay recovery processes. In contrast, innovations such as our homomorphic immutability, with its dynamic and selective defense mechanisms, ensures that essential operations continue unhindered, even during a ransomware attack. This means faster recovery times and minimal operational disruption.
At some point we’re going to get all this into some killer marketing material! For now, we’ve just been too focused on building cool tech, serving out common customers with Veaam, and protecting the world’s data.
GG-
I am Gabriel Gumbs from Myota and I think I can help clarify some of this. We have not done a good job communicating our Veaam relationship so allow me to address our Veeam certified status. We are working our way through Veeam’s readiness process. Veeam introduced support for object storage in January 2018 with the release of v9.5 update 4, and since then Myota has been used as either object storage or file storage to secure our joint customers’ data - including their Veeam backups. Myota is used as a SOBR with Veeam (a backup repository), and with the introduction of Veeam 12 you can also go direct to Myota as an object storage target.
Since I’m already clarifying, let me spell out some other things we should do a better job communicating to the broader audience:
• Backup encryption keeps information confidential (so long as the keys are safe), but it does not prevent data from being re-encrypted which threatens the availability of that data. Confidentiality is crucial. But threats like ransomware don’t (only) attack that. Ransomware attacks availability. Myota’s Shred & Spread™ encryption method is not susceptible to availability attacks as the data is encrypted in shards, geographically dispersed, and uses a unidirectional gateway to air-gap the encrypted pieces. A confidential backup is no good if you lose access to it. That’s the added protection of Myota plus the existing encryption.
The suggestion was made to use regular encryption with an immutable storage. Myota is an immutable storage which ensures data remains unchanged once written. Myota also allows operations on that encrypted data without decrypting it – backup restoration can be performed without decryption. Things such as object lock and other governance controls meant to preserve the integrity of the data are great when used in combination with Myota’s homomorphic immutability, but by themselves, object locking is easily bypassed with Privilege Escalation attacks (https://attack.mitre.org/tactics/TA0111/) – a problem worsened when an organization uses a singular cloud root account. Again, that is all additional protection on top of what Veaam already provides.
• The same fault tolerance process used to ensure the availability of data (even in the loss of a backup target) is tasked with performing erasure coding and continuous integrity checks. This guarantees recovery in the event of a loss backup target. This is a design feature of Myota’s Spread and Shred™ which does not rely on needing all of the data from each backup target to restore. This fault tolerance is configurable by the customer to account for different risk tolerances – additional targets can be auto-provisioned to self-heal.
It's important to note that Myota's approach does not require modifications of metadata and file operations, except for collecting data from storage nodes. This makes it a flexible and scalable solution for implementing various backup and data protection strategies - this means less infrastructure (and the cost that goes with it) is needed.
One of the most significant advantages of Myota is its impact on real-time recovery. Traditional methods, with their rigid structures, can delay recovery processes. In contrast, innovations such as our homomorphic immutability, with its dynamic and selective defense mechanisms, ensures that essential operations continue unhindered, even during a ransomware attack. This means faster recovery times and minimal operational disruption.
At some point we’re going to get all this into some killer marketing material! For now, we’ve just been too focused on building cool tech, serving out common customers with Veaam, and protecting the world’s data.
GG-
-
- Veeam Vanguard
- Posts: 701
- Liked: 138 times
- Joined: Jan 24, 2014 4:10 pm
- Full Name: Geoff Burke
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
I think the "privilege escalation" danger is a valid point. If someone gets access to your storage with root access then the immutability can be removed. I think this is why Veeam is now advising to abide by the Zero Trust framework. Immutability combined with Zero Trust. Here is a whitepaper that describes this in more details: https://www.veeam.com/whitepapers/zero- ... ief_wp.pdf
Geoff Burke
VMCA2022, VMCE2023, CKA, CKAD
Veeam Vanguard, Veeam Legend
VMCA2022, VMCE2023, CKA, CKAD
Veeam Vanguard, Veeam Legend
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Jan 23, 2024 9:55 pm
- Full Name: Gabe Gumbs
- Contact:
Re: Has anyone ever used Myota to secure Veeam backups?
Hey everyone,
Since our compatibility status is now officially listed, I wanted to revive this thread and and clarify how Myota and Veeam work together.
First up - yes, Myota works with Veeam right out of the box. It's Veeam Object Ready certified [ https://www.veeam.com/sys1072 ], so no weird compatibility issues to worry about. You can just point Veeam at Myota as your object storage repo and you're good to go.
The main thing I’d like to stress here is how Myota handles immutability. We all know Veeam's object locks work fine, but storage can get crazy expensive when you factor in all the pieces, lifecycle management (api calls), region transfers, and every other touchpoint to the data. I've seen what started as $6/TB balloon to over $20/TB once you implement a proper 3-2-1 strategy. Myota takes a totally different approach and actually cuts your storage costs in half.
Instead of relying on traditional object locks, Myota has a new way to deliver on the immutability promise. Why? There’s just too much evidence now that object locks can be beaten with privilege escalation. Ryan Kane and Rushank Shetty’s 2024 BlackHat session, "Are Your Backups Still Immutable, Even Though You Can't Access Them?" [ https://i.blackhat.com/BH-US-24/Present ... ursday.pdf ]demonstrates this very well. During the session Ryan and Rushankby, underscored how attackers now target the infrastructure around backups, despite immutability features offered by orchestration vendors and cloud providers like the many implementations of WORM. In addition to these vulnerabilities there was noted administrative vulnerabilities in solutions like Dell EMC and IBM DS8000. These are byproducts of centralizing security controls, allowing attackers to simply make data unavailable even if “unchanged.”
Myota addresses these issues by sharding your data and spreading it across different nodes. Think of it like RAID, but way more sophisticated. Each piece is encrypted using zero-knowledge encryption, so even if someone somehow got their hands on a fragment, it's useless to them. I've seen some people comparing this to other distributed solutions, but there's a crucial difference. All of those depends on a central metadata repository to keep track of all the pieces. Anyone who's worked in infrastructure knows that's just asking for trouble - one compromise of that central system and you're toast. Myota doesn't have this issue since everything is decentralized.
The self-healing feature is pretty slick too since it does not just heal data, it also heals failed infrastructure. If a piece of data gets corrupted (and let's face it, it happens), or a component goes offline, Myota fixes it automatically using the distributed copies.
The coupling of Myota + Veeam is worth considering:
- Saves 50% on storage cost since you don't need separate object locks and lifecycle management
- Way more resilient against privilege, confidentiality, integrity and availability attacks,
- No single point of failure (learned that lesson the hard way over the last 25 years)
- Works wherever you need it - cloud, on-prem, hybrid, whatever
Happy to answer any other questions
Cheers,
Gabe
Since our compatibility status is now officially listed, I wanted to revive this thread and and clarify how Myota and Veeam work together.
First up - yes, Myota works with Veeam right out of the box. It's Veeam Object Ready certified [ https://www.veeam.com/sys1072 ], so no weird compatibility issues to worry about. You can just point Veeam at Myota as your object storage repo and you're good to go.
The main thing I’d like to stress here is how Myota handles immutability. We all know Veeam's object locks work fine, but storage can get crazy expensive when you factor in all the pieces, lifecycle management (api calls), region transfers, and every other touchpoint to the data. I've seen what started as $6/TB balloon to over $20/TB once you implement a proper 3-2-1 strategy. Myota takes a totally different approach and actually cuts your storage costs in half.
Instead of relying on traditional object locks, Myota has a new way to deliver on the immutability promise. Why? There’s just too much evidence now that object locks can be beaten with privilege escalation. Ryan Kane and Rushank Shetty’s 2024 BlackHat session, "Are Your Backups Still Immutable, Even Though You Can't Access Them?" [ https://i.blackhat.com/BH-US-24/Present ... ursday.pdf ]demonstrates this very well. During the session Ryan and Rushankby, underscored how attackers now target the infrastructure around backups, despite immutability features offered by orchestration vendors and cloud providers like the many implementations of WORM. In addition to these vulnerabilities there was noted administrative vulnerabilities in solutions like Dell EMC and IBM DS8000. These are byproducts of centralizing security controls, allowing attackers to simply make data unavailable even if “unchanged.”
Myota addresses these issues by sharding your data and spreading it across different nodes. Think of it like RAID, but way more sophisticated. Each piece is encrypted using zero-knowledge encryption, so even if someone somehow got their hands on a fragment, it's useless to them. I've seen some people comparing this to other distributed solutions, but there's a crucial difference. All of those depends on a central metadata repository to keep track of all the pieces. Anyone who's worked in infrastructure knows that's just asking for trouble - one compromise of that central system and you're toast. Myota doesn't have this issue since everything is decentralized.
The self-healing feature is pretty slick too since it does not just heal data, it also heals failed infrastructure. If a piece of data gets corrupted (and let's face it, it happens), or a component goes offline, Myota fixes it automatically using the distributed copies.
The coupling of Myota + Veeam is worth considering:
- Saves 50% on storage cost since you don't need separate object locks and lifecycle management
- Way more resilient against privilege, confidentiality, integrity and availability attacks,
- No single point of failure (learned that lesson the hard way over the last 25 years)
- Works wherever you need it - cloud, on-prem, hybrid, whatever
Happy to answer any other questions
Cheers,
Gabe
Who is online
Users browsing this forum: No registered users and 11 guests